aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2022-02-26 00:13:08 +0100
committerAlex Auvolat <alex@adnab.me>2022-02-26 00:13:08 +0100
commit86b98732212661c4398c21d1be689d8a1a5b5263 (patch)
tree60f11e9357ce24c9a61fd364195731abbcedaeee
parent0940e0bdfc191aff87cbc94490812190d4b7cf58 (diff)
downloadnixcfg-86b98732212661c4398c21d1be689d8a1a5b5263.tar.gz
nixcfg-86b98732212661c4398c21d1be689d8a1a5b5263.zip
Wireguard directly using LAN addresses when possible
-rw-r--r--cluster/staging/cluster.nix7
-rw-r--r--nix/deuxfleurs.nix15
2 files changed, 20 insertions, 2 deletions
diff --git a/cluster/staging/cluster.nix b/cluster/staging/cluster.nix
index 2b6cb6c..79fb3fb 100644
--- a/cluster/staging/cluster.nix
+++ b/cluster/staging/cluster.nix
@@ -5,27 +5,34 @@
deuxfleurs.cluster_nodes = [
{
hostname = "spoutnik";
+ site_name = "pluton";
publicKey = "fO8qZOZmnug84cA8nvfjl5MUqyWljP0BAz/4tHRZyEg=";
IP = "10.42.2.2";
endpoint = "77.141.67.109:42136";
}
{
hostname = "cariacou";
+ site_name = "neptune";
publicKey = "qxrtfn2zRVnN52Y5NYumyU3/FcRMnh3kJ2C37JfrczA=";
IP = "10.42.2.21";
endpoint = "82.66.112.151:33721";
+ lan_endpoint = "192.168.1.21:33721";
}
{
hostname = "carcajou";
+ site_name = "neptune";
publicKey = "7Nm7pMmyS7Nts1MB+loyD8u84ODxHPTkDu+uqQR6yDk=";
IP = "10.42.2.22";
endpoint = "82.66.112.151:33722";
+ lan_endpoint = "192.168.1.22:33722";
}
{
hostname = "caribou";
+ site_name = "neptune";
publicKey = "g6ZED/wPn5MPfytJKwPI19808CXtEad0IJUkEAAzwyY=";
IP = "10.42.2.23";
endpoint = "82.66.112.151:33723";
+ lan_endpoint = "192.168.1.23:33723";
}
];
deuxfleurs.admin_nodes = [
diff --git a/nix/deuxfleurs.nix b/nix/deuxfleurs.nix
index fc39071..a860a36 100644
--- a/nix/deuxfleurs.nix
+++ b/nix/deuxfleurs.nix
@@ -13,6 +13,11 @@ in
type = str;
description = "Host name";
};
+ site_name = mkOption {
+ type = nullOr str;
+ description = "Site where the node is located";
+ default = null;
+ };
IP = mkOption {
type = str;
description = "IP Address";
@@ -25,6 +30,11 @@ in
type = nullOr str;
description = "Wireguard endpoint on the public Internet";
};
+ lan_endpoint = mkOption {
+ type = nullOr str;
+ description = "Wireguard endpoint for nodes in the same site";
+ default = null;
+ };
};
};
in
@@ -115,10 +125,11 @@ in
ips = [ "${cfg.vpn_ip}/16" ];
listenPort = cfg.vpn_listen_port;
privateKeyFile = "/var/lib/deuxfleurs/wireguard-keys/private";
- peers = map ({ publicKey, endpoint, IP, ... }: {
+ peers = map ({ publicKey, endpoint, IP, site_name, lan_endpoint, ... }: {
publicKey = publicKey;
allowedIPs = [ "${IP}/32" ];
- endpoint = endpoint;
+ endpoint = if site_name != null && site_name == config.deuxfleurs.site_name && lan_endpoint != null
+ then lan_endpoint else endpoint;
persistentKeepalive = 25;
}) (cfg.cluster_nodes ++ cfg.admin_nodes);
};