hosts: update Wireguard network setup

2025-02-07 12:19:07 +00:00 · 2023-01-19 20:16:01 +08:00 · 2023-01-19 20:16:01 +08:00 · 33206698c0
commit 33206698c0
parent 5fab811812
4 changed files with 16 additions and 16 deletions
--- a/hosts/ni/default.nix
+++ b/hosts/ni/default.nix
@ -2,7 +2,8 @@

 let
  network = import ../plover/modules/hardware/networks.nix;
-  inherit (network) publicIP wireguardIPv6BaseAddress wireguardPort;
+  inherit (builtins) toString;
+  inherit (network) publicIP wireguardIPv6 wireguardIPv6LengthPrefix wireguardPort;

  wireguardAllowedIPs = [ "0:0:0:0/0" "::/0" ];
  wireguardIFName = "wireguard0";
@ -257,7 +258,7 @@ in
      matchConfig.Name = wireguardIFName;
      address = [
        "172.45.1.2/24"
-        "${wireguardIPv6BaseAddress}/48"
+        "${wireguardIPv6}/${toString wireguardIPv6LengthPrefix}"
      ];

      # Otherwise, it will autostart every bootup when I need it only at few
--- a/hosts/plover/modules/hardware/hetzner-cloud-cx21.nix
+++ b/hosts/plover/modules/hardware/hetzner-cloud-cx21.nix
@ -5,6 +5,7 @@
 # from nixos-generators.
 let
  network = import ./networks.nix;
+  inherit (builtins) toString;
  inherit (network) publicIP' publicIPv6 publicIPv6PrefixLength privateNetworkGatewayIP;

  # This is just referring to the same interface just with alternative names.
@ -65,7 +66,7 @@ in

          # The public IPv6 is assigned to a server so we'll to have to go with
          # something else.
-          "${publicIPv6}1/${publicIPv6PrefixLength}"
+          "${publicIPv6}1/${toString publicIPv6PrefixLength}"
        ];

        networkConfig = {
--- a/hosts/plover/modules/hardware/networks.nix
+++ b/hosts/plover/modules/hardware/networks.nix
@ -13,6 +13,7 @@ rec {
  privateIPNetworkRange = "172.16.0.0/32";
  privateNetworkGatewayIP = "172.16.0.1/32";

-  wireguardIPv6BaseAddress = "fdee:b0de:54e6::";
+  wireguardIPv6 = "fdee:b0de:54e6:ae74::";
+  wireguardIPv6LengthPrefix = 64;
  wireguardPort = 51820;
 }
--- a/hosts/plover/modules/services/wireguard.nix
+++ b/hosts/plover/modules/services/wireguard.nix
@ -5,17 +5,11 @@
 let
  acmeName = "wireguard.${config.networking.domain}";
  networks = import ../hardware/networks.nix;
-  inherit (networks) privateNetworkGatewayIP wireguardIPv6BaseAddress wireguardPort;
+  inherit (builtins) toString;
+  inherit (networks) wireguardIPv6 wireguardIPv6LengthPrefix wireguardPort;

  wireguardIFName = "wireguard0";
-  wireguardAddresses = [
-    # Private IP address.
-    "172.45.1.1/32"
-
-    # Private IPv6 address. Just arbitrarily chosen.
-    "${wireguardIPv6BaseAddress}/48"
-  ];
-  wireguardAllowedIPs = [ "172.45.1.2/24" "${wireguardIPv6BaseAddress}/48" ];
+  wireguardAllowedIPs = [ "172.45.1.2/24" "${wireguardIPv6}/${toString wireguardIPv6LengthPrefix}" ];
 in
 {
  environment.systemPackages = [ pkgs.wireguard-tools ];
@ -57,10 +51,13 @@ in

    networks."99-${wireguardIFName}" = {
      matchConfig.Name = wireguardIFName;
+      address = [
+        # Private IP address.
+        "172.45.1.1/32"

-      address = wireguardAddresses;
-
-      gateway = [ privateNetworkGatewayIP ];
+        # Private IPv6 address. Just arbitrarily chosen.
+        "${wireguardIPv6}1/${toString wireguardIPv6LengthPrefix}"
+      ];
    };
  };
 }