sokai/mynixos-extra-modules
1
0
Fork 0
forked from mirrors_public/oddlama_nixos-extra-modules
Code Pull requests Activity

chore: remove wireguardPeerConfig as advised by change in nixpkgs

Browse source
This commit is contained in:
oddlama 2024-06-26 02:29:52 +02:00
parent fc2cef598d
commit 28fdf3bfea
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
1 changed files with 16 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

12
modules/wireguard.nix
View file

@ -231,43 +231,37 @@
map (serverNode: let map (serverNode: let
snCfg = wgCfgOf serverNode; snCfg = wgCfgOf serverNode;
in { in {
wireguardPeerConfig = {
PublicKey = builtins.readFile (peerPublicKeyPath serverNode); PublicKey = builtins.readFile (peerPublicKeyPath serverNode);
PresharedKeyFile = config.age.secrets.${peerPresharedKeySecret nodeName serverNode}.path; PresharedKeyFile = config.age.secrets.${peerPresharedKeySecret nodeName serverNode}.path;
AllowedIPs = serverAllowedIPs serverNode; AllowedIPs = serverAllowedIPs serverNode;
Endpoint = "${snCfg.server.host}:${toString snCfg.server.port}"; Endpoint = "${snCfg.server.host}:${toString snCfg.server.port}";
};
}) })
(filterSelf participatingServerNodes) (filterSelf participatingServerNodes)
# All our external peers # All our external peers
++ mapAttrsToList (extPeer: ips: let ++ mapAttrsToList (extPeer: ips: let
peerName = externalPeerName extPeer; peerName = externalPeerName extPeer;
in { in {
wireguardPeerConfig = {
PublicKey = builtins.readFile (peerPublicKeyPath peerName); PublicKey = builtins.readFile (peerPublicKeyPath peerName);
PresharedKeyFile = config.age.secrets.${peerPresharedKeySecret nodeName peerName}.path; PresharedKeyFile = config.age.secrets.${peerPresharedKeySecret nodeName peerName}.path;
AllowedIPs = map (net.cidr.make 128) ips; AllowedIPs = map (net.cidr.make 128) ips;
# Connections to external peers should always be kept alive # Connections to external peers should always be kept alive
PersistentKeepalive = 25; PersistentKeepalive = 25;
};
}) })
wgCfg.server.externalPeers wgCfg.server.externalPeers
# All client nodes that have their via set to us. # All client nodes that have their via set to us.
++ map (clientNode: let ++ map (clientNode: let
clientCfg = wgCfgOf clientNode; clientCfg = wgCfgOf clientNode;
in { in {
wireguardPeerConfig = {
PublicKey = builtins.readFile (peerPublicKeyPath clientNode); PublicKey = builtins.readFile (peerPublicKeyPath clientNode);
PresharedKeyFile = config.age.secrets.${peerPresharedKeySecret nodeName clientNode}.path; PresharedKeyFile = config.age.secrets.${peerPresharedKeySecret nodeName clientNode}.path;
AllowedIPs = map (net.cidr.make 128) clientCfg.addresses; AllowedIPs = map (net.cidr.make 128) clientCfg.addresses;
};
}) })
ourClientNodes ourClientNodes
else else
# We are a client node, so only include our via server. # We are a client node, so only include our via server.
[ [
{ (
wireguardPeerConfig = let let
snCfg = wgCfgOf wgCfg.client.via; snCfg = wgCfgOf wgCfg.client.via;
in in
{ {
@ -279,8 +273,8 @@
} }
// optionalAttrs wgCfg.client.keepalive { // optionalAttrs wgCfg.client.keepalive {
PersistentKeepalive = 25; PersistentKeepalive = 25;
};
} }
)
]; ];
}; };