made wireguard work again
This commit is contained in:
parent
2d8e717351
commit
4e8b131f32
7 changed files with 14 additions and 23 deletions
|
@ -199,7 +199,7 @@
|
|||
# # inputs.clan-core.clanModules.sshd
|
||||
#];
|
||||
documentation.nixos.enable = true;
|
||||
clan.static-hosts.topLevelDomain = "bear";
|
||||
#clan.static-hosts.topLevelDomain = "bear";
|
||||
#clan.static-hosts.excludeHosts = lib.mkForce [ ];
|
||||
environment.systemPackages = [
|
||||
clan-core.packages.${pkgs.system}.clan-cli
|
||||
|
|
|
@ -24,7 +24,7 @@ with lib; {
|
|||
};
|
||||
|
||||
services.syncthing = {
|
||||
enable = lib.mkForce false;
|
||||
enable = lib.mkForce false;
|
||||
guiAddress = lib.mkDefault "${config.networking.hostName}.${ config.clan.static-hosts.topLevelDomain }:8384";
|
||||
overrideDevices = lib.mkDefault true;
|
||||
key = "/run/facts/syncthing.key";
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ config, factsGenerator, ... }:
|
||||
{
|
||||
|
||||
networking.firewall.allowedUDPPorts = [ 51820 ];
|
||||
clanCore.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; };
|
||||
|
||||
# Enable WireGuard
|
||||
|
@ -11,14 +11,11 @@
|
|||
address = [ "10.100.0.7/32" ];
|
||||
listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
|
||||
privateKeyFile = config.clanCore.facts.services.wireguard.secret."wireguard.wg0.key".path;
|
||||
|
||||
mtu = 1280;
|
||||
|
||||
peers = [
|
||||
{
|
||||
# robi
|
||||
# todo : use public facts here
|
||||
publicKey = "uWR93xJe5oEbX3DsAYpOS9CuSg1VmXEQxJzdlJpe3DU=";
|
||||
publicKey = (builtins.readFile "${config.clanCore.clanDir}/machines/orbi/facts/wireguard.wg0.pub");
|
||||
allowedIPs = [ "10.100.0.1/24" ];
|
||||
#endpoint = "ingolf-wagner.de:51820";
|
||||
endpoint = "95.216.66.212:51820";
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
{ pkgs, config, factsGenerator, ... }:
|
||||
{
|
||||
networking.firewall.allowedUDPPorts = [ 51820 ];
|
||||
|
||||
clanCore.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; };
|
||||
|
||||
# Enable WireGuard
|
||||
|
@ -14,11 +13,9 @@
|
|||
privateKeyFile = config.clanCore.facts.services.wireguard.secret."wireguard.wg0.key".path;
|
||||
mtu = 1280;
|
||||
|
||||
# server
|
||||
peers = [
|
||||
{
|
||||
# orbi
|
||||
publicKey = "uWR93xJe5oEbX3DsAYpOS9CuSg1VmXEQxJzdlJpe3DU=";
|
||||
publicKey = (builtins.readFile "${config.clanCore.clanDir}/machines/orbi/facts/wireguard.wg0.pub");
|
||||
allowedIPs = [ "10.100.0.1/24" ];
|
||||
#endpoint = "ingolf-wagner.de:51820";
|
||||
endpoint = "95.216.66.212:51820";
|
||||
|
|
|
@ -7,8 +7,8 @@
|
|||
networking.retiolum.nodename = "sol";
|
||||
|
||||
services.tinc.networks.retiolum = {
|
||||
ed25519PrivateKeyFile = config.clanCore.facts.services.tinc_secret.secret."tinc.retiolum.ed25519_key.priv".path;
|
||||
rsaPrivateKeyFile = config.clanCore.facts.services.tinc_secret.secret."tinc.retiolum.rsa_key.priv".path;
|
||||
ed25519PrivateKeyFile = config.clanCore.facts.services.tinc_retiolum.secret."tinc.retiolum.ed25519_key.priv".path;
|
||||
rsaPrivateKeyFile = config.clanCore.facts.services.tinc_retiolum.secret."tinc.retiolum.rsa_key.priv".path;
|
||||
};
|
||||
|
||||
#fileSystems."/retiolum/sicily" = {
|
||||
|
|
|
@ -15,8 +15,7 @@
|
|||
|
||||
peers = [
|
||||
{
|
||||
# robi
|
||||
publicKey = "uWR93xJe5oEbX3DsAYpOS9CuSg1VmXEQxJzdlJpe3DU=";
|
||||
publicKey = (builtins.readFile "${config.clanCore.clanDir}/machines/orbi/facts/wireguard.wg0.pub");
|
||||
allowedIPs = [ "10.100.0.1/24" ];
|
||||
#endpoint = "ingolf-wagner.de:51820";
|
||||
endpoint = "95.216.66.212:51820";
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
{ pkgs, config, factsGenerator, ... }:
|
||||
let
|
||||
publicKey = machine: (builtins.readFile "${config.clanCore.clanDir}/machines/${machine}/facts/wireguard.wg0.pub");
|
||||
in
|
||||
{
|
||||
networking.firewall.allowedUDPPorts = [ 51820 ];
|
||||
clanCore.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; };
|
||||
|
@ -25,14 +28,9 @@
|
|||
peers = [
|
||||
{
|
||||
# chungus
|
||||
publicKey = "wb54y/fG8ocSH9QrDmfajez/fUcJBZK369xLu37XBHk=";
|
||||
publicKey = publicKey "chungus";
|
||||
allowedIPs = [ "10.100.0.2/32" ];
|
||||
}
|
||||
{
|
||||
# sterni
|
||||
publicKey = "SdMRgC5IM7dywzZxLAHm45cpj9J3IENTMClZm1BxbV4=";
|
||||
allowedIPs = [ "10.100.0.3/32" ];
|
||||
}
|
||||
{
|
||||
# iphone
|
||||
publicKey = "XPVzH+wBLsqukTHHjngkGJhYN0nRdQ7esadiimMJQnI=";
|
||||
|
@ -45,12 +43,12 @@
|
|||
}
|
||||
{
|
||||
# cream
|
||||
publicKey = "R1Vk1DDG/LsVU0HHRDmOJshXOVnNzPVbuv5hP7ZSGEQ=";
|
||||
publicKey = publicKey "cream";
|
||||
allowedIPs = [ "10.100.0.6/32" ];
|
||||
}
|
||||
{
|
||||
# cherry
|
||||
publicKey = "ZNnlmPdxAGYtaUvOU2V47tcEhcB06LBCXkSxIvWZL2k=";
|
||||
publicKey = publicKey "cherry";
|
||||
allowedIPs = [ "10.100.0.7/32" ];
|
||||
}
|
||||
{
|
||||
|
|
Loading…
Reference in a new issue