wg-home: don't infer role from ip address, but set it explicitly

This commit is contained in:
2023-09-19 11:38:51 +00:00
parent 9dfcacf8a3
commit 9d1ebd38ce
2 changed files with 15 additions and 5 deletions

View File

@@ -25,6 +25,7 @@
sane.services.dyn-dns.enable = true; sane.services.dyn-dns.enable = true;
sane.services.wg-home.enable = true; sane.services.wg-home.enable = true;
sane.services.wg-home.enableWan = true; sane.services.wg-home.enableWan = true;
sane.services.wg-home.routeThroughServo = false;
sane.services.wg-home.ip = config.sane.hosts.by-name."servo".wg-home.ip; sane.services.wg-home.ip = config.sane.hosts.by-name."servo".wg-home.ip;
sane.nixcache.substituters.servo = false; sane.nixcache.substituters.servo = false;
sane.nixcache.substituters.desko = false; sane.nixcache.substituters.desko = false;

View File

@@ -38,6 +38,14 @@ in
default = false; default = false;
description = "whether to make this port visible on the WAN"; description = "whether to make this port visible on the WAN";
}; };
sane.services.wg-home.routeThroughServo = mkOption {
type = types.bool;
default = true;
description = ''
whether to contact peers by routing through a stationary server.
should be true for all "clients", and false for that stationary server.
'';
};
sane.services.wg-home.ip = mkOption { sane.services.wg-home.ip = mkOption {
type = types.str; type = types.str;
}; };
@@ -79,12 +87,13 @@ in
all-peers = mapAttrsToList (_: hostcfg: hostcfg.wg-home) config.sane.hosts.by-name; all-peers = mapAttrsToList (_: hostcfg: hostcfg.wg-home) config.sane.hosts.by-name;
peer-list = filter (p: p.ip != null && p.ip != cfg.ip && p.pubkey != null) all-peers; peer-list = filter (p: p.ip != null && p.ip != cfg.ip && p.pubkey != null) all-peers;
in in
if cfg.ip == server-cfg.ip then if cfg.routeThroughServo then
# if we're the server, then we maintain the entire client list # if acting as a client, then maintain a single peer -- the server -- which does the actual routing
mkClientPeers peer-list [ (mkServerPeer peer-list) ]
else else
# but if we're a client, we maintain a single peer -- the server -- which does the actual routing # if acting as a server, route to each peer individually
[ (mkServerPeer peer-list) ]; mkClientPeers peer-list
;
}; };
}; };
} }