diff options
| author | Max Audron <audron@cocaine.farm> | 2023-09-29 09:56:22 +0200 |
|---|---|---|
| committer | Max Audron <audron@cocaine.farm> | 2023-09-29 09:56:22 +0200 |
| commit | 7e27762b60cebe86be1135680f2b5f3e193c398c (patch) | |
| tree | 77d907063d69e485a202c4fbd64e2911a5be4527 /modules/wireguard/default.nix | |
| parent | test kubernetes deployment (diff) | |
merge diverged changes
Diffstat (limited to 'modules/wireguard/default.nix')
| -rw-r--r-- | modules/wireguard/default.nix | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/modules/wireguard/default.nix b/modules/wireguard/default.nix index 73396dc..314d53d 100644 --- a/modules/wireguard/default.nix +++ b/modules/wireguard/default.nix @@ -1,8 +1,9 @@ -{ config, lib, pkgs, nodes, builtins, ... }: +{ config, lib, pkgs, nodes, builtins, secrets, ... }: with lib; { imports = [ ./options.nix ./roaming.nix ]; + config = mkIf config.wireguard.enable ( let cfg = config.wireguard; @@ -11,11 +12,13 @@ with lib; { let attrPeers = mapAttrs (n: node: - let peer = node.config.wireguard; + let + peer = node.config.wireguard; + endpointIP = node.config.wireguard.endpoint; in { endpoint = - "${node.config.wireguard.endpoint}:${toString peer.port}"; + "${endpointIP}:${toString peer.port}"; publicKey = peer.publicKey; persistentKeepalive = 25; allowedIPs = [ @@ -53,8 +56,6 @@ with lib; { ${pkgs.nftables}/bin/nft add rule ${ifname} postrouting ip saddr ${cfg.v4.network}/${ toString cfg.v4.prefixLength } oif ${cfg.natInterface} masquerade - - ${pkgs.iproute2}/bin/ip link set ${ifname} multicast on ''; postShutdown = '' ${pkgs.nftables}/bin/nft flush table ${ifname} |