WIP: router: wireguard: move wg0 to vars.ifs, streamline some things

2025-06-02 00:29:17 -07:00 · 2025-06-02 00:29:17 -07:00 · fc4cd6e56f
commit fc4cd6e56f
parent fd1e7b4724
4 changed files with 31 additions and 19 deletions
--- a/hosts/router/firewall.nix
+++ b/hosts/router/firewall.nix
@ -13,7 +13,7 @@ let
        ${ifs.lan30.name},
        ${ifs.lan40.name},
        ${ifs.lan50.name},
-        wg0,
+        ${ifs.wg0.name},
    }
    define OPNSENSE_NET6 = ${vars.extra.opnsense.net6}
    define ZONE_LAN_EXTRA_NET6 = {
--- a/hosts/router/ifconfig.nix
+++ b/hosts/router/ifconfig.nix
@ -83,7 +83,7 @@ in
      ia_pd 30/${ifs.lan30.net6} -
      ia_pd 40/${ifs.lan40.net6} -
      ia_pd 50/${ifs.lan50.net6} -
-      # ia_pd 7 -
+      ia_pd 100/${pdFromWan}8::/64 -  # for vpn stuff
      # ia_pd 8 -

      # the leases can be assigned to the interfaces,
--- a/hosts/router/vars.nix
+++ b/hosts/router/vars.nix
@ -5,8 +5,11 @@ let
    name_,
    domain_,
    p4_,  # /24
+    p4Size_ ? 24,
    p6_,  # /64
+    p6Size_ ? 64,
    ulaPrefix_,  # /64
+    ulaSize_ ? 64,
    token? 1,
    ip6Token_? "::${toString token}",
    ulaToken_? "::${toString token}",
@ -14,18 +17,18 @@ let
      name = name_;
      domain = domain_;
      p4 = p4_;
-      p4Size = 24;
+      p4Size = p4Size_;
      net4 = "${p4}.0/${toString p4Size}";
      addr4 = "${p4}.${toString token}";
      addr4Sized = "${addr4}/${toString p4Size}";
      p6 = p6_;
-      p6Size = 64;
+      p6Size = p6Size_;
      net6 = "${p6}::/${toString p6Size}";
      ip6Token = ip6Token_;
      addr6 = "${p6}${ip6Token}";
      addr6Sized = "${addr6}/${toString p6Size}";
      ulaPrefix = ulaPrefix_;
-      ulaSize = 64;
+      ulaSize = ulaSize_;
      ulaNet = "${ulaPrefix}::/${toString ulaSize}";
      ulaToken = ulaToken_;
      ulaAddr = "${ulaPrefix}${ulaToken}";
@ -97,17 +100,14 @@ rec {
      p6_ = "${pdFromWan}a";             # ::/64
      ulaPrefix_ = "${ulaPrefix}:0050";  # ::/64
    };
-  };
-
-  wg = {
-    wg0 = rec {
-      name = "wg0";
-      p4 = "10.18.16";  # .0/24
-      addr4 = "${p4}.1";
-      addr4Sized = "${addr4}/24";
-      p6 = "${pdFromWan}f::6";  # :0:0/96
-      addr6 = "${p6}:0:1";
-      addr6Sized = "${addr6}/96";
+    wg0 = mkIfConfig {
+      name_ = "wg0";
+      domain_ = "wg0.${ldomain}";
+      p4_ = "10.18.16";  # .0/24
+      p6_ = "${pdFromWan}8:0:6";  # ::/96
+      p6Size_ = 96;
+      ulaPrefix_ = "${ulaPrefix}:0100:0:6";  # ::/96
+      ulaSize_ = 96;
    };
  };

--- a/hosts/router/wireguard.nix
+++ b/hosts/router/wireguard.nix
@ -1,11 +1,23 @@
 { config, lib, pkgs, ... }:
 let
  vars = import ./vars.nix;
-  wg0 = vars.wg.wg0;
+  wg0 = vars.ifs.wg0;
+
+  peerIps = ifObj: token: [
+    "${ifObj.p4}.${toString token}/32"
+    "${ifObj.p6}:${toString token}:0/112"
+    "${ifObj.ulaPrefix}:${toString token}:0/112"
+  ];
+
+  mkWg0Peer = token: publickey: {
+    allowedIPs = peerIps wg0 token;
+    inherit publickey;
+    pskEnabled = true;
+  };

  wg0Peers = {
    "Yura-TPX13" = {
-      allowedIPs = [ "${wg0.p4}.3/32" "${wg0.p6}:3:0/112" ];
+      allowedIPs = peerIps wg0 3;
      publicKey = "iJa5JmJbMHNlbEluNwoB2Q8LyrPAfb7S/mluanMcI08=";
      pskEnabled = true;
    };
@ -60,7 +72,7 @@ in
      networkConfig = {
        IPv4Forwarding = true;
        IPv6SendRA = false;
-        Address = [ wg0.addr4Sized wg0.addr6Sized ];
+        Address = [ wg0.addr4Sized wg0.addr6Sized wg0.ulaAddrSized ];
      };
    };
  };