ryan
/
wirenix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Generalized ip assignment to take cidr or IP

Browse Source
release
Matthew Salerno 1 year ago
parent fd2b9ce77c
commit bd52d85d2d
5 changed files with 17 additions and 7 deletions
Show Stats Download Patch File Download Diff File

3
configurers/networkd.nix
Unescape Escape View File

@ -30,7 +30,6 @@ with getKeyProviderFuncs keyProviders inputs intermediateConfig localPeerName;
}; };
wireguardConfig = { wireguardConfig = {
ListenPort = subnetConnection.listenPort; ListenPort = subnetConnection.listenPort;
# *PLEASE* do not use getPrivKeyfor anything but testing
PrivateKeyFile = getPrivKeyFile; PrivateKeyFile = getPrivKeyFile;
}; };
wireguardPeers = forEachAttrToList subnetConnection.peerConnections (remotePeerName: peerConnection: { wireguardPeers = forEachAttrToList subnetConnection.peerConnections (remotePeerName: peerConnection: {
@ -48,7 +47,7 @@ with getKeyProviderFuncs keyProviders inputs intermediateConfig localPeerName;
}); });
networks = forEachAttr' thisPeer.subnetConnections (subnetName: subnetConnection: nameValuePair "50-${shortName subnetName}" { networks = forEachAttr' thisPeer.subnetConnections (subnetName: subnetConnection: nameValuePair "50-${shortName subnetName}" {
matchConfig.Name = "${shortName subnetName}"; matchConfig.Name = "${shortName subnetName}";
address = subnetConnection.ipAddresses; address = map (address: (asCidr' "64" "24" address)) subnetConnection.ipAddresses;
}); });
}; };
} // getProviderConfig } // getProviderConfig

2
configurers/static.nix
Unescape Escape View File

@ -24,7 +24,7 @@ with getKeyProviderFuncs keyProviders inputs intermediateConfig localPeerName;
networking.wireguard = { networking.wireguard = {
interfaces = forEachAttr' thisPeer.subnetConnections (subnetName: subnetConnection: nameValuePair "${head (strings.splitString "." subnetName)}" interfaces = forEachAttr' thisPeer.subnetConnections (subnetName: subnetConnection: nameValuePair "${head (strings.splitString "." subnetName)}"
{ {
ips = subnetConnection.ipAddresses; ips = map (address: (asCidr' "64" "24" address)) subnetConnection.ipAddresses;
listenPort = subnetConnection.listenPort; listenPort = subnetConnection.listenPort;
privateKeyFile = getPrivKeyFile; privateKeyFile = getPrivKeyFile;
peers = forEachAttrToList subnetConnection.peerConnections (remotePeerName: peerConnection: peers = forEachAttrToList subnetConnection.peerConnections (remotePeerName: peerConnection:

8
lib.nix
Unescape Escape View File

@ -85,7 +85,10 @@ rec {
generateIPv6Subnet = subnetName: (addColonsToIPv6 (generateIPv6Prefix subnetName)) + "::/64"; generateIPv6Subnet = subnetName: (addColonsToIPv6 (generateIPv6Prefix subnetName)) + "::/64";
/** generates a full IPv6 address */ /** generates a full IPv6 address */
generateIPv6Address = subnetName: peerName: (addColonsToIPv6 ((generateIPv6Prefix subnetName) + (generateIPv6Suffix peerName))) + "/64"; generateIPv6Address = subnetName: peerName: (addColonsToIPv6 ((generateIPv6Prefix subnetName) + (generateIPv6Suffix peerName)));
/** generates a full IPv6 address with cidr */
generateIPv6Cidr = subnetName: peerName: (addColonsToIPv6 ((generateIPv6Prefix subnetName) + (generateIPv6Suffix peerName))) + "/64";
/** /**
* makes the intermediate config non-recursive, so it can be pretty printed and * makes the intermediate config non-recursive, so it can be pretty printed and
@ -130,5 +133,6 @@ rec {
asIp = cidr: head (filter (item: item != []) (split "/" cidr)); asIp = cidr: head (filter (item: item != []) (split "/" cidr));
isIpv6 = ip: match ".*:.*" ip != null; isIpv6 = ip: match ".*:.*" ip != null;
isCidr = cidr: match ".*/.*" cidr != null; isCidr = cidr: match ".*/.*" cidr != null;
asCidr = ip: if (isCidr ip) then ip else if isIpv6 ip then ip+"/128" else ip+"/32"; asCidr' = ifv6: ifv4: ip: if (isCidr ip) then ip else if isIpv6 ip then ip+"/"+ifv6 else ip+"/"+ifv6;
asCidr = asCidr' "128" "32";
} }

5
tests/mesh.nix
Unescape Escape View File

@ -90,10 +90,13 @@
if local_name == "node1" or local_name == "node2": if local_name == "node1" or local_name == "node2":
for remote_node in set(nodes.keys()) - set([local_name]): for remote_node in set(nodes.keys()) - set([local_name]):
local_node.wait_for_unit(f"wireguard-mesh-peer-{remote_node}") local_node.wait_for_unit(f"wireguard-mesh-peer-{remote_node}")
node1.wait_for_unit("wireguard-mesh.target")
node2.wait_for_unit("wireguard-mesh.target")
node3.wait_for_unit("systemd-networkd-wait-online") node3.wait_for_unit("systemd-networkd-wait-online")
node4.wait_for_unit("systemd-networkd-wait-online") node4.wait_for_unit("systemd-networkd-wait-online")
for local_name, local_node in nodes.items(): for local_name, local_node in nodes.items():
local_node.succeed("wg show >&2") local_node.succeed("wg showconf mesh >&2")
for local_name, local_node in nodes.items():
for remote_name in set(nodes.keys()) - set([local_name]): for remote_name in set(nodes.keys()) - set([local_name]):
local_node.succeed(f"ping -c 1 {remote_name} >&2") local_node.succeed(f"ping -c 1 {remote_name} >&2")
local_node.succeed(f"ping -c 1 {remote_name}.mesh >&2") local_node.succeed(f"ping -c 1 {remote_name}.mesh >&2")

6
tests/ring.nix
Unescape Escape View File

@ -83,8 +83,12 @@
for local_name, local_node in nodes.items(): for local_name, local_node in nodes.items():
for remote_name in connections[local_name]: for remote_name in connections[local_name]:
local_node.wait_for_unit(f"wireguard-ring-peer-{remote_name}") local_node.wait_for_unit(f"wireguard-ring-peer-{remote_name}")
node1.wait_for_unit("wireguard-ring.target")
node2.wait_for_unit("wireguard-ring.target")
node3.wait_for_unit("wireguard-ring.target")
node4.wait_for_unit("wireguard-ring.target")
for local_name, local_node in nodes.items(): for local_name, local_node in nodes.items():
local_node.succeed("wg show >&2") local_node.succeed("wg showconf ring >&2")
for remote_name in set(nodes.keys()) - set([local_name]): for remote_name in set(nodes.keys()) - set([local_name]):
local_node.succeed(f"ping -c 1 {remote_name} >&2") local_node.succeed(f"ping -c 1 {remote_name} >&2")
if remote_name in connections[local_name]: if remote_name in connections[local_name]:

Write Preview
Loading…
Cancel
Save