diff options
| author | Max Audron <audron@cocaine.farm> | 2023-09-29 09:56:22 +0200 |
|---|---|---|
| committer | Max Audron <audron@cocaine.farm> | 2023-09-29 09:56:22 +0200 |
| commit | 7e27762b60cebe86be1135680f2b5f3e193c398c (patch) | |
| tree | 77d907063d69e485a202c4fbd64e2911a5be4527 /modules | |
| parent | test kubernetes deployment (diff) | |
merge diverged changes
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/common/default.nix | 2 | ||||
| -rw-r--r-- | modules/image/default.nix | 8 | ||||
| -rw-r--r-- | modules/wireguard/default.nix | 11 |
3 files changed, 11 insertions, 10 deletions
diff --git a/modules/common/default.nix b/modules/common/default.nix index b1df8b2..e6e68c5 100644 --- a/modules/common/default.nix +++ b/modules/common/default.nix @@ -12,7 +12,7 @@ }; # Default Packages Set - environment.systemPackages = with pkgs; [ vim htop wget nftables wireguard-tools git ]; + environment.systemPackages = with pkgs; [ git vim htop wget nftables wireguard-tools ]; # Security networking.firewall.enable = false; diff --git a/modules/image/default.nix b/modules/image/default.nix index f98afd9..d1d8543 100644 --- a/modules/image/default.nix +++ b/modules/image/default.nix @@ -1,13 +1,13 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, modulesPath, ... }: { config = { networking = { - domain = "vapor.systems"; - hostName = "image"; + domain = lib.mkDefault "vapor.systems"; + hostName = lib.mkDefault "image"; }; - system.build.image = import <nixpkgs/nixos/lib/make-disk-image.nix> { + system.build.image = import (modulesPath + "/../lib/make-disk-image.nix") { name = "vapor-systems-image"; format = "raw"; diskSize = "auto"; diff --git a/modules/wireguard/default.nix b/modules/wireguard/default.nix index 73396dc..314d53d 100644 --- a/modules/wireguard/default.nix +++ b/modules/wireguard/default.nix @@ -1,8 +1,9 @@ -{ config, lib, pkgs, nodes, builtins, ... }: +{ config, lib, pkgs, nodes, builtins, secrets, ... }: with lib; { imports = [ ./options.nix ./roaming.nix ]; + config = mkIf config.wireguard.enable ( let cfg = config.wireguard; @@ -11,11 +12,13 @@ with lib; { let attrPeers = mapAttrs (n: node: - let peer = node.config.wireguard; + let + peer = node.config.wireguard; + endpointIP = node.config.wireguard.endpoint; in { endpoint = - "${node.config.wireguard.endpoint}:${toString peer.port}"; + "${endpointIP}:${toString peer.port}"; publicKey = peer.publicKey; persistentKeepalive = 25; allowedIPs = [ @@ -53,8 +56,6 @@ with lib; { ${pkgs.nftables}/bin/nft add rule ${ifname} postrouting ip saddr ${cfg.v4.network}/${ toString cfg.v4.prefixLength } oif ${cfg.natInterface} masquerade - - ${pkgs.iproute2}/bin/ip link set ${ifname} multicast on ''; postShutdown = '' ${pkgs.nftables}/bin/nft flush table ${ifname} |