Generalized ip assignment to take cidr or IP

release
Matthew Salerno 1 year ago
parent 57f8e0e974
commit fd2b9ce77c

@ -20,7 +20,7 @@ in
with getKeyProviderFuncs keyProviders inputs intermediateConfig localPeerName; with getKeyProviderFuncs keyProviders inputs intermediateConfig localPeerName;
{ {
networking.extraHosts = concatStringsSep "\n" (concatLists ( concatLists (forEachAttrToList thisPeer.subnetConnections (subnetName: subnetConnection: networking.extraHosts = concatStringsSep "\n" (concatLists ( concatLists (forEachAttrToList thisPeer.subnetConnections (subnetName: subnetConnection:
forEachAttrToList subnetConnection.peerConnections (remotePeerName: peerConnection: forEach peerConnection.ipAddresses (ip: "${cidr2ip ip} ${remotePeerName}.${subnetName}")) forEachAttrToList subnetConnection.peerConnections (remotePeerName: peerConnection: forEach peerConnection.ipAddresses (ip: "${asIp ip} ${remotePeerName}.${subnetName}"))
)))); ))));
systemd.network = { systemd.network = {
netdevs = forEachAttr' thisPeer.subnetConnections (subnetName: subnetConnection: nameValuePair "50-${shortName subnetName}" { netdevs = forEachAttr' thisPeer.subnetConnections (subnetName: subnetConnection: nameValuePair "50-${shortName subnetName}" {
@ -37,7 +37,7 @@ with getKeyProviderFuncs keyProviders inputs intermediateConfig localPeerName;
wireguardPeerConfig = { wireguardPeerConfig = {
Endpoint = "${peerConnection.endpoint.ip}:${builtins.toString peerConnection.endpoint.port}"; Endpoint = "${peerConnection.endpoint.ip}:${builtins.toString peerConnection.endpoint.port}";
PublicKey = getPeerPubKey remotePeerName; PublicKey = getPeerPubKey remotePeerName;
AllowedIPs = map (ip: cidr2ip ip + (if match ".*:.*" ip != null then "/128" else "/32")) peerConnection.ipAddresses; AllowedIPs = map (ip: asCidr ip) peerConnection.ipAddresses;
PresharedKeyFile = getSubnetPSKFile subnetName; PresharedKeyFile = getSubnetPSKFile subnetName;
}; };
} }

@ -19,7 +19,7 @@ in
with getKeyProviderFuncs keyProviders inputs intermediateConfig localPeerName; with getKeyProviderFuncs keyProviders inputs intermediateConfig localPeerName;
{ {
networking.extraHosts = concatStringsSep "\n" (concatLists ( concatLists (forEachAttrToList thisPeer.subnetConnections (subnetName: subnetConnection: networking.extraHosts = concatStringsSep "\n" (concatLists ( concatLists (forEachAttrToList thisPeer.subnetConnections (subnetName: subnetConnection:
forEachAttrToList subnetConnection.peerConnections (remotePeerName: peerConnection: forEach peerConnection.ipAddresses (ip: "${cidr2ip ip} ${remotePeerName}.${subnetName}")) forEachAttrToList subnetConnection.peerConnections (remotePeerName: peerConnection: forEach peerConnection.ipAddresses (ip: "${asIp ip} ${remotePeerName}.${subnetName}"))
)))); ))));
networking.wireguard = { networking.wireguard = {
interfaces = forEachAttr' thisPeer.subnetConnections (subnetName: subnetConnection: nameValuePair "${head (strings.splitString "." subnetName)}" interfaces = forEachAttr' thisPeer.subnetConnections (subnetName: subnetConnection: nameValuePair "${head (strings.splitString "." subnetName)}"
@ -32,7 +32,7 @@ with getKeyProviderFuncs keyProviders inputs intermediateConfig localPeerName;
name = remotePeerName; name = remotePeerName;
publicKey = getPeerPubKey remotePeerName; publicKey = getPeerPubKey remotePeerName;
presharedKeyFile = getSubnetPSKFile subnetName; presharedKeyFile = getSubnetPSKFile subnetName;
allowedIPs = map ( ip: cidr2ip ip + (if match ".*:.*" ip != null then "/128" else "/32")) peerConnection.ipAddresses; allowedIPs = map ( ip: asCidr ip) peerConnection.ipAddresses;
endpoint = "${peerConnection.endpoint.ip}:${builtins.toString peerConnection.endpoint.port}"; endpoint = "${peerConnection.endpoint.ip}:${builtins.toString peerConnection.endpoint.port}";
} }
// (mergeIf peerConnection.endpoint "persistentKeepalive") // (mergeIf peerConnection.endpoint "persistentKeepalive")

@ -127,5 +127,8 @@ rec {
}; };
mergeIf = attr: key: if builtins.hasAttr key attr then {"${key}" = attr."${key}";} else {}; mergeIf = attr: key: if builtins.hasAttr key attr then {"${key}" = attr."${key}";} else {};
cidr2ip = cidr: head (filter (item: item != []) (split "/" cidr)); asIp = cidr: head (filter (item: item != []) (split "/" cidr));
isIpv6 = ip: match ".*:.*" ip != null;
isCidr = cidr: match ".*/.*" cidr != null;
asCidr = ip: if (isCidr ip) then ip else if isIpv6 ip then ip+"/128" else ip+"/32";
} }
Loading…
Cancel
Save