ambroisie/nix-config
ambroisie/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

services: wireguard: refactor DNS configuration

Browse source
This commit is contained in:
Bruno BELANYI 2021-04-24 17:22:40 +00:00
parent 05c9a46cde
commit 509332270e
1 changed files with 15 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
services/wireguard.nix
View file

@ -55,6 +55,21 @@ let
]; ];
in in
lib.mapAttrsToList mkPeer otherPeers; lib.mapAttrsToList mkPeer otherPeers;
# Set up clients to use configured DNS servers
dns =
let
toInternalIps = peer: [
"${cfg.net.v4.subnet}.${toString peer.clientNum}"
"${cfg.net.v6.subnet}::${toString peer.clientNum}"
];
# We know that `otherPeers` is an attribute set of servers
internalIps = lib.flatten
(lib.mapAttrsToList (_: peer: toInternalIps peer) otherPeers);
internalServers = lib.optionals cfg.dns.useInternal internalIps;
in
lib.mkIf (!thisPeerIsServer)
(internalServers ++ cfg.dns.additionalServers);
}; };
in in
{ {
@ -173,26 +188,6 @@ in
]; ];
}) })
# Set up clients to use configured DNS servers on both interfaces
(
let
toInternalIps = peer: [
"${cfg.net.v4.subnet}.${toString peer.clientNum}"
"${cfg.net.v6.subnet}::${toString peer.clientNum}"
];
# We know that `otherPeers` is an attribute set of servers
internalIps = lib.flatten
(lib.mapAttrsToList (_: peer: toInternalIps peer) otherPeers);
internalServers = lib.optionals cfg.dns.useInternal internalIps;
dns = internalServers ++ cfg.dns.additionalServers;
in
lib.mkIf (!thisPeerIsServer) {
networking.wg-quick.interfaces."${cfg.iface}".dns = dns;
networking.wg-quick.interfaces."${cfg.internal.name}".dns =
lib.mkIf cfg.internal.enable dns;
}
)
# Expose port # Expose port
{ {
networking.firewall.allowedUDPPorts = [ cfg.port ]; networking.firewall.allowedUDPPorts = [ cfg.port ];