forked from mirrors_public/oddlama_nix-config
fix: move PersistentKeepalive from server to client in case the ip address changes
This commit is contained in:
oddlama
parent
836dfa9fea
commit
c1fe238c75
2 changed files with 19 additions and 18 deletions
|
|
@ -213,15 +213,11 @@
|
||||||
++ map (clientNode: let
|
++ map (clientNode: let
|
||||||
clientCfg = wgCfgOf clientNode;
|
clientCfg = wgCfgOf clientNode;
|
||||||
in {
|
in {
|
||||||
wireguardPeerConfig =
|
wireguardPeerConfig = {
|
||||||
{
|
PublicKey = builtins.readFile (peerPublicKeyPath clientNode);
|
||||||
PublicKey = builtins.readFile (peerPublicKeyPath clientNode);
|
PresharedKeyFile = config.rekey.secrets.${peerPresharedKeySecret nodeName clientNode}.path;
|
||||||
PresharedKeyFile = config.rekey.secrets.${peerPresharedKeySecret nodeName clientNode}.path;
|
AllowedIPs = map (net.cidr.make 128) clientCfg.addresses;
|
||||||
AllowedIPs = map (net.cidr.make 128) clientCfg.addresses;
|
};
|
||||||
}
|
|
||||||
// optionalAttrs clientCfg.client.keepalive {
|
|
||||||
PersistentKeepalive = 25;
|
|
||||||
};
|
|
||||||
})
|
})
|
||||||
ourClientNodes
|
ourClientNodes
|
||||||
else
|
else
|
||||||
|
|
@ -230,15 +226,19 @@
|
||||||
{
|
{
|
||||||
wireguardPeerConfig = let
|
wireguardPeerConfig = let
|
||||||
snCfg = wgCfgOf wgCfg.client.via;
|
snCfg = wgCfgOf wgCfg.client.via;
|
||||||
in {
|
in
|
||||||
PublicKey = builtins.readFile (peerPublicKeyPath wgCfg.client.via);
|
{
|
||||||
PresharedKeyFile = config.rekey.secrets.${peerPresharedKeySecret nodeName wgCfg.client.via}.path;
|
PublicKey = builtins.readFile (peerPublicKeyPath wgCfg.client.via);
|
||||||
Endpoint = "${snCfg.server.host}:${toString snCfg.server.port}";
|
PresharedKeyFile = config.rekey.secrets.${peerPresharedKeySecret nodeName wgCfg.client.via}.path;
|
||||||
# Access to the whole network is routed through our entry node.
|
Endpoint = "${snCfg.server.host}:${toString snCfg.server.port}";
|
||||||
# TODO this should add any routedAddresses on ANY server in the network, right?
|
# Access to the whole network is routed through our entry node.
|
||||||
# if A entries via B and only C can route 0.0.0.0/0, does that work?
|
# TODO this should add any routedAddresses on ANY server in the network, right?
|
||||||
AllowedIPs = networkCidrs;
|
# if A entries via B and only C can route 0.0.0.0/0, does that work?
|
||||||
};
|
AllowedIPs = networkCidrs;
|
||||||
|
}
|
||||||
|
// optionalAttrs wgCfg.client.keepalive {
|
||||||
|
PersistentKeepalive = 25;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -368,6 +368,7 @@ in rec {
|
||||||
PresharedKey = $serverPsk
|
PresharedKey = $serverPsk
|
||||||
AllowedIPs = ${concatStringsSep ", " networkCidrs}
|
AllowedIPs = ${concatStringsSep ", " networkCidrs}
|
||||||
Endpoint = ${snCfg.server.host}:${toString snCfg.server.port}
|
Endpoint = ${snCfg.server.host}:${toString snCfg.server.port}
|
||||||
|
PersistentKeepalive = 25
|
||||||
EOF
|
EOF
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue