forked from Deuxfleurs/nixcfg
Wireguard directly using LAN addresses when possible
This commit is contained in:
parent
0940e0bdfc
commit
86b9873221
2 changed files with 20 additions and 2 deletions
|
@ -5,27 +5,34 @@
|
||||||
deuxfleurs.cluster_nodes = [
|
deuxfleurs.cluster_nodes = [
|
||||||
{
|
{
|
||||||
hostname = "spoutnik";
|
hostname = "spoutnik";
|
||||||
|
site_name = "pluton";
|
||||||
publicKey = "fO8qZOZmnug84cA8nvfjl5MUqyWljP0BAz/4tHRZyEg=";
|
publicKey = "fO8qZOZmnug84cA8nvfjl5MUqyWljP0BAz/4tHRZyEg=";
|
||||||
IP = "10.42.2.2";
|
IP = "10.42.2.2";
|
||||||
endpoint = "77.141.67.109:42136";
|
endpoint = "77.141.67.109:42136";
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
hostname = "cariacou";
|
hostname = "cariacou";
|
||||||
|
site_name = "neptune";
|
||||||
publicKey = "qxrtfn2zRVnN52Y5NYumyU3/FcRMnh3kJ2C37JfrczA=";
|
publicKey = "qxrtfn2zRVnN52Y5NYumyU3/FcRMnh3kJ2C37JfrczA=";
|
||||||
IP = "10.42.2.21";
|
IP = "10.42.2.21";
|
||||||
endpoint = "82.66.112.151:33721";
|
endpoint = "82.66.112.151:33721";
|
||||||
|
lan_endpoint = "192.168.1.21:33721";
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
hostname = "carcajou";
|
hostname = "carcajou";
|
||||||
|
site_name = "neptune";
|
||||||
publicKey = "7Nm7pMmyS7Nts1MB+loyD8u84ODxHPTkDu+uqQR6yDk=";
|
publicKey = "7Nm7pMmyS7Nts1MB+loyD8u84ODxHPTkDu+uqQR6yDk=";
|
||||||
IP = "10.42.2.22";
|
IP = "10.42.2.22";
|
||||||
endpoint = "82.66.112.151:33722";
|
endpoint = "82.66.112.151:33722";
|
||||||
|
lan_endpoint = "192.168.1.22:33722";
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
hostname = "caribou";
|
hostname = "caribou";
|
||||||
|
site_name = "neptune";
|
||||||
publicKey = "g6ZED/wPn5MPfytJKwPI19808CXtEad0IJUkEAAzwyY=";
|
publicKey = "g6ZED/wPn5MPfytJKwPI19808CXtEad0IJUkEAAzwyY=";
|
||||||
IP = "10.42.2.23";
|
IP = "10.42.2.23";
|
||||||
endpoint = "82.66.112.151:33723";
|
endpoint = "82.66.112.151:33723";
|
||||||
|
lan_endpoint = "192.168.1.23:33723";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
deuxfleurs.admin_nodes = [
|
deuxfleurs.admin_nodes = [
|
||||||
|
|
|
@ -13,6 +13,11 @@ in
|
||||||
type = str;
|
type = str;
|
||||||
description = "Host name";
|
description = "Host name";
|
||||||
};
|
};
|
||||||
|
site_name = mkOption {
|
||||||
|
type = nullOr str;
|
||||||
|
description = "Site where the node is located";
|
||||||
|
default = null;
|
||||||
|
};
|
||||||
IP = mkOption {
|
IP = mkOption {
|
||||||
type = str;
|
type = str;
|
||||||
description = "IP Address";
|
description = "IP Address";
|
||||||
|
@ -25,6 +30,11 @@ in
|
||||||
type = nullOr str;
|
type = nullOr str;
|
||||||
description = "Wireguard endpoint on the public Internet";
|
description = "Wireguard endpoint on the public Internet";
|
||||||
};
|
};
|
||||||
|
lan_endpoint = mkOption {
|
||||||
|
type = nullOr str;
|
||||||
|
description = "Wireguard endpoint for nodes in the same site";
|
||||||
|
default = null;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
|
@ -115,10 +125,11 @@ in
|
||||||
ips = [ "${cfg.vpn_ip}/16" ];
|
ips = [ "${cfg.vpn_ip}/16" ];
|
||||||
listenPort = cfg.vpn_listen_port;
|
listenPort = cfg.vpn_listen_port;
|
||||||
privateKeyFile = "/var/lib/deuxfleurs/wireguard-keys/private";
|
privateKeyFile = "/var/lib/deuxfleurs/wireguard-keys/private";
|
||||||
peers = map ({ publicKey, endpoint, IP, ... }: {
|
peers = map ({ publicKey, endpoint, IP, site_name, lan_endpoint, ... }: {
|
||||||
publicKey = publicKey;
|
publicKey = publicKey;
|
||||||
allowedIPs = [ "${IP}/32" ];
|
allowedIPs = [ "${IP}/32" ];
|
||||||
endpoint = endpoint;
|
endpoint = if site_name != null && site_name == config.deuxfleurs.site_name && lan_endpoint != null
|
||||||
|
then lan_endpoint else endpoint;
|
||||||
persistentKeepalive = 25;
|
persistentKeepalive = 25;
|
||||||
}) (cfg.cluster_nodes ++ cfg.admin_nodes);
|
}) (cfg.cluster_nodes ++ cfg.admin_nodes);
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue