services: wireguard: refactor DNS configuration

2021-04-24 17:22:40 +00:00 · 2021-04-24 17:22:40 +00:00 · 509332270e
parent 05c9a46cde
commit 509332270e
1 changed files with 15 additions and 20 deletions
--- a/services/wireguard.nix
+++ b/services/wireguard.nix
@ -55,6 +55,21 @@ let
        ];
      in
      lib.mapAttrsToList mkPeer otherPeers;
+
+    # Set up clients to use configured DNS servers
+    dns =
+      let
+        toInternalIps = peer: [
+          "${cfg.net.v4.subnet}.${toString peer.clientNum}"
+          "${cfg.net.v6.subnet}::${toString peer.clientNum}"
+        ];
+        # We know that `otherPeers` is an attribute set of servers
+        internalIps = lib.flatten
+          (lib.mapAttrsToList (_: peer: toInternalIps peer) otherPeers);
+        internalServers = lib.optionals cfg.dns.useInternal internalIps;
+      in
+      lib.mkIf (!thisPeerIsServer)
+        (internalServers ++ cfg.dns.additionalServers);
  };
 in
 {
@ -173,26 +188,6 @@ in
      ];
    })

-    # Set up clients to use configured DNS servers on both interfaces
-    (
-      let
-        toInternalIps = peer: [
-          "${cfg.net.v4.subnet}.${toString peer.clientNum}"
-          "${cfg.net.v6.subnet}::${toString peer.clientNum}"
-        ];
-        # We know that `otherPeers` is an attribute set of servers
-        internalIps = lib.flatten
-          (lib.mapAttrsToList (_: peer: toInternalIps peer) otherPeers);
-        internalServers = lib.optionals cfg.dns.useInternal internalIps;
-        dns = internalServers ++ cfg.dns.additionalServers;
-      in
-      lib.mkIf (!thisPeerIsServer) {
-        networking.wg-quick.interfaces."${cfg.iface}".dns = dns;
-        networking.wg-quick.interfaces."${cfg.internal.name}".dns =
-          lib.mkIf cfg.internal.enable dns;
-      }
-    )
-
    # Expose port
    {
      networking.firewall.allowedUDPPorts = [ cfg.port ];