foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-02-07 18:19:09 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

hosts: update Wireguard network setup

Browse Source
This commit is contained in:
Gabriel Arazas 2023-01-19 20:16:01 +08:00
parent 5fab811812
commit 33206698c0
4 changed files with 16 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
hosts/ni/default.nix
View File

@ -2,7 +2,8 @@
let let
network = import ../plover/modules/hardware/networks.nix; network = import ../plover/modules/hardware/networks.nix;
inherit (network) publicIP wireguardIPv6BaseAddress wireguardPort; inherit (builtins) toString;
inherit (network) publicIP wireguardIPv6 wireguardIPv6LengthPrefix wireguardPort;
wireguardAllowedIPs = [ "0:0:0:0/0" "::/0" ]; wireguardAllowedIPs = [ "0:0:0:0/0" "::/0" ];
wireguardIFName = "wireguard0"; wireguardIFName = "wireguard0";
@ -257,7 +258,7 @@ in
matchConfig.Name = wireguardIFName; matchConfig.Name = wireguardIFName;
address = [ address = [
"172.45.1.2/24" "172.45.1.2/24"
"${wireguardIPv6BaseAddress}/48" "${wireguardIPv6}/${toString wireguardIPv6LengthPrefix}"
]; ];
# Otherwise, it will autostart every bootup when I need it only at few # Otherwise, it will autostart every bootup when I need it only at few

3
hosts/plover/modules/hardware/hetzner-cloud-cx21.nix
View File

@ -5,6 +5,7 @@
# from nixos-generators. # from nixos-generators.
let let
network = import ./networks.nix; network = import ./networks.nix;
inherit (builtins) toString;
inherit (network) publicIP' publicIPv6 publicIPv6PrefixLength privateNetworkGatewayIP; inherit (network) publicIP' publicIPv6 publicIPv6PrefixLength privateNetworkGatewayIP;
# This is just referring to the same interface just with alternative names. # This is just referring to the same interface just with alternative names.
@ -65,7 +66,7 @@ in
# The public IPv6 is assigned to a server so we'll to have to go with # The public IPv6 is assigned to a server so we'll to have to go with
# something else. # something else.
"${publicIPv6}1/${publicIPv6PrefixLength}" "${publicIPv6}1/${toString publicIPv6PrefixLength}"
]; ];
networkConfig = { networkConfig = {

3
hosts/plover/modules/hardware/networks.nix
View File

@ -13,6 +13,7 @@ rec {
privateIPNetworkRange = "172.16.0.0/32"; privateIPNetworkRange = "172.16.0.0/32";
privateNetworkGatewayIP = "172.16.0.1/32"; privateNetworkGatewayIP = "172.16.0.1/32";
wireguardIPv6BaseAddress = "fdee:b0de:54e6::"; wireguardIPv6 = "fdee:b0de:54e6:ae74::";
wireguardIPv6LengthPrefix = 64;
wireguardPort = 51820; wireguardPort = 51820;
} }

21
hosts/plover/modules/services/wireguard.nix
View File

@ -5,17 +5,11 @@
let let
acmeName = "wireguard.${config.networking.domain}"; acmeName = "wireguard.${config.networking.domain}";
networks = import ../hardware/networks.nix; networks = import ../hardware/networks.nix;
inherit (networks) privateNetworkGatewayIP wireguardIPv6BaseAddress wireguardPort; inherit (builtins) toString;
inherit (networks) wireguardIPv6 wireguardIPv6LengthPrefix wireguardPort;
wireguardIFName = "wireguard0"; wireguardIFName = "wireguard0";
wireguardAddresses = [ wireguardAllowedIPs = [ "172.45.1.2/24" "${wireguardIPv6}/${toString wireguardIPv6LengthPrefix}" ];
# Private IP address.
"172.45.1.1/32"
# Private IPv6 address. Just arbitrarily chosen.
"${wireguardIPv6BaseAddress}/48"
];
wireguardAllowedIPs = [ "172.45.1.2/24" "${wireguardIPv6BaseAddress}/48" ];
in in
{ {
environment.systemPackages = [ pkgs.wireguard-tools ]; environment.systemPackages = [ pkgs.wireguard-tools ];
@ -57,10 +51,13 @@ in
networks."99-${wireguardIFName}" = { networks."99-${wireguardIFName}" = {
matchConfig.Name = wireguardIFName; matchConfig.Name = wireguardIFName;
address = [
# Private IP address.
"172.45.1.1/32"
address = wireguardAddresses; # Private IPv6 address. Just arbitrarily chosen.
"${wireguardIPv6}1/${toString wireguardIPv6LengthPrefix}"
gateway = [ privateNetworkGatewayIP ]; ];
}; };
}; };
} }