From eb01c0bae840d7b4b881536fc68e2a0c180d94db Mon Sep 17 00:00:00 2001 From: fleaz Date: Sat, 3 Feb 2024 22:47:03 +0100 Subject: [PATCH] cray: Update vpn config --- machines/cray/configuration.nix | 41 ++----------------------------- machines/cray/tunnel-backbone.nix | 40 ++++++++++++++++++++++++++++++ machines/cray/tunnel-cccda.nix | 38 ++++++++++++++++++++++++++++ 3 files changed, 80 insertions(+), 39 deletions(-) create mode 100644 machines/cray/tunnel-backbone.nix create mode 100644 machines/cray/tunnel-cccda.nix diff --git a/machines/cray/configuration.nix b/machines/cray/configuration.nix index a6ab9a5..77cc42f 100644 --- a/machines/cray/configuration.nix +++ b/machines/cray/configuration.nix @@ -3,6 +3,8 @@ imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix + ./tunnel-backbone.nix + ./tunnel-cccda.nix ../../roles/all.nix ../../modules/luks.nix ../../modules/grub.nix @@ -18,45 +20,6 @@ networking.interfaces.enp4s0.useDHCP = true; networking.interfaces.enp4s0.wakeOnLan.enable = true; - #boot.extraModulePackages = [ config.boot.kernelPackages.wireguard ]; - systemd.network = { - enable = true; - netdevs = { - "10-wg-backbone" = { - netdevConfig = { - Kind = "wireguard"; - MTUBytes = "1300"; - Name = "wg-backbone"; - }; - extraConfig = '' - [WireGuard] - PrivateKeyFile=/etc/secrets/wireguard - ListenPort=9918 - - [WireGuardPeer] - PublicKey=JjJrLv6ocRIgPGPz6TUexPj0eUSKPDEQFye4397nbwM= - AllowedIPs=192.168.8.0/24 - Endpoint=marge.fleaz.me:50200 - ''; - }; - }; - networks = { - # See also man systemd.network - "40-wg0".extraConfig = '' - [Match] - Name=wg-backbone - - [Network] - DHCP=no - IPv6AcceptRA=false - - # IP addresses the client interface will have - [Address] - Address=192.168.8.13/24 - ''; - }; - }; - # Enable CUPS services.printing.enable = true; services.printing.drivers = with pkgs; [ splix ]; diff --git a/machines/cray/tunnel-backbone.nix b/machines/cray/tunnel-backbone.nix new file mode 100644 index 0000000..246d943 --- /dev/null +++ b/machines/cray/tunnel-backbone.nix @@ -0,0 +1,40 @@ +{ + systemd.network = { + enable = true; + netdevs = { + "10-wg-backbone" = { + netdevConfig = { + Kind = "wireguard"; + MTUBytes = "1300"; + Name = "wg-backbone"; + }; + extraConfig = '' + [WireGuard] + PrivateKeyFile=/etc/secrets/wireguard-backbone + ListenPort=9918 + + [WireGuardPeer] + PublicKey=JjJrLv6ocRIgPGPz6TUexPj0eUSKPDEQFye4397nbwM= + AllowedIPs=192.168.8.0/24 + Endpoint=marge.fleaz.me:50200 + ''; + }; + }; + networks = { + # See also man systemd.network + "40-wg0-backbone".extraConfig = '' + [Match] + Name=wg-backbone + + [Network] + DHCP=no + IPv6AcceptRA=false + + # IP addresses the client interface will have + [Address] + Address=192.168.8.13/24 + ''; + }; + }; + +} diff --git a/machines/cray/tunnel-cccda.nix b/machines/cray/tunnel-cccda.nix new file mode 100644 index 0000000..5688429 --- /dev/null +++ b/machines/cray/tunnel-cccda.nix @@ -0,0 +1,38 @@ +{ + systemd.network = { + enable = true; + netdevs = { + "10-wg-cccda" = { + netdevConfig = { + Kind = "wireguard"; + MTUBytes = "1300"; + Name = "wg-cccda"; + }; + extraConfig = '' + [WireGuard] + PrivateKeyFile=/etc/secrets/wireguard-cccda + ListenPort=9919 + + [WireGuardPeer] + PublicKey=4/Ta8Ms2g5UNxjzSY+2khfH9YK45tUbnipH8Np9wGgk= + AllowedIPs=192.168.204.0/24,192.168.201.0/24 + Endpoint=vpn.darmstadt.ccc.de:443 + ''; + }; + }; + networks = { + "40-wg0-cccda".extraConfig = '' + [Match] + Name=wg-cccda + + [Network] + DHCP=no + IPv6AcceptRA=false + + [Address] + Address=192.168.204.12/24 + ''; + }; + }; + +}