IPv6 mesh support yooooo

This commit is contained in:
Lyn 2025-01-14 18:56:49 +01:00
parent 91eda3a0ae
commit 4402e137c9
8 changed files with 173 additions and 201 deletions

View file

@ -21,6 +21,28 @@
"type": "github" "type": "github"
} }
}, },
"fenix-monthly": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
"lastModified": 1735713283,
"narHash": "sha256-xC6X49L55xo7AV+pAYclOj5UNWtBo/xx5aB5IehJD0M=",
"owner": "nix-community",
"repo": "fenix",
"rev": "bfba822a4220b0e2c4dc7f36a35e4c8450cd9a9c",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "monthly",
"repo": "fenix",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -58,24 +80,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1730504689,
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "506278e768c2a08bec68eb62932193e341f55c90",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems" "systems": "systems"
@ -96,14 +100,14 @@
}, },
"flake-utils_2": { "flake-utils_2": {
"inputs": { "inputs": {
"systems": "systems_3" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1726560853, "lastModified": 1731533236,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -159,27 +163,6 @@
"type": "github" "type": "github"
} }
}, },
"lynpkgs": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_2",
"pkgs-by-name-for-flake-parts": "pkgs-by-name-for-flake-parts",
"systems": "systems_2"
},
"locked": {
"lastModified": 1732934040,
"narHash": "sha256-3QuAM3OP8SbZyz1bXKajHBRQGW8sMXZ3vJDLV6MQCRg=",
"owner": "lynatic1337",
"repo": "lynpkgs",
"rev": "1bad540c69e36520fcab64b99cf7a1907e2c0f73",
"type": "github"
},
"original": {
"owner": "lynatic1337",
"repo": "lynpkgs",
"type": "github"
}
},
"microvm": { "microvm": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_2",
@ -189,11 +172,11 @@
"spectrum": "spectrum" "spectrum": "spectrum"
}, },
"locked": { "locked": {
"lastModified": 1732633513, "lastModified": 1736637237,
"narHash": "sha256-6LmtOmeDpv9iHS8l0GNcppP11dKIJFMZLdFyxQ+qQBM=", "narHash": "sha256-kZELEfQDEbCljZUpmIw0G0tNNdcJlnLvc6bwKQ++Okw=",
"owner": "astro", "owner": "astro",
"repo": "microvm.nix", "repo": "microvm.nix",
"rev": "093ef734d3c37669860043a87dbf1c09fc6f5b38", "rev": "6f7e4a7bfcdce1c703f9cb89ae9d634167b720b8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -218,18 +201,6 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-lib": {
"locked": {
"lastModified": 1730504152,
"narHash": "sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz"
}
},
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1710695816, "lastModified": 1710695816,
@ -248,11 +219,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1732521221, "lastModified": 1736798957,
"narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=", "narHash": "sha256-qwpCtZhSsSNQtK4xYGzMiyEDhkNzOCz/Vfu4oL2ETsQ=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d", "rev": "9abb87b552b7f55ac8916b6fc9e5cb486656a2f3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -264,27 +235,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1732521221, "lastModified": 1735563628,
"narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=", "narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d", "rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1732749044,
"narHash": "sha256-T38FQOg0BV5M8FN1712fovzNakSOENEYs+CSkg31C9Y=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0c5b4ecbed5b155b705336aa96d878e55acd8685",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -294,7 +249,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1731763621, "lastModified": 1731763621,
"narHash": "sha256-ddcX4lQL0X05AYkrkV2LMFgGdRvgap7Ho8kgon3iWZk=", "narHash": "sha256-ddcX4lQL0X05AYkrkV2LMFgGdRvgap7Ho8kgon3iWZk=",
@ -310,21 +265,6 @@
"type": "github" "type": "github"
} }
}, },
"pkgs-by-name-for-flake-parts": {
"locked": {
"lastModified": 1727519927,
"narHash": "sha256-3SNX6BuaisoX9PKYI+fh3geZ3jBgKKkAtHcWuHRU0+o=",
"owner": "drupol",
"repo": "pkgs-by-name-for-flake-parts",
"rev": "91debb07d81ff25b8e3b48914b6abd6f11dc26e2",
"type": "github"
},
"original": {
"owner": "drupol",
"repo": "pkgs-by-name-for-flake-parts",
"type": "github"
}
},
"pre-commit-hooks-nix": { "pre-commit-hooks-nix": {
"inputs": { "inputs": {
"flake-compat": [ "flake-compat": [
@ -354,14 +294,31 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"fenix-monthly": "fenix-monthly",
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"lynpkgs": "lynpkgs",
"microvm": "microvm", "microvm": "microvm",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"sops-nix": "sops-nix" "sops-nix": "sops-nix"
} }
}, },
"rust-analyzer-src": {
"flake": false,
"locked": {
"lastModified": 1735659655,
"narHash": "sha256-DQgwi3pwaasWWDfNtXIX0lW5KvxQ+qVhxO1J7l68Qcc=",
"owner": "rust-lang",
"repo": "rust-analyzer",
"rev": "085ad107943996c344633d58f26467b05f8e2ff0",
"type": "github"
},
"original": {
"owner": "rust-lang",
"ref": "nightly",
"repo": "rust-analyzer",
"type": "github"
}
},
"rust-overlay": { "rust-overlay": {
"inputs": { "inputs": {
"flake-utils": [ "flake-utils": [
@ -389,14 +346,14 @@
}, },
"sops-nix": { "sops-nix": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_4" "nixpkgs": "nixpkgs_3"
}, },
"locked": { "locked": {
"lastModified": 1732575825, "lastModified": 1736808430,
"narHash": "sha256-xtt95+c7OUMoqZf4OvA/7AemiH3aVuWHQbErYQoPwFk=", "narHash": "sha256-wlgdf/n7bJMLBheqt1jmPoxJFrUP6FByKQFXuM9YvIk=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "3433ea14fbd9e6671d0ff0dd45ed15ee4c156ffa", "rev": "553c7cb22fed19fd60eb310423fdc93045c51ba8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -408,11 +365,11 @@
"spectrum": { "spectrum": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1729945407, "lastModified": 1733308308,
"narHash": "sha256-iGNMamNOAnVTETnIVqDWd6fl74J8fLEi1ejdZiNjEtY=", "narHash": "sha256-+RcbMAjSxV1wW5UpS9abIG1lFZC8bITPiFIKNnE7RLs=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "f1d94ee7029af18637dbd5fdf4749621533693fa", "rev": "80c9e9830d460c944c8f730065f18bb733bc7ee2",
"revCount": 764, "revCount": 792,
"type": "git", "type": "git",
"url": "https://spectrum-os.org/git/spectrum" "url": "https://spectrum-os.org/git/spectrum"
}, },
@ -450,21 +407,6 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

