From fd2b9ce77cf1492463413e8bc0a9797226f9ddd0 Mon Sep 17 00:00:00 2001 From: Matthew Salerno Date: Thu, 14 Sep 2023 13:50:11 -0400 Subject: [PATCH] Generalized ip assignment to take cidr or IP --- configurers/networkd.nix | 4 ++-- configurers/static.nix | 4 ++-- lib.nix | 5 ++++- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/configurers/networkd.nix b/configurers/networkd.nix index 216d1b7..3ba6fc2 100644 --- a/configurers/networkd.nix +++ b/configurers/networkd.nix @@ -20,7 +20,7 @@ in with getKeyProviderFuncs keyProviders inputs intermediateConfig localPeerName; { networking.extraHosts = concatStringsSep "\n" (concatLists ( concatLists (forEachAttrToList thisPeer.subnetConnections (subnetName: subnetConnection: - forEachAttrToList subnetConnection.peerConnections (remotePeerName: peerConnection: forEach peerConnection.ipAddresses (ip: "${cidr2ip ip} ${remotePeerName}.${subnetName}")) + forEachAttrToList subnetConnection.peerConnections (remotePeerName: peerConnection: forEach peerConnection.ipAddresses (ip: "${asIp ip} ${remotePeerName}.${subnetName}")) )))); systemd.network = { netdevs = forEachAttr' thisPeer.subnetConnections (subnetName: subnetConnection: nameValuePair "50-${shortName subnetName}" { @@ -37,7 +37,7 @@ with getKeyProviderFuncs keyProviders inputs intermediateConfig localPeerName; wireguardPeerConfig = { Endpoint = "${peerConnection.endpoint.ip}:${builtins.toString peerConnection.endpoint.port}"; PublicKey = getPeerPubKey remotePeerName; - AllowedIPs = map (ip: cidr2ip ip + (if match ".*:.*" ip != null then "/128" else "/32")) peerConnection.ipAddresses; + AllowedIPs = map (ip: asCidr ip) peerConnection.ipAddresses; PresharedKeyFile = getSubnetPSKFile subnetName; }; } diff --git a/configurers/static.nix b/configurers/static.nix index afc659a..cae5269 100644 --- a/configurers/static.nix +++ b/configurers/static.nix @@ -19,7 +19,7 @@ in with getKeyProviderFuncs keyProviders inputs intermediateConfig localPeerName; { networking.extraHosts = concatStringsSep "\n" (concatLists ( concatLists (forEachAttrToList thisPeer.subnetConnections (subnetName: subnetConnection: - forEachAttrToList subnetConnection.peerConnections (remotePeerName: peerConnection: forEach peerConnection.ipAddresses (ip: "${cidr2ip ip} ${remotePeerName}.${subnetName}")) + forEachAttrToList subnetConnection.peerConnections (remotePeerName: peerConnection: forEach peerConnection.ipAddresses (ip: "${asIp ip} ${remotePeerName}.${subnetName}")) )))); networking.wireguard = { interfaces = forEachAttr' thisPeer.subnetConnections (subnetName: subnetConnection: nameValuePair "${head (strings.splitString "." subnetName)}" @@ -32,7 +32,7 @@ with getKeyProviderFuncs keyProviders inputs intermediateConfig localPeerName; name = remotePeerName; publicKey = getPeerPubKey remotePeerName; presharedKeyFile = getSubnetPSKFile subnetName; - allowedIPs = map ( ip: cidr2ip ip + (if match ".*:.*" ip != null then "/128" else "/32")) peerConnection.ipAddresses; + allowedIPs = map ( ip: asCidr ip) peerConnection.ipAddresses; endpoint = "${peerConnection.endpoint.ip}:${builtins.toString peerConnection.endpoint.port}"; } // (mergeIf peerConnection.endpoint "persistentKeepalive") diff --git a/lib.nix b/lib.nix index 5834391..68c2b53 100644 --- a/lib.nix +++ b/lib.nix @@ -127,5 +127,8 @@ rec { }; mergeIf = attr: key: if builtins.hasAttr key attr then {"${key}" = attr."${key}";} else {}; - cidr2ip = cidr: head (filter (item: item != []) (split "/" cidr)); + asIp = cidr: head (filter (item: item != []) (split "/" cidr)); + isIpv6 = ip: match ".*:.*" ip != null; + isCidr = cidr: match ".*/.*" cidr != null; + asCidr = ip: if (isCidr ip) then ip else if isIpv6 ip then ip+"/128" else ip+"/32"; } \ No newline at end of file