more fixes, some QOL features

release
Matthew Salerno 1 year ago
parent 695a65b8d0
commit 03aa0704b4

@ -8,6 +8,7 @@ let
# these aren't really important, I just wanted to reverse the argument order # these aren't really important, I just wanted to reverse the argument order
forEachAttr' = flip mapAttrs'; forEachAttr' = flip mapAttrs';
forEachAttrToList = flip mapAttrsToList; forEachAttrToList = flip mapAttrsToList;
mergeIf = attr: key: if builtins.hasAttr key attr then {"${key}" = attr."${key}";} else {};
in in
{ {
networking.wireguard = { networking.wireguard = {
@ -16,23 +17,17 @@ in
ips = subnetConnection.ipAddresses; ips = subnetConnection.ipAddresses;
listenPort = subnetConnection.listenPort; listenPort = subnetConnection.listenPort;
privateKeyFile = thisPeer.privateKeyFile; privateKeyFile = thisPeer.privateKeyFile;
peers = forEachAttrToList subnetConnection.peerConnections (peerName: peerConnection: mkMerge [ peers = forEachAttrToList subnetConnection.peerConnections (peerName: peerConnection:
{ {
name = peerName; name = peerName;
publicKey = peerConnection.peer.publicKey; publicKey = peerConnection.peer.publicKey;
allowedIPs = peerConnection.ipAddresses; allowedIPs = peerConnection.ipAddresses;
endpoint = "${peerConnection.endpoint.ip}:${peerConnection.endpoint.port}"; endpoint = "${peerConnection.endpoint.ip}:${builtins.toString peerConnection.endpoint.port}";
} } //
mkIf (peerConnection.endpoint ? persistentKeepalive) { (mergeIf peerConnection.endpoint "persistentKeepalive") //
persistentKeepalive = peerConnection.endpoint.persistentKeepalive; (mergeIf peerConnection.endpoint "dynamicEndpointRefreshSeconds") //
} (mergeIf peerConnection.endpoint "dynamicEndpointRefreshRestartSeconds")
mkIf (peerConnection.endpoint ? dynamicEndpointRefreshSeconds) { );
dynamicEndpointRefreshSeconds = peerConnection.endpoint.dynamicEndpointRefreshSeconds;
}
mkIf (peerConnection.endpoint ? dynamicEndpointRefreshRestartSeconds) {
dynamicEndpointRefreshRestartSeconds = peerConnection.endpoint.dynamicEndpointRefreshRestartSeconds;
}
]);
};} };}
); );
}; };

@ -1,6 +1,5 @@
{ {
description = "Do we have agnenix-rekey?"; description = "A wireguard network creation tool";
outputs = { self, ... }: outputs = { self, ... }:
{ {
wirenix.lib = import ./lib.nix; wirenix.lib = import ./lib.nix;

@ -67,4 +67,24 @@ rec {
/** generates a full IPv6 address */ /** generates a full IPv6 address */
generateIPv6Address = subnetName: peerName: (addColonsToIPv6 ((generateIPv6Prefix subnetName) + (generateIPv6Suffix peerName))) + "/80"; generateIPv6Address = subnetName: peerName: (addColonsToIPv6 ((generateIPv6Prefix subnetName) + (generateIPv6Suffix peerName))) + "/80";
/**
* makes the intermediate config non-recursive, so it can be pretty printed and
* inspected in the repl. Also helps with testing as it forces evaluation of the config.
*/
breakIntermediateRecursion = intermediateConfig:
let recurse = parentName:
mapAttrs (name: value:
if typeOf value == "set" then
if elem name [ "peer" "subnet" "group" "groups" ] then
"${name}s.${parentName}"
else if elem parentName ["peers"] then
"${parentName}.${name}"
else
recurse name value
else
value
);
in
mapAttrs (name: value: recurse "" value) intermediateConfig;
} }

