wg-home: when acting as client, allow server to relay all other clients' messages
This commit is contained in:
parent
c316e51344
commit
c2e5a0a2fc
|
@ -1,9 +1,28 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
inherit (lib) mapAttrsToList mkIf mkMerge mkOption optionalAttrs types;
|
inherit (builtins) filter map;
|
||||||
|
inherit (lib) concatMap mapAttrsToList mkIf mkMerge mkOption optionalAttrs types;
|
||||||
cfg = config.sane.services.wg-home;
|
cfg = config.sane.services.wg-home;
|
||||||
server-cfg = config.sane.hosts.by-name."servo".wg-home;
|
server-cfg = config.sane.hosts.by-name."servo".wg-home;
|
||||||
|
mkPeer = { ips, pubkey, endpoint }: {
|
||||||
|
publicKey = pubkey;
|
||||||
|
allowedIPs = map (k: "${k}/32") ips;
|
||||||
|
endpoint = mkIf (endpoint != null) endpoint;
|
||||||
|
# send keepalives every 25 seconds to keep NAT routes live.
|
||||||
|
# only need to do this from client -> server though, i think.
|
||||||
|
persistentKeepalive = mkIf (endpoint != null) 25;
|
||||||
|
};
|
||||||
|
# make separate peers to route each given host
|
||||||
|
mkClientPeers = hosts: map (p: mkPeer {
|
||||||
|
inherit (p) pubkey endpoint;
|
||||||
|
ips = [ p.ip ];
|
||||||
|
}) hosts;
|
||||||
|
# make a single peer which routes all the given hosts
|
||||||
|
mkServerPeer = hosts: mkPeer {
|
||||||
|
inherit (server-cfg) pubkey endpoint;
|
||||||
|
ips = map (h: h.ip) hosts;
|
||||||
|
};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
|
@ -42,24 +61,17 @@ in
|
||||||
"${cfg.ip}/24"
|
"${cfg.ip}/24"
|
||||||
];
|
];
|
||||||
|
|
||||||
# include all peers -- except for ourself
|
peers =
|
||||||
peers = mapAttrsToList
|
let
|
||||||
(name: hostcfg:
|
all-peers = mapAttrsToList (_: hostcfg: hostcfg.wg-home) config.sane.hosts.by-name;
|
||||||
mkIf (hostcfg.wg-home.ip != null && hostcfg.wg-home.ip != cfg.ip) {
|
peer-list = filter (p: p.ip != null && p.ip != cfg.ip && p.pubkey != null) all-peers;
|
||||||
publicKey = hostcfg.wg-home.pubkey;
|
in
|
||||||
allowedIPs = [ "${hostcfg.wg-home.ip}/32" ];
|
if cfg.ip == server-cfg.ip then
|
||||||
endpoint = lib.mkIf
|
# if we're the server, then we maintain the entire client list
|
||||||
(hostcfg.wg-home.endpoint != null)
|
mkClientPeers peer-list
|
||||||
hostcfg.wg-home.endpoint;
|
else
|
||||||
|
# but if we're a client, we maintain a single peer -- the server -- which does the actual routing
|
||||||
# send keepalives every 25 seconds to keep NAT routes live.
|
[ (mkServerPeer peer-list) ];
|
||||||
# only need to do this from client -> server though, i think.
|
|
||||||
persistentKeepalive = lib.mkIf
|
|
||||||
(hostcfg.wg-home.endpoint != null)
|
|
||||||
25;
|
|
||||||
}
|
|
||||||
)
|
|
||||||
config.sane.hosts.by-name;
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user