made wireguard work again
This commit is contained in:
parent
2d8e717351
commit
4e8b131f32
7 changed files with 14 additions and 23 deletions
|
@ -199,7 +199,7 @@
|
||||||
# # inputs.clan-core.clanModules.sshd
|
# # inputs.clan-core.clanModules.sshd
|
||||||
#];
|
#];
|
||||||
documentation.nixos.enable = true;
|
documentation.nixos.enable = true;
|
||||||
clan.static-hosts.topLevelDomain = "bear";
|
#clan.static-hosts.topLevelDomain = "bear";
|
||||||
#clan.static-hosts.excludeHosts = lib.mkForce [ ];
|
#clan.static-hosts.excludeHosts = lib.mkForce [ ];
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
clan-core.packages.${pkgs.system}.clan-cli
|
clan-core.packages.${pkgs.system}.clan-cli
|
||||||
|
|
|
@ -24,7 +24,7 @@ with lib; {
|
||||||
};
|
};
|
||||||
|
|
||||||
services.syncthing = {
|
services.syncthing = {
|
||||||
enable = lib.mkForce false;
|
enable = lib.mkForce false;
|
||||||
guiAddress = lib.mkDefault "${config.networking.hostName}.${ config.clan.static-hosts.topLevelDomain }:8384";
|
guiAddress = lib.mkDefault "${config.networking.hostName}.${ config.clan.static-hosts.topLevelDomain }:8384";
|
||||||
overrideDevices = lib.mkDefault true;
|
overrideDevices = lib.mkDefault true;
|
||||||
key = "/run/facts/syncthing.key";
|
key = "/run/facts/syncthing.key";
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{ config, factsGenerator, ... }:
|
{ config, factsGenerator, ... }:
|
||||||
{
|
{
|
||||||
|
networking.firewall.allowedUDPPorts = [ 51820 ];
|
||||||
clanCore.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; };
|
clanCore.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; };
|
||||||
|
|
||||||
# Enable WireGuard
|
# Enable WireGuard
|
||||||
|
@ -11,14 +11,11 @@
|
||||||
address = [ "10.100.0.7/32" ];
|
address = [ "10.100.0.7/32" ];
|
||||||
listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
|
listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
|
||||||
privateKeyFile = config.clanCore.facts.services.wireguard.secret."wireguard.wg0.key".path;
|
privateKeyFile = config.clanCore.facts.services.wireguard.secret."wireguard.wg0.key".path;
|
||||||
|
|
||||||
mtu = 1280;
|
mtu = 1280;
|
||||||
|
|
||||||
peers = [
|
peers = [
|
||||||
{
|
{
|
||||||
# robi
|
publicKey = (builtins.readFile "${config.clanCore.clanDir}/machines/orbi/facts/wireguard.wg0.pub");
|
||||||
# todo : use public facts here
|
|
||||||
publicKey = "uWR93xJe5oEbX3DsAYpOS9CuSg1VmXEQxJzdlJpe3DU=";
|
|
||||||
allowedIPs = [ "10.100.0.1/24" ];
|
allowedIPs = [ "10.100.0.1/24" ];
|
||||||
#endpoint = "ingolf-wagner.de:51820";
|
#endpoint = "ingolf-wagner.de:51820";
|
||||||
endpoint = "95.216.66.212:51820";
|
endpoint = "95.216.66.212:51820";
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
{ pkgs, config, factsGenerator, ... }:
|
{ pkgs, config, factsGenerator, ... }:
|
||||||
{
|
{
|
||||||
networking.firewall.allowedUDPPorts = [ 51820 ];
|
networking.firewall.allowedUDPPorts = [ 51820 ];
|
||||||
|
|
||||||
clanCore.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; };
|
clanCore.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; };
|
||||||
|
|
||||||
# Enable WireGuard
|
# Enable WireGuard
|
||||||
|
@ -14,11 +13,9 @@
|
||||||
privateKeyFile = config.clanCore.facts.services.wireguard.secret."wireguard.wg0.key".path;
|
privateKeyFile = config.clanCore.facts.services.wireguard.secret."wireguard.wg0.key".path;
|
||||||
mtu = 1280;
|
mtu = 1280;
|
||||||
|
|
||||||
# server
|
|
||||||
peers = [
|
peers = [
|
||||||
{
|
{
|
||||||
# orbi
|
