From 8e46d4cde35aa5d52d01e5481f789ab05d3cfa50 Mon Sep 17 00:00:00 2001 From: Lyn Date: Thu, 14 Nov 2024 01:48:38 +0100 Subject: [PATCH] open wireguard port; keep mtu low --- meta/hextools.nix | 87 +++++++++++++++++++++++++++++++++ meta/math.nix | 45 +++++++++++++++++ modules/services/wgautomesh.nix | 6 ++- 3 files changed, 137 insertions(+), 1 deletion(-) create mode 100644 meta/hextools.nix create mode 100644 meta/math.nix diff --git a/meta/hextools.nix b/meta/hextools.nix new file mode 100644 index 0000000..a33cb86 --- /dev/null +++ b/meta/hextools.nix @@ -0,0 +1,87 @@ +# Credits to https://github.com/Misterio77/nix-colors/blob/b92df8f5eb1fa20d8e09810c03c9dc0d94ef2820/lib/core/conversions.nix#L87 +{ + lib, + math ? import ./math.nix {inherit lib;}, +}: let + hexToDecMap = { + "0" = 0; + "1" = 1; + "2" = 2; + "3" = 3; + "4" = 4; + "5" = 5; + "6" = 6; + "7" = 7; + "8" = 8; + "9" = 9; + "a" = 10; + "b" = 11; + "c" = 12; + "d" = 13; + "e" = 14; + "f" = 15; + }; + base16To10 = exponent: scalar: scalar * math.pow 16 exponent; + /* + Converts a hexadecimal character to decimal. + Only takes a string of length 1. + + Type: hexCharToDec :: string -> int + + Args: + hex: A hexadecimal character. + + Example: + hexCharToDec "5" + => 5 + hexCharToDec "e" + => 14 + hexCharToDec "A" + => 10 + */ + hexCharToDec = hex: let + inherit (lib) toLower; + lowerHex = toLower hex; + in + if builtins.stringLength hex != 1 + then throw "Function only accepts a single character." + else if hexToDecMap ? ${lowerHex} + then hexToDecMap."${lowerHex}" + else throw "Character ${hex} is not a hexadecimal value."; +in rec { + /* + Converts from hexadecimal to decimal. + + Type: hexToDec :: string -> int + + Args: + hex: A hexadecimal string. + + Example: + hexadecimal "12" + => 18 + hexadecimal "FF" + => 255 + hexadecimal "abcdef" + => 11259375 + */ + hexToDec = hex: let + inherit (lib) stringToCharacters reverseList imap0 foldl; + decimals = builtins.map hexCharToDec (stringToCharacters hex); + decimalsAscending = reverseList decimals; + decimalsPowered = imap0 base16To10 decimalsAscending; + in + foldl builtins.add 0 decimalsPowered; + + hexToIP = inputString: let + len = builtins.stringLength inputString; + oct1 = builtins.substring (len - 4) 2 inputString; + oct2 = builtins.substring (len - 2) 2 inputString; + oct1_dec = builtins.toString (hexToDec oct1); + oct2_dec = builtins.toString (hexToDec oct2); + in "${oct1_dec}.${oct2_dec}"; + hostnameToIP = inputString: let + sha256Hash = builtins.hashString "sha256" inputString; + in + hexToIP sha256Hash; +} diff --git a/meta/math.nix b/meta/math.nix new file mode 100644 index 0000000..cb7a181 --- /dev/null +++ b/meta/math.nix @@ -0,0 +1,45 @@ +{lib}: rec { + /* + Base raised to the power of the exponent. + + Type: pow :: int or float -> int -> int + + Args: + base: The base. + exponent: The exponent. + + Example: + pow 0 1000 + => 0 + pow 1000 0 + => 1 + pow 2 30 + => 1073741824 + pow 3 3 + => 27 + pow (-5) 3 + => -125 + */ + pow = base: exponent: let + inherit (lib) mod; + in + if exponent > 1 + then let + x = pow base (exponent / 2); + odd_exp = mod exponent 2 == 1; + in + x + * x + * ( + if odd_exp + then base + else 1 + ) + else if exponent == 1 + then base + else if exponent == 0 && base == 0 + then throw "undefined" + else if exponent == 0 + then 1 + else throw "undefined"; +} diff --git a/modules/services/wgautomesh.nix b/modules/services/wgautomesh.nix index e1dfd97..e42c6b8 100644 --- a/modules/services/wgautomesh.nix +++ b/modules/services/wgautomesh.nix @@ -40,6 +40,10 @@ in { default = true; }; config = { + networking.firewall.allowedUDPPorts = [ + wireguardPort + ]; + networking.wireguard.interfaces.wg0 = { ips = if cfg.useIPv6 @@ -47,7 +51,7 @@ in { else ["${meshnetwork.wg_subnets.IPv4}"]; listenPort = wireguardPort; privateKeyFile = "/var/lib/wireguard-keys/private"; - mtu = 1420; + mtu = 1200; }; services.wgautomesh = {