@ -16,7 +16,7 @@ let
publicKey = acl_peer.publicKey; publicKey = acl_peer.publicKey;
privateKeyFile = acl_peer.privateKeyFile; privateKeyFile = acl_peer.privateKeyFile;
} // } //
(if acl_peer ? groups then {groups = map groupFromName acl_peer.groups;} else {groups = [];}); (if acl_peer ? groups then {groups = map groupFromName acl_peer.groups;} else {groups = {};});
/** parseGroup :: acl_group -> ic_group */ /** parseGroup :: acl_group -> ic_group */
parseGroup = acl_group: { parseGroup = acl_group: {
@ -32,18 +32,18 @@ let
getSubnetConnectionAndName = acl_peer: acl_subnet: { getSubnetConnectionAndName = acl_peer: acl_subnet: {
name = acl_subnet.name; # name gets removed shortly after, name is not in the actual subnetConnection object name = acl_subnet.name; # name gets removed shortly after, name is not in the actual subnetConnection object
subnet = parseSubnet acl_subnet; subnet = parseSubnet acl_subnet;
ipAddresses = getIpAddresses acl_peer acl_subnet; ipAddresses = getIpAddresses acl_subnet acl_peer;
listenPort = acl_peer.subnets."${acl_subnet.name}".listenPort; listenPort = acl_peer.subnets."${acl_subnet.name}".listenPort;
peerConnections = getPeerConnections acl_peer acl_subnet; peerConnections = getPeerConnections acl_peer acl_subnet;
} // (if acl_peer.subnets."${acl_subnet.name}" ? extraArgs then {extraArgs = acl_peer.subnets."${acl_subnet.name}".extraArgs;} else {}); } // (if acl_peer.subnets."${acl_subnet.name}" ? extraArgs then {extraArgs = acl_peer.subnets."${acl_subnet.name}".extraArgs;} else {});
/** getIpAddresses :: acl_peer -> acl_subnet -> [str] */ /** getIpAddresses :: acl_peer -> acl_subnet -> [str] */
getIpAddresses = acl_peer: acl_subnet: getIpAddresses = acl_subnet: acl_peer:
if (acl_peer.subnets."${acl_subnet.name}" ? ipAddresses) then ( if (acl_peer.subnets."${acl_subnet.name}" ? ipAddresses) then (
if (elem "auto" acl_peer.subnets."${acl_subnet.name}".ipAddresses) then ( if (elem "auto" acl_peer.subnets."${acl_subnet.name}".ipAddresses) then (
(remove "auto" acl_peer.subnets."${acl_subnet.name}".ipAddresses) ++ (singleton (generateIPv6Address acl_peer.name acl_subnet.name)) (remove "auto" acl_peer.subnets."${acl_subnet.name}".ipAddresses) ++ (singleton (generateIPv6Address acl_subnet.name acl_peer.name))
) else acl_peer.subnets."${acl_subnet.name}".ipAddresses ) else acl_peer.subnets."${acl_subnet.name}".ipAddresses
) else (singleton (generateIPv6Address acl_peer.name acl_subnet.name)); ) else (singleton (generateIPv6Address acl_subnet.name acl_peer.name));
/** getPeerConnections :: acl_peer -> acl_subnet -> str -> peerConnection */ /** getPeerConnections :: acl_peer -> acl_subnet -> str -> peerConnection */
getPeerConnections = acl_peerFrom: acl_subnet: getPeerConnections = acl_peerFrom: acl_subnet:
@ -69,7 +69,7 @@ let
{ {
name = acl_peerTo.name; name = acl_peerTo.name;
peer = parsePeer acl_peerTo; peer = parsePeer acl_peerTo;
ipAddresses = getIpAddresses acl_peerTo acl_subnet; ipAddresses = getIpAddresses acl_subnet acl_peerTo;
endpoint = getEndpoint acl_subnet acl_peerFrom acl_peerTo; endpoint = getEndpoint acl_subnet acl_peerFrom acl_peerTo;
} // (if extraArgs == {} then {} else {inherit extraArgs;}) } // (if extraArgs == {} then {} else {inherit extraArgs;})
) allOtherPeers); ) allOtherPeers);
@ -133,4 +133,4 @@ in
peers = mapListOfSetsToSetByKey "name" parsePeer v1_acl.peers; peers = mapListOfSetsToSetByKey "name" parsePeer v1_acl.peers;
subnets = mapListOfSetsToSetByKey "name" parseSubnet v1_acl.subnets; subnets = mapListOfSetsToSetByKey "name" parseSubnet v1_acl.subnets;
groups = mapListOfSetsToSetByKey "name" parseGroup v1_acl.groups; groups = mapListOfSetsToSetByKey "name" parseGroup v1_acl.groups;
} } // (if v1_acl ? extraArgs then {extraArgs = v1_acl.extraArgs;} else {})

@ -66,5 +66,5 @@ with import ./lib.nix;
configurer = configurers."${config.modules.wirenix.configurer}" inputs; configurer = configurers."${config.modules.wirenix.configurer}" inputs;
in in
lib.mkIf (config.modules.wirenix.enable) lib.mkIf (config.modules.wirenix.enable)
configurer (parser acl); configurer (parser acl) config.modules.wirenix.peerName;
} }
Loading…
Cancel
Save