publicKey = (builtins.readFile "${config.clanCore.clanDir}/machines/orbi/facts/wireguard.wg0.pub");
|
||||||
publicKey = "uWR93xJe5oEbX3DsAYpOS9CuSg1VmXEQxJzdlJpe3DU=";
|
|
||||||
allowedIPs = [ "10.100.0.1/24" ];
|
allowedIPs = [ "10.100.0.1/24" ];
|
||||||
#endpoint = "ingolf-wagner.de:51820";
|
#endpoint = "ingolf-wagner.de:51820";
|
||||||
endpoint = "95.216.66.212:51820";
|
endpoint = "95.216.66.212:51820";
|
||||||
|
|
|
@ -7,8 +7,8 @@
|
||||||
networking.retiolum.nodename = "sol";
|
networking.retiolum.nodename = "sol";
|
||||||
|
|
||||||
services.tinc.networks.retiolum = {
|
services.tinc.networks.retiolum = {
|
||||||
ed25519PrivateKeyFile = config.clanCore.facts.services.tinc_secret.secret."tinc.retiolum.ed25519_key.priv".path;
|
ed25519PrivateKeyFile = config.clanCore.facts.services.tinc_retiolum.secret."tinc.retiolum.ed25519_key.priv".path;
|
||||||
rsaPrivateKeyFile = config.clanCore.facts.services.tinc_secret.secret."tinc.retiolum.rsa_key.priv".path;
|
rsaPrivateKeyFile = config.clanCore.facts.services.tinc_retiolum.secret."tinc.retiolum.rsa_key.priv".path;
|
||||||
};
|
};
|
||||||
|
|
||||||
#fileSystems."/retiolum/sicily" = {
|
#fileSystems."/retiolum/sicily" = {
|
||||||
|
|
|
@ -15,8 +15,7 @@
|
||||||
|
|
||||||
peers = [
|
peers = [
|
||||||
{
|
{
|
||||||
# robi
|
publicKey = (builtins.readFile "${config.clanCore.clanDir}/machines/orbi/facts/wireguard.wg0.pub");
|
||||||
publicKey = "uWR93xJe5oEbX3DsAYpOS9CuSg1VmXEQxJzdlJpe3DU=";
|
|
||||||
allowedIPs = [ "10.100.0.1/24" ];
|
allowedIPs = [ "10.100.0.1/24" ];
|
||||||
#endpoint = "ingolf-wagner.de:51820";
|
#endpoint = "ingolf-wagner.de:51820";
|
||||||
endpoint = "95.216.66.212:51820";
|
endpoint = "95.216.66.212:51820";
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
{ pkgs, config, factsGenerator, ... }:
|
{ pkgs, config, factsGenerator, ... }:
|
||||||
|
let
|
||||||
|
publicKey = machine: (builtins.readFile "${config.clanCore.clanDir}/machines/${machine}/facts/wireguard.wg0.pub");
|
||||||
|
in
|
||||||
{
|
{
|
||||||
networking.firewall.allowedUDPPorts = [ 51820 ];
|
networking.firewall.allowedUDPPorts = [ 51820 ];
|
||||||
clanCore.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; };
|
clanCore.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; };
|
||||||
|
@ -25,14 +28,9 @@
|
||||||
peers = [
|
peers = [
|
||||||
{
|
{
|
||||||
# chungus
|
# chungus
|
||||||
publicKey = "wb54y/fG8ocSH9QrDmfajez/fUcJBZK369xLu37XBHk=";
|
publicKey = publicKey "chungus";
|
||||||
allowedIPs = [ "10.100.0.2/32" ];
|
allowedIPs = [ "10.100.0.2/32" ];
|
||||||
}
|
}
|
||||||
{
|
|
||||||
# sterni
|
|
||||||
publicKey = "SdMRgC5IM7dywzZxLAHm45cpj9J3IENTMClZm1BxbV4=";
|
|
||||||
allowedIPs = [ "10.100.0.3/32" ];
|
|
||||||
}
|
|
||||||
{
|
{
|
||||||
# iphone
|
# iphone
|
||||||
publicKey = "XPVzH+wBLsqukTHHjngkGJhYN0nRdQ7esadiimMJQnI=";
|
publicKey = "XPVzH+wBLsqukTHHjngkGJhYN0nRdQ7esadiimMJQnI=";
|
||||||
|
@ -45,12 +43,12 @@
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
# cream
|
# cream
|
||||||
publicKey = "R1Vk1DDG/LsVU0HHRDmOJshXOVnNzPVbuv5hP7ZSGEQ=";
|
publicKey = publicKey "cream";
|
||||||
allowedIPs = [ "10.100.0.6/32" ];
|
allowedIPs = [ "10.100.0.6/32" ];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
# cherry
|
# cherry
|
||||||
publicKey = "ZNnlmPdxAGYtaUvOU2V47tcEhcB06LBCXkSxIvWZL2k=";
|
publicKey = publicKey "cherry";
|
||||||
allowedIPs = [ "10.100.0.7/32" ];
|
allowedIPs = [ "10.100.0.7/32" ];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in a new issue