feat: add nix-topology wireguard extractor

This commit is contained in:
oddlama 2024-04-12 13:18:23 +02:00
parent 3ade74f761
commit f124f513ef
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
3 changed files with 82 additions and 0 deletions

View file

@ -20,6 +20,7 @@ Node options | Module | [Link](./modules/node.nix) | - | - | A module that store
Guests (MicroVMs & Containers) | Module | [Link](./modules/guests) | zfs, disko, node options | - | This module implements a common interface to use guest systems with microvms or nixos-containers.
Restic hetzner storage box setup | Module | [Link](./modules/restic.nix) | agenix, agenix-rekey | - | This module exposes new options for restic backups that allow a simple setup of hetzner storage boxes. There's [an app](./apps/setup-hetzner-storage-boxes.nix) that you should expose on your flake to automate remote setup.
Wireguard overlay networks | Module | [Link](./modules/wireguard.nix) | agenix, agenix-rekey, nftables-firewall, inputs.self.nodes | - | This module automatically creates cross-node wireguard networks including automatic semi-stable ip address assignments
nix-topology for wireguard | Module | [Link](./modules/topology-wireguard.nix) | nix-topology | - | This module automatically adds wireguard networks and interfaces based on the wireguard configuration from our wireguard module
#### Home Manager Modules

View file

@ -8,6 +8,7 @@
./nginx.nix
./node.nix
./restic.nix
./topology-wireguard.nix
./wireguard.nix
];

View file

@ -0,0 +1,80 @@
{
config,
lib,
inputs ? {},
...
}: let
inherit
(lib)
flip
mapAttrsToList
mkDefault
mkEnableOption
mkIf
mkMerge
filter
;
headOrNull = xs:
if xs == []
then null
else builtins.head xs;
networkId = wgName: "wireguard-${wgName}";
in {
options.topology.extractors.wireguard.enable = mkEnableOption "topology wireguard extractor" // {default = true;};
config = mkIf (config.topology.extractors.wireguard.enable && config ? wireguard) {
# Create networks (this will be duplicated by each node,
# but it doesn't matter and will be merged anyway)
topology.networks = mkMerge (
flip mapAttrsToList config.wireguard (
wgName: _: let
inherit (lib.wireguard inputs wgName) networkCidrs;
in {
${networkId wgName} = {
name = mkDefault "Wireguard network '${wgName}'";
icon = "interfaces.wireguard";
cidrv4 = headOrNull (filter lib.net.ip.isv4 networkCidrs);
cidrv6 = headOrNull (filter lib.net.ip.isv6 networkCidrs);
};
}
)
);
# Assign network and physical connections to related interfaces
topology.self.interfaces = mkMerge (
flip mapAttrsToList config.wireguard (
wgName: wgCfg: let
inherit
(lib.wireguard inputs wgName)
participatingServerNodes
wgCfgOf
;
isServer = wgCfg.server.host != null;
filterSelf = filter (x: x != config.node.name);
# The list of peers that are "physically" connected in the wireguard network,
# meaning they communicate directly with each other.
connectedPeers =
if isServer
then
# Other servers in the same network
filterSelf participatingServerNodes
else [wgCfg.client.via];
in {
${wgCfg.linkName} = {
network = networkId wgName;
virtual = true;
renderer.hidePhysicalConnections = true;
physicalConnections = flip map connectedPeers (peer: {
node = inputs.self.nodes.${peer}.config.topology.id;
interface = (wgCfgOf peer).linkName;
});
};
}
)
);
};
}