View file

@ -7,7 +7,10 @@
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
sops-nix.url = "github:Mic92/sops-nix"; sops-nix.url = "github:Mic92/sops-nix";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
lynpkgs.url = "github:lynatic1337/lynpkgs"; fenix-monthly = {
url = "github:nix-community/fenix/monthly";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = { outputs = {
self, self,
@ -16,7 +19,7 @@
sops-nix, sops-nix,
lanzaboote, lanzaboote,
microvm, microvm,
lynpkgs, fenix-monthly,
} @ inputs: let } @ inputs: let
imports = { imports = {
imports = [ imports = [
@ -26,8 +29,12 @@
lanzaboote.nixosModules.lanzaboote lanzaboote.nixosModules.lanzaboote
inputs.microvm.nixosModules.host inputs.microvm.nixosModules.host
./hosts/network.nix ./hosts/network.nix
./meta/wgautomesh
]; ];
}; };
overlays = {
default = import ./pkgs/overlay.nix inputs;
};
passInputs = { passInputs = {
lib, lib,
config, config,
@ -41,15 +48,10 @@
config.pkgsInstances = { config.pkgsInstances = {
unstable = import inputs.nixpkgs-unstable {system = config.nixpkgs.system;}; unstable = import inputs.nixpkgs-unstable {system = config.nixpkgs.system;};
}; };
config.nixpkgs.overlays = lib.attrValues overlays;
}; };
inherit (nixpkgs) lib; inherit (nixpkgs) lib;
pkgs = import nixpkgs {
overlays = [
lynpkgs.overlays.default
];
};
mkLocalMods = import ./meta/mkLocalMods.nix {inherit lib;}; mkLocalMods = import ./meta/mkLocalMods.nix {inherit lib;};
mkLocalModsInput = mkLocalMods { mkLocalModsInput = mkLocalMods {
prefix = ["lyn"]; prefix = ["lyn"];

