wg-home: don't infer role from ip address, but set it explicitly
This commit is contained in:
@@ -25,6 +25,7 @@
|
|||||||
sane.services.dyn-dns.enable = true;
|
sane.services.dyn-dns.enable = true;
|
||||||
sane.services.wg-home.enable = true;
|
sane.services.wg-home.enable = true;
|
||||||
sane.services.wg-home.enableWan = true;
|
sane.services.wg-home.enableWan = true;
|
||||||
|
sane.services.wg-home.routeThroughServo = false;
|
||||||
sane.services.wg-home.ip = config.sane.hosts.by-name."servo".wg-home.ip;
|
sane.services.wg-home.ip = config.sane.hosts.by-name."servo".wg-home.ip;
|
||||||
sane.nixcache.substituters.servo = false;
|
sane.nixcache.substituters.servo = false;
|
||||||
sane.nixcache.substituters.desko = false;
|
sane.nixcache.substituters.desko = false;
|
||||||
|
@@ -38,6 +38,14 @@ in
|
|||||||
default = false;
|
default = false;
|
||||||
description = "whether to make this port visible on the WAN";
|
description = "whether to make this port visible on the WAN";
|
||||||
};
|
};
|
||||||
|
sane.services.wg-home.routeThroughServo = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = true;
|
||||||
|
description = ''
|
||||||
|
whether to contact peers by routing through a stationary server.
|
||||||
|
should be true for all "clients", and false for that stationary server.
|
||||||
|
'';
|
||||||
|
};
|
||||||
sane.services.wg-home.ip = mkOption {
|
sane.services.wg-home.ip = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
};
|
};
|
||||||
@@ -79,12 +87,13 @@ in
|
|||||||
all-peers = mapAttrsToList (_: hostcfg: hostcfg.wg-home) config.sane.hosts.by-name;
|
all-peers = mapAttrsToList (_: hostcfg: hostcfg.wg-home) config.sane.hosts.by-name;
|
||||||
peer-list = filter (p: p.ip != null && p.ip != cfg.ip && p.pubkey != null) all-peers;
|
peer-list = filter (p: p.ip != null && p.ip != cfg.ip && p.pubkey != null) all-peers;
|
||||||
in
|
in
|
||||||
if cfg.ip == server-cfg.ip then
|
if cfg.routeThroughServo then
|
||||||
# if we're the server, then we maintain the entire client list
|
# if acting as a client, then maintain a single peer -- the server -- which does the actual routing
|
||||||
mkClientPeers peer-list
|
[ (mkServerPeer peer-list) ]
|
||||||
else
|
else
|
||||||
# but if we're a client, we maintain a single peer -- the server -- which does the actual routing
|
# if acting as a server, route to each peer individually
|
||||||
[ (mkServerPeer peer-list) ];
|
mkClientPeers peer-list
|
||||||
|
;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
Reference in New Issue
Block a user