Extract wireguard configuration tools to library
This commit is contained in:
parent
03907d416d
commit
155c01b9c1
5 changed files with 36 additions and 30 deletions
|
|
@ -4,6 +4,8 @@
|
|||
{
|
||||
imports = [ ../../modules ];
|
||||
|
||||
nixpkgs.overlays = [(import ../../overlays)];
|
||||
|
||||
system.autoUpgrade.enable = true;
|
||||
system.autoUpgrade.allowReboot = false;
|
||||
|
||||
|
|
|
|||
|
|
@ -3,38 +3,9 @@ let
|
|||
meta = import ../../../meta;
|
||||
network = meta.network.virtual;
|
||||
networkName = "mgmt";
|
||||
networkConfig = network.${networkName};
|
||||
hostName = config.networking.hostName;
|
||||
in {
|
||||
networking.wireguard.enable = true;
|
||||
networking.wireguard.interfaces = {
|
||||
"wg-${networkName}" = {
|
||||
ips = [
|
||||
"${networkConfig.hosts.${hostName}.v4.ip}/${
|
||||
toString networkConfig.v4.bitmask
|
||||
}"
|
||||
];
|
||||
privateKeyFile = "/secrets/wireguard/private/${networkName}";
|
||||
generatePrivateKeyFile = true;
|
||||
|
||||
peers = let
|
||||
mapHostToPeerConfig = (host: netconf: {
|
||||
|
||||
# Generate the preshared key with wg genpsk
|
||||
presharedKeyFile =
|
||||
"/secrets/wireguard/preshared/${networkName}-${host}";
|
||||
publicKey = netconf.publicKey;
|
||||
|
||||
endpoint = netconf.endpoint;
|
||||
|
||||
allowedIPs = [ netconf.v4.ip ];
|
||||
persistantKeepalive = netconf.persistentKeepalive;
|
||||
});
|
||||
reachablePeerHosts = lib.filterAttrs (host: netconf:
|
||||
host != hostName
|
||||
&& (netconf.endpoint != null || networkConfig.server == hostName))
|
||||
networkConfig.hosts;
|
||||
in lib.mapAttrsToList mapHostToPeerConfig reachablePeerHosts;
|
||||
};
|
||||
"wg-${networkName}" = pkgs.lib.qois.wireguard.makeInterface config.networking.hostName networkName network.${networkName};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
1
lib/default.nix
Normal file
1
lib/default.nix
Normal file
|
|
@ -0,0 +1 @@
|
|||
{ lib }: rec { wireguard = import ./wireguard.nix { lib = lib; }; }
|
||||
29
lib/wireguard.nix
Normal file
29
lib/wireguard.nix
Normal file
|
|
@ -0,0 +1,29 @@
|
|||
{ lib }: rec {
|
||||
|
||||
mapHostToPeerConfig = (netname: host: hostconf: {
|
||||
|
||||
# Generate the preshared key with wg genpsk
|
||||
presharedKeyFile = "/secrets/wireguard/preshared/${netname}-${host}";
|
||||
publicKey = hostconf.publicKey;
|
||||
|
||||
endpoint = hostconf.endpoint;
|
||||
|
||||
allowedIPs = [ hostconf.v4.ip ];
|
||||
persistantKeepalive = hostconf.persistentKeepalive;
|
||||
});
|
||||
|
||||
makeInterface = (hostName: netname: netconfig: {
|
||||
ips = [
|
||||
"${netconfig.hosts.${hostName}.v4.ip}/${toString netconfig.v4.bitmask}"
|
||||
];
|
||||
privateKeyFile = "/secrets/wireguard/private/${netname}";
|
||||
generatePrivateKeyFile = true;
|
||||
|
||||
peers = let
|
||||
reachablePeerHosts = lib.filterAttrs (host: hostconf:
|
||||
host != hostName
|
||||
&& (hostconf.endpoint != null || netconfig.server == hostName))
|
||||
netconfig.hosts;
|
||||
in lib.mapAttrsToList (mapHostToPeerConfig netname) reachablePeerHosts;
|
||||
});
|
||||
}
|
||||
3
overlays/default.nix
Normal file
3
overlays/default.nix
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
self: super: {
|
||||
lib = (super.lib or { }) // { qois = import ../lib { lib = self.lib; }; };
|
||||
}
|
||||
Loading…
Add table
Reference in a new issue