dn42: format
This commit is contained in:
parent
83654b5a7b
commit
10f532f8ee
GPG Key ID:
3AF5A43A3EECC2E5
|
|
@ -65,12 +65,13 @@ in
|
||||||
"net.ipv6.conf.default.forwarding" = true;
|
"net.ipv6.conf.default.forwarding" = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
boot.postBootCommands = ''
|
boot.postBootCommands = /* bash */''
|
||||||
if [ ! -c /dev/net/tun ]; then
|
if [ ! -c /dev/net/tun ]; then
|
||||||
mkdir -p /dev/net
|
mkdir -p /dev/net
|
||||||
mknod -m 666 /dev/net/tun c 10 200
|
mknod -m 666 /dev/net/tun c 10 200
|
||||||
fi
|
fi
|
||||||
'';
|
'';
|
||||||
|
|
||||||
services.openvpn =
|
services.openvpn =
|
||||||
let
|
let
|
||||||
openvpnNeighbors = lib.filterAttrs (_: conf: conf ? openvpn) neighbors;
|
openvpnNeighbors = lib.filterAttrs (_: conf: conf ? openvpn) neighbors;
|
||||||
|
|
@ -97,38 +98,34 @@ in
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
servers =
|
servers = builtins.mapAttrs mkServer openvpnNeighbors;
|
||||||
builtins.mapAttrs mkServer openvpnNeighbors;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.wireguard = {
|
networking.wireguard = {
|
||||||
enable = true;
|
enable = true;
|
||||||
interfaces =
|
interfaces =
|
||||||
let
|
let
|
||||||
wireguardNeighbors =
|
wireguardNeighbors = lib.filterAttrs (_: conf: conf ? wireguard) neighbors;
|
||||||
lib.filterAttrs (_: conf: conf ? wireguard) neighbors;
|
|
||||||
in
|
in
|
||||||
builtins.mapAttrs
|
builtins.mapAttrs (name: conf: {
|
||||||
(name: conf: {
|
inherit (conf.wireguard) listenPort;
|
||||||
inherit (conf.wireguard) listenPort;
|
privateKeyFile = config.sops.secrets."neighbors/${name}/wireguard/privateKey".path;
|
||||||
privateKeyFile = config.sops.secrets."neighbors/${name}/wireguard/privateKey".path;
|
ips = [ "${address4}/32" "${address6}/64" ];
|
||||||
ips = [ "${address4}/32" "${address6}/64" ];
|
allowedIPsAsRoutes = false;
|
||||||
allowedIPsAsRoutes = false;
|
postSetup = ''
|
||||||
postSetup = ''
|
${pkgs.iproute}/bin/ip addr del ${address4}/32 dev ${name}
|
||||||
${pkgs.iproute}/bin/ip addr del ${address4}/32 dev ${name}
|
${pkgs.iproute}/bin/ip addr add ${address4} dev ${name}${if conf ? address4 then " peer ${conf.address4}/32" else ""}
|
||||||
${pkgs.iproute}/bin/ip addr add ${address4} dev ${name}${if conf ? address4 then " peer ${conf.address4}/32" else ""}
|
'';
|
||||||
'';
|
peers = [
|
||||||
peers = [
|
({
|
||||||
({
|
inherit (conf.wireguard) publicKey;
|
||||||
inherit (conf.wireguard) publicKey;
|
allowedIPs = [ "0.0.0.0/0" "::0/0" ];
|
||||||
allowedIPs = [ "0.0.0.0/0" "::0/0" ];
|
persistentKeepalive = 30;
|
||||||
persistentKeepalive = 30;
|
} // (lib.optionalAttrs (conf.wireguard ? endpoint) {
|
||||||
} // (lib.optionalAttrs (conf.wireguard ? endpoint) {
|
inherit (conf.wireguard) endpoint;
|
||||||
inherit (conf.wireguard) endpoint;
|
}))
|
||||||
}))
|
];
|
||||||
];
|
}) wireguardNeighbors;
|
||||||
})
|
|
||||||
wireguardNeighbors;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
services.bird2 = {
|
services.bird2 = {
|
||||||
|
|
@ -157,8 +154,7 @@ in
|
||||||
"";
|
"";
|
||||||
interface = conf.interface or name;
|
interface = conf.interface or name;
|
||||||
in
|
in
|
||||||
"${neighbor4}${neighbor6}")
|
"${neighbor4}${neighbor6}") neighbors));
|
||||||
neighbors));
|
|
||||||
in
|
in
|
||||||
''
|
''
|
||||||
protocol kernel {
|
protocol kernel {
|
||||||
|
|
@ -230,9 +226,5 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
# This value determines the NixOS release with which your system is to be
|
system.stateVersion = "19.09";
|
||||||
# compatible, in order to avoid breaking some software such as database
|
|
||||||
# servers. You should change this only after NixOS release notes say you
|
|
||||||
# should.
|
|
||||||
system.stateVersion = "19.09"; # Did you read the comment?
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user