View file

@ -11,7 +11,6 @@
wg = { wg = {
enabled = true; enabled = true;
pubkey = "Fknzk7lltkPKJZlF3KXWKGQXXSj7CUD9ev0ZEZtpbjY="; pubkey = "Fknzk7lltkPKJZlF3KXWKGQXXSj7CUD9ev0ZEZtpbjY=";
port = 51820;
}; };
IPv4 = { IPv4 = {
public = "78.47.226.47"; public = "78.47.226.47";
@ -28,15 +27,12 @@
wg = { wg = {
enabled = true; enabled = true;
pubkey = "jdfbOnP0mFWFobtQunm0h6EtqOZiar9G9jngMU7b+Co="; pubkey = "jdfbOnP0mFWFobtQunm0h6EtqOZiar9G9jngMU7b+Co=";
port = 51820;
}; };
IPv4 = { IPv4 = {
public = "";
# we use 10.35.0.0/16 as a range for private subnets, specifically 10.35.0.0/24 for wireguard peers # we use 10.35.0.0/16 as a range for private subnets, specifically 10.35.0.0/24 for wireguard peers
internal = "10.35.0.2"; internal = "10.35.0.2";
}; };
IPv6 = { IPv6 = {
public = "";
# 1aacabcafe is the global ID and 1337 is the wireguard peer subnet ID, resulting in the ULA fd1a:acab:cafe:1337::/64 # 1aacabcafe is the global ID and 1337 is the wireguard peer subnet ID, resulting in the ULA fd1a:acab:cafe:1337::/64
internal = "fd1a:acab:cafe:1337:6722:3657::"; internal = "fd1a:acab:cafe:1337:6722:3657::";
}; };
@ -62,11 +58,16 @@ in {
default = null; default = null;
description = "Public key for WireGuard"; description = "Public key for WireGuard";
}; };
port = lib.mkOption { port_v4 = lib.mkOption {
type = lib.types.int; type = lib.types.int;
default = 51820; default = 51820;
description = "Port for WireGuard"; description = "Port for WireGuard";
}; };
port_v6 = lib.mkOption {
type = lib.types.int;
default = 51821;
description = "Port for WireGuard";
};
}; };
}; };
description = "WireGuard configuration"; description = "WireGuard configuration";
@ -75,8 +76,8 @@ in {
type = lib.types.submodule { type = lib.types.submodule {
options = { options = {
public = lib.mkOption { public = lib.mkOption {
type = lib.types.str; type = lib.types.nullOr lib.types.str;
default = ""; default = null;
description = "Public IPv4 address"; description = "Public IPv4 address";
}; };
internal = lib.mkOption { internal = lib.mkOption {
@ -92,8 +93,8 @@ in {
type = lib.types.submodule { type = lib.types.submodule {
options = { options = {
public = lib.mkOption { public = lib.mkOption {
type = lib.types.str; type = lib.types.nullOr lib.types.str;
default = ""; default = null;
description = "Public IPv6 address"; description = "Public IPv6 address";
}; };
internal = lib.mkOption { internal = lib.mkOption {

View file

@ -26,7 +26,7 @@ with config.lyn.lib; {
lyn.services.wgautomesh = { lyn.services.wgautomesh = {
enable = true; enable = true;
#useIPv6 = false; enable_upnp = true;
}; };
##1##3##3##7## ##1##3##3##7##

View file

@ -20,7 +20,6 @@
lyn.services.wgautomesh = { lyn.services.wgautomesh = {
enable = true; enable = true;
#useIPv6 = false;
}; };
networking.useDHCP = false; networking.useDHCP = false;

