dn42: format
This commit is contained in:
parent
83654b5a7b
commit
10f532f8ee
|
@ -65,12 +65,13 @@ in
|
|||
"net.ipv6.conf.default.forwarding" = true;
|
||||
};
|
||||
|
||||
boot.postBootCommands = ''
|
||||
boot.postBootCommands = /* bash */''
|
||||
if [ ! -c /dev/net/tun ]; then
|
||||
mkdir -p /dev/net
|
||||
mknod -m 666 /dev/net/tun c 10 200
|
||||
fi
|
||||
'';
|
||||
|
||||
services.openvpn =
|
||||
let
|
||||
openvpnNeighbors = lib.filterAttrs (_: conf: conf ? openvpn) neighbors;
|
||||
|
@ -97,38 +98,34 @@ in
|
|||
};
|
||||
in
|
||||
{
|
||||
servers =
|
||||
builtins.mapAttrs mkServer openvpnNeighbors;
|
||||
servers = builtins.mapAttrs mkServer openvpnNeighbors;
|
||||
};
|
||||
|
||||
networking.wireguard = {
|
||||
enable = true;
|
||||
interfaces =
|
||||
let
|
||||
wireguardNeighbors =
|
||||
lib.filterAttrs (_: conf: conf ? wireguard) neighbors;
|
||||
wireguardNeighbors = lib.filterAttrs (_: conf: conf ? wireguard) neighbors;
|
||||
in
|
||||
builtins.mapAttrs
|
||||
(name: conf: {
|
||||
inherit (conf.wireguard) listenPort;
|
||||
privateKeyFile = config.sops.secrets."neighbors/${name}/wireguard/privateKey".path;
|
||||
ips = [ "${address4}/32" "${address6}/64" ];
|
||||
allowedIPsAsRoutes = false;
|
||||
postSetup = ''
|
||||
${pkgs.iproute}/bin/ip addr del ${address4}/32 dev ${name}
|
||||
${pkgs.iproute}/bin/ip addr add ${address4} dev ${name}${if conf ? address4 then " peer ${conf.address4}/32" else ""}
|
||||
'';
|
||||
peers = [
|
||||
({
|
||||
inherit (conf.wireguard) publicKey;
|
||||
allowedIPs = [ "0.0.0.0/0" "::0/0" ];
|
||||
persistentKeepalive = 30;
|
||||
} // (lib.optionalAttrs (conf.wireguard ? endpoint) {
|
||||
inherit (conf.wireguard) endpoint;
|
||||
}))
|
||||
];
|
||||
})
|
||||
wireguardNeighbors;
|
||||
builtins.mapAttrs (name: conf: {
|
||||
inherit (conf.wireguard) listenPort;
|
||||
privateKeyFile = config.sops.secrets."neighbors/${name}/wireguard/privateKey".path;
|
||||
ips = [ "${address4}/32" "${address6}/64" ];
|
||||
allowedIPsAsRoutes = false;
|
||||
postSetup = ''
|
||||
${pkgs.iproute}/bin/ip addr del ${address4}/32 dev ${name}
|
||||
${pkgs.iproute}/bin/ip addr add ${address4} dev ${name}${if conf ? address4 then " peer ${conf.address4}/32" else ""}
|
||||
'';
|
||||
peers = [
|
||||
({
|
||||
inherit (conf.wireguard) publicKey;
|
||||
allowedIPs = [ "0.0.0.0/0" "::0/0" ];
|
||||
persistentKeepalive = 30;
|
||||
} // (lib.optionalAttrs (conf.wireguard ? endpoint) {
|
||||
inherit (conf.wireguard) endpoint;
|
||||
}))
|
||||
];
|
||||
}) wireguardNeighbors;
|
||||
};
|
||||
|
||||
services.bird2 = {
|
||||
|
@ -157,8 +154,7 @@ in
|
|||
"";
|
||||
interface = conf.interface or name;
|
||||
in
|
||||
"${neighbor4}${neighbor6}")
|
||||
neighbors));
|
||||
"${neighbor4}${neighbor6}") neighbors));
|
||||
in
|
||||
''
|
||||
protocol kernel {
|
||||
|
@ -230,9 +226,5 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
# This value determines the NixOS release with which your system is to be
|
||||
# compatible, in order to avoid breaking some software such as database
|
||||
# servers. You should change this only after NixOS release notes say you
|
||||
# should.
|
||||
system.stateVersion = "19.09"; # Did you read the comment?
|
||||
system.stateVersion = "19.09";
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue