ryan
/
wirenix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add networkd

Browse Source
release
Matthew Salerno 1 year ago
parent 630ce0585b
commit 6c047213c0
5 changed files with 51 additions and 13 deletions
Show Stats Download Patch File Download Diff File

44
configurers/networkd.nix
Unescape Escape View File

@ -3,3 +3,47 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this * License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/. * file, You can obtain one at https://mozilla.org/MPL/2.0/.
*/ */
{lib, ...}@inputs: keyProviders: intermediateConfig: peerName:
with lib.trivial;
with lib.attrsets;
with lib.lists;
with lib;
with builtins;
with import ../lib.nix;
let
thisPeer = intermediateConfig.peers."${peerName}";
# these aren't really important, I just wanted to reverse the argument order
forEachAttr' = flip mapAttrs';
forEachAttrToList = flip mapAttrsToList;
in
with getKeyProviderFuncs keyProviders inputs intermediateConfig peerName;
{
systemd.network = {
netdevs = forEachAttr' thisPeer.subnetConnections (subnetName: subnetConnection: nameValuePair "50-wn-${subnetName}" {
netdevConfig = {
Kind = "wireguard";
Name = "wn-${subnetName}";
};
wireguardConfig = {
PrivateKeyFile = getPrivKeyFile;
ListenPort = subnetConnection.listenPort;
};
wireguardPeers = forEachAttrToList subnetConnection.peerConnections (otherPeerName: peerConnection: {
wireguardPeerConfig = {
Endpoint = "${peerConnection.endpoint.ip}:${builtins.toString peerConnection.endpoint.port}";
PublicKey = getPeerPubKey otherPeerName;
AllowedIPs = peerConnection.ipAddresses;
PresharedKeyFile = getSubnetPSKFile subnetName;
};
}
// (if peerConnection.endpoint ? persistentKeepalive then {PersistentKeepalive = peerConnection.endpoint.persistentKeepalive;} else {})
// (warnIf (peerConnection.endpoint ? dynamicEndpointRefreshSeconds) "dynamicEndpointRefreshSeconds not supported for networkd" {})
// (warnIf (peerConnection.endpoint ? dynamicEndpointRefreshRestartSeconds) "dynamicEndpointRefreshRestartSeconds not supported for networkd" {})
);
});
networks = forEachAttr' thisPeer.subnetConnections (subnetName: subnetConnection: nameValuePair "${subnetName}" {
matchConfig.Name = "wn-${subnetName}";
address = subnetConnection.ipAddresses;
});
};
} // getProviderConfig

5
configurers/networkmanager.nix
Unescape Escape View File

@ -1,5 +0,0 @@
/*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*/

6
configurers/static.nix
Unescape Escape View File

@ -19,8 +19,8 @@ in
with getKeyProviderFuncs keyProviders inputs intermediateConfig peerName; with getKeyProviderFuncs keyProviders inputs intermediateConfig peerName;
{ {
networking.wireguard = { networking.wireguard = {
interfaces = forEachAttr' thisPeer.subnetConnections (subnetName: subnetConnection: { name = "wn-${subnetName}"; interfaces = forEachAttr' thisPeer.subnetConnections (subnetName: subnetConnection: nameValuePair "wn-${subnetName}"
value = { {
ips = subnetConnection.ipAddresses; ips = subnetConnection.ipAddresses;
listenPort = subnetConnection.listenPort; listenPort = subnetConnection.listenPort;
privateKeyFile = getPrivKeyFile; privateKeyFile = getPrivKeyFile;
@ -36,7 +36,7 @@ with getKeyProviderFuncs keyProviders inputs intermediateConfig peerName;
// (mergeIf peerConnection.endpoint "dynamicEndpointRefreshSeconds") // (mergeIf peerConnection.endpoint "dynamicEndpointRefreshSeconds")
// (mergeIf peerConnection.endpoint "dynamicEndpointRefreshRestartSeconds") // (mergeIf peerConnection.endpoint "dynamicEndpointRefreshRestartSeconds")
); );
};} }
); );
}; };
} // getProviderConfig } // getProviderConfig

1
lib.nix
Unescape Escape View File

@ -27,7 +27,6 @@ rec {
defaultConfigurers = { defaultConfigurers = {
static = import ./configurers/static.nix; static = import ./configurers/static.nix;
networkd = import ./configurers/networkd.nix; networkd = import ./configurers/networkd.nix;
network-manager = import ./configurers/networkmanager.nix;
}; };
/** Builtin key providers */ /** Builtin key providers */
defaultKeyProviders = { defaultKeyProviders = {

6
wire.nix
Unescape Escape View File

@ -47,14 +47,14 @@ in
type = types.str; type = types.str;
description = mdDoc '' description = mdDoc ''
Configurer to use. Builtin values can be Configurer to use. Builtin values can be
"static" "networkd" or "network-manager" "static" or "networkd". Or, you can put
Or you can put your own configurer here. your own configurer that you registered in
`additionalConfigurers` here.
''; '';
}; };
keyProviders = mkOption { keyProviders = mkOption {
default = ["acl"]; default = ["acl"];
type = with types; listOf str; type = with types; listOf str;
defaultText = literalExpression "[ "acl" ]";
description = mdDoc '' description = mdDoc ''
List of key providers. Key providers will be queried in order. List of key providers. Key providers will be queried in order.
Builtin providers are `wirenix.lib.defaultKeyProviders.acl` Builtin providers are `wirenix.lib.defaultKeyProviders.acl`

Write Preview
Loading…
Cancel
Save