View file

@ -13,16 +13,19 @@ with lib; let
settingsFormat.generate "wgautomesh-config.toml" settingsFormat.generate "wgautomesh-config.toml"
(filterAttrs (k: v: v != null) (filterAttrs (k: v: v != null)
(mapAttrs (mapAttrs
(k: v: (
if k == "peers" k: v:
if k == "peers" || k == "interfaces"
then map (e: filterAttrs (k: v: v != null) e) v then map (e: filterAttrs (k: v: v != null) e) v
else v) else v
)
cfg.settings)); cfg.settings));
runtimeConfigFile = runtimeConfigFile =
if cfg.enableGossipEncryption if cfg.enableGossipEncryption
then "/run/wgautomesh/wgautomesh.toml" then "/run/wgautomesh/wgautomesh.toml"
else configFile; else configFile;
in { in {
disabledModules = ["services/networking/wgautomesh.nix"];
options.services.wgautomesh = { options.services.wgautomesh = {
enable = mkEnableOption "the wgautomesh daemon"; enable = mkEnableOption "the wgautomesh daemon";
logLevel = mkOption { logLevel = mkOption {
@ -58,15 +61,6 @@ in {
type = types.submodule { type = types.submodule {
freeformType = settingsFormat.type; freeformType = settingsFormat.type;
options = { options = {
interface = mkOption {
type = types.str;
description = ''
Wireguard interface to manage (it is NOT created by wgautomesh, you
should use another NixOS option to create it such as
`networking.wireguard.interfaces.wg0 = {...};`).
'';
example = "wg0";
};
gossip_port = mkOption { gossip_port = mkOption {
type = types.port; type = types.port;
description = '' description = ''
@ -80,19 +74,25 @@ in {
default = true; default = true;
description = "Enable discovery of peers on the same LAN using UDP broadcast."; description = "Enable discovery of peers on the same LAN using UDP broadcast.";
}; };
ipv6 = mkOption { interfaces = mkOption {
type = types.bool; type = types.listOf (types.submodule {
default = true; options = {
description = "Whether to use IPv6 or IPv4."; name = mkOption {
type = types.str;
}; };
upnp_forward_external_port = mkOption { upnp_forward_external_port = mkOption {
type = types.nullOr types.port; type = types.nullOr types.port;
default = null; default = null;
description = '' description = ''
Public port number to try to redirect to this machine's Wireguard Public port number to try to redirect to this machine's Wireguard
daemon using UPnP IGD. daemon using UPnP IGD. For IPv6 only interfaces the value is discarded, to enable please set it to any valid port number.
''; '';
}; };
};
});
default = [];
description = "wgautomesh interface settings.";
};
peers = mkOption { peers = mkOption {
type = types.listOf (types.submodule { type = types.listOf (types.submodule {
options = { options = {
@ -100,6 +100,13 @@ in {
type = types.str; type = types.str;
description = "Wireguard public key of this peer."; description = "Wireguard public key of this peer.";
}; };
interface = mkOption {
type = types.str;
};
port = mkOption {
type = types.nullOr types.port;
example = 51820;
};
address = mkOption { address = mkOption {
type = types.str; type = types.str;
description = '' description = ''
@ -115,7 +122,7 @@ in {
other address is known or none are working. other address is known or none are working.
''; '';
default = null; default = null;
example = "wgnode.mydomain.example:51820"; example = "wgnode.mydomain.example";
}; };
}; };
}); });

