fabianhauser/dotfiles
1
0
Fork 0
Code Issues 4 Pull requests 1 Projects Releases Packages Wiki Activity Actions

Add initial vpn configuration

Browse source
This commit is contained in:
Fabian Hauser 2020-11-28 21:52:29 +00:00
parent 80a70002e9
commit 120e6e66b5
2 changed files with 28 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
host/montalin/applications/vpn.nix
View file

@ -9,22 +9,32 @@ in {
networking.wireguard.enable = true; networking.wireguard.enable = true;
networking.wireguard.interfaces = { networking.wireguard.interfaces = {
"wg-${networkName}" = { "wg-${networkName}" = {
ips = [ "${networkConfig.hosts.${hostName}.v4.ip}/${toString networkConfig.v4.bitmask}" ]; ips = [
"${networkConfig.hosts.${hostName}.v4.ip}/${
toString networkConfig.v4.bitmask
}"
];
privateKeyFile = "/secrets/wireguard/private/${networkName}"; privateKeyFile = "/secrets/wireguard/private/${networkName}";
generatePrivateKeyFile = true; generatePrivateKeyFile = true;
peers = let peers = let
reachablePeerHosts = lib.filterAttrs mapHostToPeerConfig = (host: netconf: {
(host: netconf: host != hostName && netconf.endpoint != null)
networkConfig.hosts; # Generate the preshared key with wg genpsk
in lib.mapAttrsToList (host: netconf: { presharedKeyFile =
presharedKeyFile = netconf.presharedKeyFile or null; # Generate with wg genpsk "/secrets/wireguard/preshared/${networkName}-${host}";
publicKey = netconf.publicKey; publicKey = netconf.publicKey;
endpoint = netconf.endpoint; endpoint = netconf.endpoint;
allowedIPs = [ netconf.v4.ip ]; allowedIPs = [ netconf.v4.ip ];
persistantKeepalive = netconf.persistentKeepalive; persistantKeepalive = netconf.persistentKeepalive;
}) reachablePeerHosts; });
reachablePeerHosts = lib.filterAttrs (host: netconf:
host != hostName
&& (netconf.endpoint != null || networkConfig.server == hostName))
networkConfig.hosts;
in lib.mapAttrsToList mapHostToPeerConfig reachablePeerHosts;
}; };
}; };
} }

2
meta/network.nix
View file

@ -60,7 +60,6 @@
v4.ip = "10.249.0.1"; v4.ip = "10.249.0.1";
endpoint = "calanda.plessur.net.qo.is:12913"; endpoint = "calanda.plessur.net.qo.is:12913";
publicKey = "76nV1jgexHJ898hTLbMRz1BjguFp6YCHpoV52GuNDzc="; publicKey = "76nV1jgexHJ898hTLbMRz1BjguFp6YCHpoV52GuNDzc=";
presharedKeyFile = "/secrets/wireguard/preshared/mgmt-montalin";
persistentKeepalive = null; persistentKeepalive = null;
}; };
#calanda.v4.ip = "10.249.0.2"; #calanda.v4.ip = "10.249.0.2";
@ -70,7 +69,6 @@
v4.ip = "10.249.0.5"; v4.ip = "10.249.0.5";
endpoint = null; endpoint = null;
publicKey = "dvv3ad9mWU9opTa8R9yPN4l1xfwdcMH0e/Rrv0GXPS4="; publicKey = "dvv3ad9mWU9opTa8R9yPN4l1xfwdcMH0e/Rrv0GXPS4=";
presharedKeyFile = "/secrets/wireguard/preshared/mgmt-hummelberg";
persistentKeepalive = 25; # Might be behind NAT persistentKeepalive = 25; # Might be behind NAT
}; };
}; };