yggdrasil

Yggdrasil encrypted IPv6 routing overlay network

Uncategorized

🚧🚧🚧 Experimental 🚧🚧🚧

Use at your own risk.

We are still refining its interfaces, instability and breakages are expected.

This module sets up yggdrasil across your clan.

Yggdrasil is designed to be a future-proof and decentralised alternative to the structured routing protocols commonly used today on the internet. Inside your clan, it will allow you to reach all of your machines.

If you have other services in your inventory which export peers (e.g. the internet or the services) as service exports, they will be added as yggdrasil peers automatically. This allows using the stable yggdrasil IPv6 address to refer to other hosts and letting yggdrasil decide on the best routing based on available connections.

Example Usage

While you can specify statically configured peers for each host, yggdrasil does auto-discovery of local peers.

inventory = {

  machines = {
    peer1 = { };
    peer2 = { };
  };

  instances = {
    yggdrasil = {

      # Deploy on all machines
      roles.default.tags.all = { };

      # Or individual hosts
      roles.default.machines.peer1 = { };
      roles.default.machines.peer2 = { };
    };
  };
};

Roles

The yggdrasil service has the following roles:

default

Options for the `default` role

extraMulticastInterfaces

Additional interfaces to use for Multicast. See https://yggdrasil-network.github.io/configurationref.html#multicastinterfaces for reference.

Type: list of (attribute set)

Default:

[ ]

Example

[
  {
    Beacon = true;
    Listen = true;
    Port = 5400;
    Priority = 1020;
    Regex = "(wg).*";
  }
]

Declared in: clanServices/yggdrasil/default.nix

extraPeers

Additional static peers to configure for this host. If you use a VPN clan service, it will automatically be added as peers to other hosts. Local peers are also auto-discovered and don't need to be added.

Type: list of string