ryan
/
wirenix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
release
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'eb9c2ec79f'
${ noResults }
wirenix/examples/acl/spoke.nix

90 lines
1.9 KiB
Nix
Raw Normal View History Unescape Escape

improved documentation
1 year ago
{
version = "v1";
subnets = [
{
name = "mySpoke";
endpoints = [
{
# No match means match any
port = 51820;
}
];
}
];
groups = [
# groups field is expected, but can be empty
];
peers = [
{
name = "central";
subnets = {
mySpoke = {
listenPort = 51820;
# empty ipAddresses will auto generate an IPv6 address
};
};
publicKey = "whST3RRJziiQTIizeQW6z8fCtoiBfHK559WCY2RS4GQ=";
privateKeyFile = "/path/to/private/key"; # path is relative to the machine
endpoints = [
{
# no match can be any
ip = "192.168.1.11";
}
];
}
{
name = "leaf1";
subnets = {
mySpoke = {
listenPort = 51820;
};
};
publicKey = "AgsXp89XUz545KRZiNzCYw1Jr6WC5zIfKZnq5M+UUkM=";
privateKeyFile = "/path/to/private/key";
endpoints = [
{
# no match can be any
ip = "192.168.1.12";
}
];
}
{
name = "leaf2";
subnets = {
mySpoke = {
listenPort = 51820;
};
};
endpoints = [
{
# no match can be any
ip = "192.168.1.13";
}
];
publicKey = "1fn/kD11tWPc5VFAZn30PDM4nPoZoGPBEoVFnQdx62o=";
privateKeyFile = "/path/to/private/key";
}
{
name = "leaf3";
subnets = {
mySpoke = {
listenPort = 51820;
};
};
publicKey = "z5IfD9joAexurf2TyoKd49LrRFRN4JyCCPBAOJXqlGc=";
privateKeyFile = "/path/to/private/key";
endpoints = [
{
# no match can be any
ip = "192.168.1.14";
}
];
}
];
connections = [
{
a = [{type= "subnet"; rule = "is"; value = "mySpoke";}];
b = [{type= "peer"; rule = "is"; value = "central";}];
}
];
}