View file

@ -6,11 +6,6 @@
... ...
}: let }: let
buildInputs = [pkgs.wgautomesh]; buildInputs = [pkgs.wgautomesh];
options.services.wgautomesh.settings.ipv6 = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Whether to use IPv6 or IPv4.";
};
prefix = "lyn"; prefix = "lyn";
@ -22,46 +17,40 @@
buildPeerlist = version: hosts: let buildPeerlist = version: hosts: let
#filter out hosts that have wg.enabled set to false #filter out hosts that have wg.enabled set to false
wgEnabledHosts = lib.filterAttrs (_: host: host.wg.enabled or false) hosts; wgEnabledHosts = lib.filterAttrs (_: host: host.wg.enabled or false) hosts;
#filter out hosts that don't support IP{$version}
filteredHosts = lib.filterAttrs (_: host: host.${version} != null) wgEnabledHosts;
in in
lib.mapAttrsToList (name: host: { lib.mapAttrsToList (name: host: {
interface =
if version == "IPv6"
then "wg1"
else "wg0";
pubkey = host.wg.pubkey; pubkey = host.wg.pubkey;
#if there is no public IP, make endpoint null so wgautomesh knows it unknown. Else format it to a SocketAddr #if there is no public IP, make endpoint null so wgautomesh knows it unknown. Else format it to a SocketAddr
endpoint = endpoint = host.${version}.public;
if host.${version}.public == "" port =
then null
else "${
if version == "IPv6" if version == "IPv6"
then "[${host.${version}.public}]" then host.wg.port_v6
else host.${version}.public else host.wg.port_v4;
}:${toString host.wg.port}";
address = host.${version}.internal; address = host.${version}.internal;
}) })
filteredHosts; wgEnabledHosts;
# helper vars to prettify # helper vars to prettify
meshnetwork = config.${prefix}.network; meshnetwork = config.${prefix}.network;
currentHost = meshnetwork.hosts.${config.networking.hostName}; currentHost = meshnetwork.hosts.${config.networking.hostName};
wireguardPort = currentHost.wg.port;
in { in {
opt = { opt = {
useIPv6 = lib.mkOption {
type = lib.types.bool;
description = "Whether to use IPv6. Defaults to true";
default = true;
};
enable_upnp = lib.mkOption { enable_upnp = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
description = "Whether to allow the wireguard port in the gateway using UPnP IGD. Necessary on some firewalls, might spam unnecessary debug messages on environments without IGD gateways."; description = "Whether to allow the wireguard port in the gateway using UPnP IGD. Necessary on some firewalls, might spam unnecessary debug messages on environments without IGD gateways.";
default = false; default = false;
}; };
}; };
config = { config = rec {
networking.firewall = { networking.firewall = {
allowedUDPPorts = allowedUDPPorts =
[ [
wireguardPort currentHost.wg.port_v4
currentHost.wg.port_v6
] ]
# UPnP broadcast responses # UPnP broadcast responses
++ ( ++ (
@ -72,11 +61,14 @@ in {
}; };
networking.wireguard.interfaces.wg0 = { networking.wireguard.interfaces.wg0 = {
ips = ips = ["${currentHost.IPv4.internal}/24"];
if cfg.useIPv6 listenPort = currentHost.wg.port_v4;
then ["${currentHost.IPv6.internal}/64"] privateKeyFile = "/var/lib/wireguard-keys/private";
else ["${currentHost.IPv4.internal}/24"]; mtu = 1280;
listenPort = wireguardPort; };
networking.wireguard.interfaces.wg1 = {
ips = ["${currentHost.IPv6.internal}/64"];
listenPort = currentHost.wg.port_v6;
privateKeyFile = "/var/lib/wireguard-keys/private"; privateKeyFile = "/var/lib/wireguard-keys/private";
mtu = 1280; mtu = 1280;
}; };
@ -84,12 +76,20 @@ in {
services.wgautomesh = { services.wgautomesh = {
enable = true; enable = true;
settings = { settings = {
interface = "wg0"; interfaces =
peers = if cfg.enable_upnp
if cfg.useIPv6 then [
then buildPeerlist "IPv6" meshnetwork.hosts {
else buildPeerlist "IPv4" meshnetwork.hosts; name = "wg0";
upnp_forward_external_port = wireguardPort; upnp_forward_external_port = config.networking.wireguard.interfaces.wg0.listenPort;
}
{
name = "wg1";
upnp_forward_external_port = config.networking.wireguard.interfaces.wg1.listenPort;
}
]
else null;
peers = buildPeerlist "IPv6" meshnetwork.hosts ++ buildPeerlist "IPv4" meshnetwork.hosts;
}; };
gossipSecretFile = gossip_secret_path; gossipSecretFile = gossip_secret_path;

21
pkgs/overlay.nix Normal file
View file

@ -0,0 +1,21 @@
inputs: final: prev: {
wgautomesh = let
toolchain = inputs.fenix-monthly.packages.${final.stdenv.hostPlatform.system}.latest.toolchain;
cargo = toolchain;
platform = final.makeRustPlatform {
rustc = toolchain;
cargo = toolchain;
};
wgam-nightly = prev.wgautomesh.override {rustPlatform = platform;};
wgam-lyn = wgam-nightly.overrideAttrs (old: rec {
src = prev.fetchFromGitHub {
owner = "lynatic1337";
repo = "wgautomesh";
rev = "53b7a6b6edc144fc0d9679ed5c756530f9883374";
hash = "sha256-3pUQbNcx/EMhsiqZ74l8Y99VrdlsLgOgcYuHb4hKOiI=";
};
cargoHash = "sha256-alsmasm";
});
in
wgam-lyn;
}