fabianhauser/dotfiles
1
0
Fork 0
Code Issues 4 Pull requests 1 Projects Releases Packages Wiki Activity Actions

Fix wireguard configuration

Browse source
This commit is contained in:
Fabian Hauser 2020-12-01 15:11:29 +00:00
parent 3f716bc2c1
commit b498876011
5 changed files with 33 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
host/montalin/applications/default.nix
View file

@ -3,7 +3,6 @@
imports = [ imports = [
./cloud.nix ./cloud.nix
./feedreader.nix ./feedreader.nix
./vpn.nix
#./dns.nix #TODO #./dns.nix #TODO
#./wallabag.nix #TODO #./wallabag.nix #TODO
#./id.nix #TODO #./id.nix #TODO

13
host/montalin/applications/vpn.nix
View file

@ -1,13 +0,0 @@
{ config, pkgs, lib, ... }:
let
meta = import ../../../meta;
network = meta.network.virtual;
networkName = "mgmt";
in {
networking.wireguard.enable = true;
networking.wireguard.interfaces = {
"wg-${networkName}" =
pkgs.lib.qois.wireguard.makeInterface config.networking.hostName
networkName network.${networkName};
};
}

12
host/montalin/networking.nix
View file

@ -24,6 +24,8 @@ in {
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedUDPPorts =
[ meta.network.virtual.mgmt.server.port ];
services.qois.luks-ssh = { services.qois.luks-ssh = {
enable = true; enable = true;
@ -33,4 +35,14 @@ in {
gateway = plessur-net.dmz.v4.gateway; gateway = plessur-net.dmz.v4.gateway;
sshPort = 2222; sshPort = 2222;
}; };
networking.wireguard.enable = true;
networking.wireguard.interfaces = let
network = meta.network.virtual;
networkName = "mgmt";
in {
"wg-${networkName}" =
pkgs.lib.qois.wireguard.makeInterface config.networking.hostName
networkName network.${networkName};
};
} }

28
lib/wireguard.nix
View file

@ -12,18 +12,20 @@
persistentKeepalive = hostconf.persistentKeepalive; persistentKeepalive = hostconf.persistentKeepalive;
}); });
makeInterface = (hostName: netname: netconfig: { makeInterface = (hostName: netname: netconfig:
ips = [ let isHub = netconfig.server.hostname == hostName;
"${netconfig.hosts.${hostName}.v4.ip}/${toString netconfig.v4.bitmask}" in {
]; ips = [
privateKeyFile = "/secrets/wireguard/private/${netname}"; "${netconfig.hosts.${hostName}.v4.ip}/${toString netconfig.v4.bitmask}"
generatePrivateKeyFile = true; ];
listenPort = if isHub then netconfig.server.port else null;
privateKeyFile = "/secrets/wireguard/private/${netname}";
generatePrivateKeyFile = true;
peers = let peers = let
reachablePeerHosts = lib.filterAttrs (host: hostconf: reachablePeerHosts = lib.filterAttrs (host: hostconf:
host != hostName host != hostName && (hostconf.endpoint != null || isHub))
&& (hostconf.endpoint != null || netconfig.server == hostName)) netconfig.hosts;
netconfig.hosts; in lib.mapAttrsToList (mapHostToPeerConfig netname) reachablePeerHosts;
in lib.mapAttrsToList (mapHostToPeerConfig netname) reachablePeerHosts; });
});
} }

9
meta/network.nix
View file

@ -47,18 +47,21 @@
}; };
virtual = { virtual = {
mgmt = { mgmt = rec {
# TODO: Introduce virtual network type # TODO: Introduce virtual network type
v4 = { v4 = {
id = "10.249.0.0"; id = "10.249.0.0";
bitmask = 23; bitmask = 23;
}; };
server = { hostname = "montalin"; }; server = {
hostname = "montalin";
port = 51820;
};
hosts = { hosts = {
montalin = { montalin = {
v4.ip = "10.249.0.1"; v4.ip = "10.249.0.1";
endpoint = "calanda.plessur.net.qo.is:12913"; endpoint = "calanda.plessur.net.qo.is:${server.port}";
publicKey = "76nV1jgexHJ898hTLbMRz1BjguFp6YCHpoV52GuNDzc="; publicKey = "76nV1jgexHJ898hTLbMRz1BjguFp6YCHpoV52GuNDzc=";
persistentKeepalive = null; persistentKeepalive = null;
}; };