diff options
| author | Alex Auvolat <alex@adnab.me> | 2022-02-26 00:13:08 +0100 |
|---|---|---|
| committer | Alex Auvolat <alex@adnab.me> | 2022-02-26 00:13:08 +0100 |
| commit | 86b98732212661c4398c21d1be689d8a1a5b5263 (patch) | |
| tree | 60f11e9357ce24c9a61fd364195731abbcedaeee /nix | |
| parent | 0940e0bdfc191aff87cbc94490812190d4b7cf58 (diff) | |
| download | nixcfg-86b98732212661c4398c21d1be689d8a1a5b5263.tar.gz nixcfg-86b98732212661c4398c21d1be689d8a1a5b5263.zip | |
Wireguard directly using LAN addresses when possible
Diffstat (limited to 'nix')
| -rw-r--r-- | nix/deuxfleurs.nix | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/nix/deuxfleurs.nix b/nix/deuxfleurs.nix index fc39071..a860a36 100644 --- a/nix/deuxfleurs.nix +++ b/nix/deuxfleurs.nix @@ -13,6 +13,11 @@ in type = str; description = "Host name"; }; + site_name = mkOption { + type = nullOr str; + description = "Site where the node is located"; + default = null; + }; IP = mkOption { type = str; description = "IP Address"; @@ -25,6 +30,11 @@ in type = nullOr str; description = "Wireguard endpoint on the public Internet"; }; + lan_endpoint = mkOption { + type = nullOr str; + description = "Wireguard endpoint for nodes in the same site"; + default = null; + }; }; }; in @@ -115,10 +125,11 @@ in ips = [ "${cfg.vpn_ip}/16" ]; listenPort = cfg.vpn_listen_port; privateKeyFile = "/var/lib/deuxfleurs/wireguard-keys/private"; - peers = map ({ publicKey, endpoint, IP, ... }: { + peers = map ({ publicKey, endpoint, IP, site_name, lan_endpoint, ... }: { publicKey = publicKey; allowedIPs = [ "${IP}/32" ]; - endpoint = endpoint; + endpoint = if site_name != null && site_name == config.deuxfleurs.site_name && lan_endpoint != null + then lan_endpoint else endpoint; persistentKeepalive = 25; }) (cfg.cluster_nodes ++ cfg.admin_nodes); }; |