Fix wireguard configuration
This commit is contained in:
parent
3f716bc2c1
commit
b498876011
5 changed files with 33 additions and 30 deletions
|
|
@ -3,7 +3,6 @@
|
|||
imports = [
|
||||
./cloud.nix
|
||||
./feedreader.nix
|
||||
./vpn.nix
|
||||
#./dns.nix #TODO
|
||||
#./wallabag.nix #TODO
|
||||
#./id.nix #TODO
|
||||
|
|
|
|||
|
|
@ -1,13 +0,0 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
meta = import ../../../meta;
|
||||
network = meta.network.virtual;
|
||||
networkName = "mgmt";
|
||||
in {
|
||||
networking.wireguard.enable = true;
|
||||
networking.wireguard.interfaces = {
|
||||
"wg-${networkName}" =
|
||||
pkgs.lib.qois.wireguard.makeInterface config.networking.hostName
|
||||
networkName network.${networkName};
|
||||
};
|
||||
}
|
||||
|
|
@ -24,6 +24,8 @@ in {
|
|||
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
networking.firewall.allowedUDPPorts =
|
||||
[ meta.network.virtual.mgmt.server.port ];
|
||||
|
||||
services.qois.luks-ssh = {
|
||||
enable = true;
|
||||
|
|
@ -33,4 +35,14 @@ in {
|
|||
gateway = plessur-net.dmz.v4.gateway;
|
||||
sshPort = 2222;
|
||||
};
|
||||
|
||||
networking.wireguard.enable = true;
|
||||
networking.wireguard.interfaces = let
|
||||
network = meta.network.virtual;
|
||||
networkName = "mgmt";
|
||||
in {
|
||||
"wg-${networkName}" =
|
||||
pkgs.lib.qois.wireguard.makeInterface config.networking.hostName
|
||||
networkName network.${networkName};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -12,17 +12,19 @@
|
|||
persistentKeepalive = hostconf.persistentKeepalive;
|
||||
});
|
||||
|
||||
makeInterface = (hostName: netname: netconfig: {
|
||||
makeInterface = (hostName: netname: netconfig:
|
||||
let isHub = netconfig.server.hostname == hostName;
|
||||
in {
|
||||
ips = [
|
||||
"${netconfig.hosts.${hostName}.v4.ip}/${toString netconfig.v4.bitmask}"
|
||||
];
|
||||
listenPort = if isHub then netconfig.server.port else null;
|
||||
privateKeyFile = "/secrets/wireguard/private/${netname}";
|
||||
generatePrivateKeyFile = true;
|
||||
|
||||
peers = let
|
||||
reachablePeerHosts = lib.filterAttrs (host: hostconf:
|
||||
host != hostName
|
||||
&& (hostconf.endpoint != null || netconfig.server == hostName))
|
||||
host != hostName && (hostconf.endpoint != null || isHub))
|
||||
netconfig.hosts;
|
||||
in lib.mapAttrsToList (mapHostToPeerConfig netname) reachablePeerHosts;
|
||||
});
|
||||
|
|
|
|||
|
|
@ -47,18 +47,21 @@
|
|||
};
|
||||
|
||||
virtual = {
|
||||
mgmt = {
|
||||
mgmt = rec {
|
||||
# TODO: Introduce virtual network type
|
||||
v4 = {
|
||||
id = "10.249.0.0";
|
||||
bitmask = 23;
|
||||
};
|
||||
server = { hostname = "montalin"; };
|
||||
server = {
|
||||
hostname = "montalin";
|
||||
port = 51820;
|
||||
};
|
||||
|
||||
hosts = {
|
||||
montalin = {
|
||||
v4.ip = "10.249.0.1";
|
||||
endpoint = "calanda.plessur.net.qo.is:12913";
|
||||
endpoint = "calanda.plessur.net.qo.is:${server.port}";
|
||||
publicKey = "76nV1jgexHJ898hTLbMRz1BjguFp6YCHpoV52GuNDzc=";
|
||||
persistentKeepalive = null;
|
||||
};
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue