pyrox.dev / nix
My Nix Configuration
fork atom
nix / hosts / prefect / dn42 / wireguard.nix
at dc503dfb275f70603f9d184eab6f231a54afcac6 1.9 kB view raw
1{ pkgs, lib, ... }: 2let 3 defaultLocalIPv4 = "172.20.43.96/32"; 4 defaultLocalIPv6 = "fe80::1/64"; 5 privKeyFile = "/run/agenix/dn42-privkey"; 6 # deadnix: skip 7 defaultPubKey = "e6kp9sca4XIzncKa9GEQwyOnMjje299Xg9ZdgXWMwHg="; 8in 9{ 10 environment.systemPackages = [ pkgs.wireguard-tools ]; 11 12 networking.wireguard.interfaces = import ./tunnels.nix rec { 13 customTunnel = 14 listenPort: privKeyFile: peerPubKey: endpoint: name: peerIPv4: peerIPv6: localIPv4: localIPv6: isOspf: { 15 inherit listenPort; 16 privateKeyFile = privKeyFile; 17 allowedIPsAsRoutes = false; 18 peers = [ 19 { 20 inherit endpoint; 21 publicKey = peerPubKey; 22 allowedIPs = [ 23 "0.0.0.0/0" 24 "::/0" 25 ]; 26 dynamicEndpointRefreshSeconds = 5; 27 persistentKeepalive = 15; 28 } 29 ]; 30 postSetup = 31 '' 32 ${ 33 if peerIPv4 != "" then 34 "${pkgs.iproute2}/bin/ip addr add ${localIPv4} peer ${peerIPv4} dev ${name}" 35 else 36 "" 37 } 38 ${ 39 if peerIPv6 != "" then 40 "${pkgs.iproute2}/bin/ip -6 addr add ${localIPv6} peer ${peerIPv6} dev ${name}" 41 else 42 "" 43 } 44 '' 45 + lib.optionalString isOspf "${pkgs.iproute2}/bin/ip -6 addr add ${defaultLocalIPv6} dev ${name}"; 46 }; 47 # deadnix: skip 48 tunnel = 49 listenPort: privKey: peerPubKey: localIPv4: localIPv6: endpoint: name: peerIPv4: peerIPv6: 50 customTunnel listenPort privKeyFile peerPubKey endpoint name peerIPv4 peerIPv6 localIPv4 localIPv6 51 false; 52 # deadnix: skip 53 ospf = 54 listenPort: privKey: peerPubKey: endpoint: name: peerIPv4: peerIPv6: ULAIPv6: 55 customTunnel listenPort privKeyFile peerPubKey endpoint name peerIPv4 peerIPv6 defaultLocalIPv4 56 ULAIPv6 57 true; 58 }; 59}