diff options
| -rwxr-xr-x | deploy.sh | 3 | ||||
| -rw-r--r-- | nix/configuration.nix | 5 | ||||
| -rw-r--r-- | nix/deuxfleurs.nix | 12 | ||||
| -rw-r--r-- | nix/wesher.nix | 23 |
4 files changed, 36 insertions, 7 deletions
@@ -41,6 +41,7 @@ for NIXHOST in $NIXHOSTLIST; do cat nix/configuration.nix | ssh -F $SSH_CONFIG $SSH_DEST tee $TMP_PATH/configuration.nix > /dev/null cat nix/deuxfleurs.nix | ssh -F $SSH_CONFIG $SSH_DEST tee $TMP_PATH/deuxfleurs.nix > /dev/null cat nix/remote-unlock.nix | ssh -F $SSH_CONFIG $SSH_DEST tee $TMP_PATH/remote-unlock.nix > /dev/null + cat nix/wesher.nix | ssh -F $SSH_CONFIG $SSH_DEST tee $TMP_PATH/wesher.nix > /dev/null cat cluster/$CLUSTER/cluster.nix | ssh -F $SSH_CONFIG $SSH_DEST tee $TMP_PATH/cluster.nix > /dev/null cat cluster/$CLUSTER/node/$NIXHOST.nix | ssh -F $SSH_CONFIG $SSH_DEST tee $TMP_PATH/node.nix > /dev/null cat cluster/$CLUSTER/node/$NIXHOST.site.nix | ssh -F $SSH_CONFIG $SSH_DEST tee $TMP_PATH/site.nix > /dev/null @@ -58,7 +59,7 @@ for NIXHOST in $NIXHOSTLIST; do set -ex cd $TMP_PATH -mv deuxfleurs.nix remote-unlock.nix configuration.nix cluster.nix node.nix site.nix /etc/nixos +mv deuxfleurs.nix remote-unlock.nix wesher.nix configuration.nix cluster.nix node.nix site.nix /etc/nixos nixos-rebuild switch diff --git a/nix/configuration.nix b/nix/configuration.nix index 7e32a8d..bc4edd5 100644 --- a/nix/configuration.nix +++ b/nix/configuration.nix @@ -24,6 +24,10 @@ # replicates the default behaviour. networking.useDHCP = false; + nixpkgs.overlays = [ + (import ./wesher.nix) + ]; + # Set your time zone. time.timeZone = "Europe/Paris"; @@ -63,6 +67,7 @@ SystemMaxUse=1G rclone docker docker-compose + wesher ]; programs.vim.defaultEditor = true; diff --git a/nix/deuxfleurs.nix b/nix/deuxfleurs.nix index a860a36..7772f0e 100644 --- a/nix/deuxfleurs.nix +++ b/nix/deuxfleurs.nix @@ -106,18 +106,18 @@ in }) cfg.admin_accounts; # Configure network interfaces - networking.interfaces = attrsets.setAttrByPath [ config.deuxfleurs.network_interface ] { + networking.interfaces = attrsets.setAttrByPath [ cfg.network_interface ] { useDHCP = false; ipv4.addresses = [ { - address = config.deuxfleurs.lan_ip; - prefixLength = config.deuxfleurs.lan_ip_prefix_length; + address = cfg.lan_ip; + prefixLength = cfg.lan_ip_prefix_length; } ]; }; networking.defaultGateway = { - address = config.deuxfleurs.lan_default_gateway; - interface = config.deuxfleurs.network_interface; + address = cfg.lan_default_gateway; + interface = cfg.network_interface; }; # Configure Wireguard VPN between all nodes @@ -128,7 +128,7 @@ in peers = map ({ publicKey, endpoint, IP, site_name, lan_endpoint, ... }: { publicKey = publicKey; allowedIPs = [ "${IP}/32" ]; - endpoint = if site_name != null && site_name == config.deuxfleurs.site_name && lan_endpoint != null + endpoint = if site_name != null && site_name == cfg.site_name && lan_endpoint != null then lan_endpoint else endpoint; persistentKeepalive = 25; }) (cfg.cluster_nodes ++ cfg.admin_nodes); diff --git a/nix/wesher.nix b/nix/wesher.nix new file mode 100644 index 0000000..81be055 --- /dev/null +++ b/nix/wesher.nix @@ -0,0 +1,23 @@ +pkgs: +pkgs.buildGoModule rec { + pname = "wesher"; + version = "0.2.6"; + + src = pkgs.fetchFromGitHub { + owner = "costela"; + repo = "wesher"; + rev = "v${version}"; + sha256 = "1fnclr556avxay6pvgw5ya3xbxfnf2gv4njq2hr4fd6fcjyslq5h"; + }; + + vendorSha256 = null; + + checkPhase = "true"; + + meta = with pkgs.lib; { + description = "wireguard overlay mesh network manager"; + homepage = "https://github.com/costela/wesher"; + license = licenses.gpl3Plus; + platforms = platforms.linux; + }; +} |