CaZzzer/nix-conf
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

WIP: router: wireguard: move wg0 to vars.ifs, streamline some things

Browse Source
This commit is contained in:
Yuri Tatishchev 2025-06-02 00:29:17 -07:00
parent fd1e7b4724
commit fc4cd6e56f
Signed by: CaZzzer
SSH Key Fingerprint: SHA256:sqXB3fe0LMpfH+IeM/vlmxKdso52kssrIJBlwKXVe1U
4 changed files with 31 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/router/firewall.nix
View File

@ -13,7 +13,7 @@ let
${ifs.lan30.name}, ${ifs.lan30.name},
${ifs.lan40.name}, ${ifs.lan40.name},
${ifs.lan50.name}, ${ifs.lan50.name},
wg0, ${ifs.wg0.name},
} }
define OPNSENSE_NET6 = ${vars.extra.opnsense.net6} define OPNSENSE_NET6 = ${vars.extra.opnsense.net6}
define ZONE_LAN_EXTRA_NET6 = { define ZONE_LAN_EXTRA_NET6 = {

2
hosts/router/ifconfig.nix
View File

@ -83,7 +83,7 @@ in
ia_pd 30/${ifs.lan30.net6} - ia_pd 30/${ifs.lan30.net6} -
ia_pd 40/${ifs.lan40.net6} - ia_pd 40/${ifs.lan40.net6} -
ia_pd 50/${ifs.lan50.net6} - ia_pd 50/${ifs.lan50.net6} -
# ia_pd 7 - ia_pd 100/${pdFromWan}8::/64 - # for vpn stuff
# ia_pd 8 - # ia_pd 8 -
# the leases can be assigned to the interfaces, # the leases can be assigned to the interfaces,

28
hosts/router/vars.nix
View File

@ -5,8 +5,11 @@ let
name_, name_,
domain_, domain_,
p4_, # /24 p4_, # /24
p4Size_ ? 24,
p6_, # /64 p6_, # /64
p6Size_ ? 64,
ulaPrefix_, # /64 ulaPrefix_, # /64
ulaSize_ ? 64,
token? 1, token? 1,
ip6Token_? "::${toString token}", ip6Token_? "::${toString token}",
ulaToken_? "::${toString token}", ulaToken_? "::${toString token}",
@ -14,18 +17,18 @@ let
name = name_; name = name_;
domain = domain_; domain = domain_;
p4 = p4_; p4 = p4_;
p4Size = 24; p4Size = p4Size_;
net4 = "${p4}.0/${toString p4Size}"; net4 = "${p4}.0/${toString p4Size}";
addr4 = "${p4}.${toString token}"; addr4 = "${p4}.${toString token}";
addr4Sized = "${addr4}/${toString p4Size}"; addr4Sized = "${addr4}/${toString p4Size}";
p6 = p6_; p6 = p6_;
p6Size = 64; p6Size = p6Size_;
net6 = "${p6}::/${toString p6Size}"; net6 = "${p6}::/${toString p6Size}";
ip6Token = ip6Token_; ip6Token = ip6Token_;
addr6 = "${p6}${ip6Token}"; addr6 = "${p6}${ip6Token}";
addr6Sized = "${addr6}/${toString p6Size}"; addr6Sized = "${addr6}/${toString p6Size}";
ulaPrefix = ulaPrefix_; ulaPrefix = ulaPrefix_;
ulaSize = 64; ulaSize = ulaSize_;
ulaNet = "${ulaPrefix}::/${toString ulaSize}"; ulaNet = "${ulaPrefix}::/${toString ulaSize}";
ulaToken = ulaToken_; ulaToken = ulaToken_;
ulaAddr = "${ulaPrefix}${ulaToken}"; ulaAddr = "${ulaPrefix}${ulaToken}";
@ -97,17 +100,14 @@ rec {
p6_ = "${pdFromWan}a"; # ::/64 p6_ = "${pdFromWan}a"; # ::/64
ulaPrefix_ = "${ulaPrefix}:0050"; # ::/64 ulaPrefix_ = "${ulaPrefix}:0050"; # ::/64
}; };
}; wg0 = mkIfConfig {
name_ = "wg0";
wg = { domain_ = "wg0.${ldomain}";
wg0 = rec { p4_ = "10.18.16"; # .0/24
name = "wg0"; p6_ = "${pdFromWan}8:0:6"; # ::/96
p4 = "10.18.16"; # .0/24 p6Size_ = 96;
addr4 = "${p4}.1"; ulaPrefix_ = "${ulaPrefix}:0100:0:6"; # ::/96
addr4Sized = "${addr4}/24"; ulaSize_ = 96;
p6 = "${pdFromWan}f::6"; # :0:0/96
addr6 = "${p6}:0:1";
addr6Sized = "${addr6}/96";
}; };
}; };

18
hosts/router/wireguard.nix
View File

@ -1,11 +1,23 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
vars = import ./vars.nix; vars = import ./vars.nix;
wg0 = vars.wg.wg0; wg0 = vars.ifs.wg0;
peerIps = ifObj: token: [
"${ifObj.p4}.${toString token}/32"
"${ifObj.p6}:${toString token}:0/112"
"${ifObj.ulaPrefix}:${toString token}:0/112"
];
mkWg0Peer = token: publickey: {
allowedIPs = peerIps wg0 token;
inherit publickey;
pskEnabled = true;
};
wg0Peers = { wg0Peers = {
"Yura-TPX13" = { "Yura-TPX13" = {
allowedIPs = [ "${wg0.p4}.3/32" "${wg0.p6}:3:0/112" ]; allowedIPs = peerIps wg0 3;
publicKey = "iJa5JmJbMHNlbEluNwoB2Q8LyrPAfb7S/mluanMcI08="; publicKey = "iJa5JmJbMHNlbEluNwoB2Q8LyrPAfb7S/mluanMcI08=";
pskEnabled = true; pskEnabled = true;
}; };
@ -60,7 +72,7 @@ in
networkConfig = { networkConfig = {
IPv4Forwarding = true; IPv4Forwarding = true;
IPv6SendRA = false; IPv6SendRA = false;
Address = [ wg0.addr4Sized wg0.addr6Sized ]; Address = [ wg0.addr4Sized wg0.addr6Sized wg0.ulaAddrSized ];
}; };
}; };
}; };