made wireguard work again

This commit is contained in:
Ingolf Wagner 2024-06-05 12:51:38 +02:00
parent 2d8e717351
commit 4e8b131f32
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
7 changed files with 14 additions and 23 deletions

View file

@ -199,7 +199,7 @@
# # inputs.clan-core.clanModules.sshd # # inputs.clan-core.clanModules.sshd
#]; #];
documentation.nixos.enable = true; documentation.nixos.enable = true;
clan.static-hosts.topLevelDomain = "bear"; #clan.static-hosts.topLevelDomain = "bear";
#clan.static-hosts.excludeHosts = lib.mkForce [ ]; #clan.static-hosts.excludeHosts = lib.mkForce [ ];
environment.systemPackages = [ environment.systemPackages = [
clan-core.packages.${pkgs.system}.clan-cli clan-core.packages.${pkgs.system}.clan-cli

View file

@ -24,7 +24,7 @@ with lib; {
}; };
services.syncthing = { services.syncthing = {
enable = lib.mkForce false; enable = lib.mkForce false;
guiAddress = lib.mkDefault "${config.networking.hostName}.${ config.clan.static-hosts.topLevelDomain }:8384"; guiAddress = lib.mkDefault "${config.networking.hostName}.${ config.clan.static-hosts.topLevelDomain }:8384";
overrideDevices = lib.mkDefault true; overrideDevices = lib.mkDefault true;
key = "/run/facts/syncthing.key"; key = "/run/facts/syncthing.key";

View file

@ -1,6 +1,6 @@
{ config, factsGenerator, ... }: { config, factsGenerator, ... }:
{ {
networking.firewall.allowedUDPPorts = [ 51820 ];
clanCore.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; }; clanCore.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; };
# Enable WireGuard # Enable WireGuard
@ -11,14 +11,11 @@
address = [ "10.100.0.7/32" ]; address = [ "10.100.0.7/32" ];
listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers) listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
privateKeyFile = config.clanCore.facts.services.wireguard.secret."wireguard.wg0.key".path; privateKeyFile = config.clanCore.facts.services.wireguard.secret."wireguard.wg0.key".path;
mtu = 1280; mtu = 1280;
peers = [ peers = [
{ {
# robi publicKey = (builtins.readFile "${config.clanCore.clanDir}/machines/orbi/facts/wireguard.wg0.pub");
# todo : use public facts here
publicKey = "uWR93xJe5oEbX3DsAYpOS9CuSg1VmXEQxJzdlJpe3DU=";
allowedIPs = [ "10.100.0.1/24" ]; allowedIPs = [ "10.100.0.1/24" ];
#endpoint = "ingolf-wagner.de:51820"; #endpoint = "ingolf-wagner.de:51820";
endpoint = "95.216.66.212:51820"; endpoint = "95.216.66.212:51820";

View file

@ -1,7 +1,6 @@
{ pkgs, config, factsGenerator, ... }: { pkgs, config, factsGenerator, ... }:
{ {
networking.firewall.allowedUDPPorts = [ 51820 ]; networking.firewall.allowedUDPPorts = [ 51820 ];
clanCore.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; }; clanCore.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; };
# Enable WireGuard # Enable WireGuard
@ -14,11 +13,9 @@
privateKeyFile = config.clanCore.facts.services.wireguard.secret."wireguard.wg0.key".path; privateKeyFile = config.clanCore.facts.services.wireguard.secret."wireguard.wg0.key".path;
mtu = 1280; mtu = 1280;
# server
peers = [ peers = [
{ {
# orbi publicKey = (builtins.readFile "${config.clanCore.clanDir}/machines/orbi/facts/wireguard.wg0.pub");
publicKey = "uWR93xJe5oEbX3DsAYpOS9CuSg1VmXEQxJzdlJpe3DU=";
allowedIPs = [ "10.100.0.1/24" ]; allowedIPs = [ "10.100.0.1/24" ];
#endpoint = "ingolf-wagner.de:51820"; #endpoint = "ingolf-wagner.de:51820";
endpoint = "95.216.66.212:51820"; endpoint = "95.216.66.212:51820";

View file

@ -7,8 +7,8 @@
networking.retiolum.nodename = "sol"; networking.retiolum.nodename = "sol";
services.tinc.networks.retiolum = { services.tinc.networks.retiolum = {
ed25519PrivateKeyFile = config.clanCore.facts.services.tinc_secret.secret."tinc.retiolum.ed25519_key.priv".path; ed25519PrivateKeyFile = config.clanCore.facts.services.tinc_retiolum.secret."tinc.retiolum.ed25519_key.priv".path;
rsaPrivateKeyFile = config.clanCore.facts.services.tinc_secret.secret."tinc.retiolum.rsa_key.priv".path; rsaPrivateKeyFile = config.clanCore.facts.services.tinc_retiolum.secret."tinc.retiolum.rsa_key.priv".path;
}; };
#fileSystems."/retiolum/sicily" = { #fileSystems."/retiolum/sicily" = {

View file

@ -15,8 +15,7 @@
peers = [ peers = [
{ {
# robi publicKey = (builtins.readFile "${config.clanCore.clanDir}/machines/orbi/facts/wireguard.wg0.pub");
publicKey = "uWR93xJe5oEbX3DsAYpOS9CuSg1VmXEQxJzdlJpe3DU=";
allowedIPs = [ "10.100.0.1/24" ]; allowedIPs = [ "10.100.0.1/24" ];
#endpoint = "ingolf-wagner.de:51820"; #endpoint = "ingolf-wagner.de:51820";
endpoint = "95.216.66.212:51820"; endpoint = "95.216.66.212:51820";

View file

@ -1,4 +1,7 @@
{ pkgs, config, factsGenerator, ... }: { pkgs, config, factsGenerator, ... }:
let
publicKey = machine: (builtins.readFile "${config.clanCore.clanDir}/machines/${machine}/facts/wireguard.wg0.pub");
in
{ {
networking.firewall.allowedUDPPorts = [ 51820 ]; networking.firewall.allowedUDPPorts = [ 51820 ];
clanCore.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; }; clanCore.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; };
@ -25,14 +28,9 @@
peers = [ peers = [
{ {
# chungus # chungus
publicKey = "wb54y/fG8ocSH9QrDmfajez/fUcJBZK369xLu37XBHk="; publicKey = publicKey "chungus";
allowedIPs = [ "10.100.0.2/32" ]; allowedIPs = [ "10.100.0.2/32" ];
} }
{
# sterni
publicKey = "SdMRgC5IM7dywzZxLAHm45cpj9J3IENTMClZm1BxbV4=";
allowedIPs = [ "10.100.0.3/32" ];
}
{ {
# iphone # iphone
publicKey = "XPVzH+wBLsqukTHHjngkGJhYN0nRdQ7esadiimMJQnI="; publicKey = "XPVzH+wBLsqukTHHjngkGJhYN0nRdQ7esadiimMJQnI=";
@ -45,12 +43,12 @@
} }
{ {
# cream # cream
publicKey = "R1Vk1DDG/LsVU0HHRDmOJshXOVnNzPVbuv5hP7ZSGEQ="; publicKey = publicKey "cream";
allowedIPs = [ "10.100.0.6/32" ]; allowedIPs = [ "10.100.0.6/32" ];
} }
{ {
# cherry # cherry
publicKey = "ZNnlmPdxAGYtaUvOU2V47tcEhcB06LBCXkSxIvWZL2k="; publicKey = publicKey "cherry";
allowedIPs = [ "10.100.0.7/32" ]; allowedIPs = [ "10.100.0.7/32" ];
} }
{ {