~msalerno/wirenix

Issue Tracker (As Email)
Mailing List (As Email)
Mailing List (breaking changes) (Subscribe Via Email)
Wiki (Wiki Repo)
Repo

WireNix is a Nix Flake designed to make creation of Wireguard mesh networks easier. The simplist and most likely layout is a full mesh network, but Wirenix can also support arbitrary graph topologies. This is the Wiki for Wirenix. The best way to get started with Wirenix is to read the Quickstart and then learn about the ACL format.

#Pages

#Notes about the Wiki

Due to Nix's dynamic typing, I have opted to define configurations in psuedo-typescript to make options more legible. I have chosen typescript because it looks somewhat like JSON and is easy to understand. Examples will still be given in Nix EL.

#Current Issues / Drawbacks

  • WireNix does not do NAT traversal, routing, DNS (although it will add to the hosts file), or anything like that. It's up to you to forward the correct ports, set the right firewall rules, make routing rules, do NAT traversal, etc.
  • WireNix does not allow for dynamic addition of peers. If you need something more dynamic, look into Tailscale/Headscale.
  • Peers cannot have multiple keys. If this is a desirable feature I may think of adding it, but I cannot think of a good reason for it.
  • There's limited testing infrastructure in place right now, and plenty of untested scenarios.
  • Currently this will create empty sops and age top level attributes in your config if you don't already have them. It has to do with some terrible hackery I did in wire.nix to prevent infinite recursion. If any Nix wizards out there want to send in a patch it would be mutch appreciated!

#Contributing

Sourcehut is weird, and it's my first time hosting a public repo on it. That said issues are tracked on the issue tracker (as email),
everything is setup to allow for patches through git send-email, and patches can be sent to the mailing list (as email).
Since this is a nixos project, here's a modified excerpt from my config to get you started with git send-email (using agenix to store the password):

programs.git = {
    package = pkgs.gitAndTools.gitFull;
    enable = true;
    userName = "Your Name";
    userEmail = "your-email@example.com";
    includes = [{ path = "/run/agenix/git-mail";}];
};

secrets/git-mail (decrypted):

[sendemail]
smtpEncryption = ssl
smtpServer = smtp.example.com
smtpServerPort = 465
smtpUser = your-email@example.com
smtpPass = ******************

#Feature Testing Status

Wirenix was built with a lot of features in mind, and the testing is lagging behind. The current priority is fixing bugs and adding tests. This list is not exhaustive, but will be updated as I think of or find certain edge cases and features that need testing.

🚨 = Untested : 🚧 = Manually Confirmed : ✅ = Test Case Written

Test Case Status
Connecting peers in a subnet by subnet ✅
Connecting peers in a subnet by peer ✅
Automatic IP addresses ✅
Static network configuration ✅
Networkd configuration ✅
ACL key provider ✅
Manually assigning IP addresses ✅
Multiple interfaces for one subnet ✅
Writing custom Configurers 🚧
Writing custom Key Providers 🚧
Writing custom parsers 🚧
Connecting peers in a subnet by group 🚧
Connecting peer to multiple subnets 🚧
Endpoint Filter Rules 🚧
Parallel subnets don't interfere 🚧
Agenix-rekey key provider 🚧
Using multiple key providers 🚧
Connecting to non-wirenix peer 🚨
Merging with manual network config (e.g. adding static routes) 🚨

#License

This project is licensed under the MPL 2.0

About this wiki

commit 0d0bc492b2a0104df20d8c819fdbdd1638a97b97
Author: Matthew Salerno <m@salernosection.com>
Date:   2024-03-25T00:03:16-04:00

formatting
Clone this wiki
https://git.sr.ht/~msalerno/wirenix.wiki (read-only)
git@git.sr.ht:~msalerno/wirenix.wiki (read/write)