From 61b8557b723edc80f75c89ecef47aa18d5fc4e2f Mon Sep 17 00:00:00 2001 From: Lyn Date: Wed, 20 Nov 2024 21:39:42 +0100 Subject: [PATCH] fixed wireguard \o/ --- hosts/network.nix | 33 +++++++++------------------------ modules/services/wgautomesh.nix | 8 ++++---- 2 files changed, 13 insertions(+), 28 deletions(-) diff --git a/hosts/network.nix b/hosts/network.nix index 098ebb4..f60dcb1 100644 --- a/hosts/network.nix +++ b/hosts/network.nix @@ -5,12 +5,6 @@ }: let prefix = "lyn"; - #subnets routed through wireguard - wg_subnets = { - IPv4 = "10.35.0.0/24"; - IPv6 = "fd1a:acab:cafe:1337::/64"; - }; - #hosts are defined here hosts = { wg-gateway = { @@ -19,12 +13,12 @@ pubkey = "Fknzk7lltkPKJZlF3KXWKGQXXSj7CUD9ev0ZEZtpbjY="; port = 51820; }; - v4 = { + IPv4 = { public = "78.47.226.47"; # we use 10.35.0.0/16 as a range for private subnets, specifically 10.35.0.0/24 for wireguard peers internal = "10.35.0.3"; }; - v6 = { + IPv6 = { public = "2a01:4f8:1c1b:d2db::"; # 1aacabcafe is the global ID and 1337 is the wireguard peer subnet ID, resulting in the ULA fd1a:acab:cafe:1337::/64 internal = "fd1a:acab:cafe:1337:8f4c:68cd::"; @@ -36,12 +30,12 @@ pubkey = "jdfbOnP0mFWFobtQunm0h6EtqOZiar9G9jngMU7b+Co="; port = 51820; }; - v4 = { + IPv4 = { public = ""; # we use 10.35.0.0/16 as a range for private subnets, specifically 10.35.0.0/24 for wireguard peers internal = "10.35.0.2"; }; - v6 = { + IPv6 = { public = ""; # 1aacabcafe is the global ID and 1337 is the wireguard peer subnet ID, resulting in the ULA fd1a:acab:cafe:1337::/64 internal = "fd1a:acab:cafe:1337:6722:3657::"; @@ -51,15 +45,6 @@ in { options = { ${prefix} = { - network.wg_subnets.IPv4 = lib.mkOption { - type = lib.types.str; - description = "The IPv6 range that wireguard peers will use"; - }; - network.wg_subnets.IPv6 = lib.mkOption { - type = lib.types.str; - description = "The IPv4 range that wireguard peers will use"; - }; - # defining the entire hosts part as a module network.hosts = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule { @@ -86,7 +71,7 @@ in { }; description = "WireGuard configuration"; }; - v4 = lib.mkOption { + IPv4 = lib.mkOption { type = lib.types.submodule { options = { public = lib.mkOption { @@ -103,7 +88,7 @@ in { description = "IPv4 configuration"; default = {}; }; - v6 = lib.mkOption { + IPv6 = lib.mkOption { type = lib.types.submodule { options = { public = lib.mkOption { @@ -130,12 +115,12 @@ in { config = { ${prefix}.network = { - inherit hosts wg_subnets; + inherit hosts; }; assertions = [ { - assertion = lib.any (host: host.v4 != null || host.v6 != null) (lib.attrValues hosts); - message = "At least one of v4 or v6 must be defined for each host"; + assertion = lib.any (host: host.IPv4 != null || host.IPv6 != null) (lib.attrValues hosts); + message = "Either an IPv4 or IPv6 must be defined for each host"; } ]; }; diff --git a/modules/services/wgautomesh.nix b/modules/services/wgautomesh.nix index 435ea7e..14b8358 100644 --- a/modules/services/wgautomesh.nix +++ b/modules/services/wgautomesh.nix @@ -57,8 +57,8 @@ in { networking.wireguard.interfaces.wg0 = { ips = if cfg.useIPv6 - then ["${meshnetwork.wg_subnets.IPv6}"] - else ["${meshnetwork.wg_subnets.IPv4}"]; + then ["${currentHost.IPv6}/64"] + else ["${currentHost.IPv4}/24"]; listenPort = wireguardPort; privateKeyFile = "/var/lib/wireguard-keys/private"; mtu = 1200; @@ -70,8 +70,8 @@ in { interface = "wg0"; peers = if cfg.useIPv6 - then buildPeerlist "v6" meshnetwork.hosts - else buildPeerlist "v4" meshnetwork.hosts; + then buildPeerlist "IPv6" meshnetwork.hosts + else buildPeerlist "IPv4" meshnetwork.hosts; upnp_forward_external_port = wireguardPort; }; gossipSecretFile = gossip_secret_path;