cray: Update vpn config

machines/cray/configuration.nix

@@ -3,6 +3,8 @@
   imports = [
     # Include the results of the hardware scan.
     ./hardware-configuration.nix
+    ./tunnel-backbone.nix
+    ./tunnel-cccda.nix
     ../../roles/all.nix
     ../../modules/luks.nix
     ../../modules/grub.nix
@@ -18,45 +20,6 @@
   networking.interfaces.enp4s0.useDHCP = true;
   networking.interfaces.enp4s0.wakeOnLan.enable = true;
 
-  #boot.extraModulePackages = [ config.boot.kernelPackages.wireguard ];
-  systemd.network = {
-    enable = true;
-    netdevs = {
-      "10-wg-backbone" = {
-        netdevConfig = {
-          Kind = "wireguard";
-          MTUBytes = "1300";
-          Name = "wg-backbone";
-        };
-        extraConfig = ''
-          [WireGuard]
-          PrivateKeyFile=/etc/secrets/wireguard
-          ListenPort=9918
-
-          [WireGuardPeer]
-          PublicKey=JjJrLv6ocRIgPGPz6TUexPj0eUSKPDEQFye4397nbwM=
-          AllowedIPs=192.168.8.0/24
-          Endpoint=marge.fleaz.me:50200
-        '';
-      };
-    };
-    networks = {
-      # See also man systemd.network
-      "40-wg0".extraConfig = ''
-        [Match]
-        Name=wg-backbone
-
-        [Network]
-        DHCP=no
-        IPv6AcceptRA=false
-
-        # IP addresses the client interface will have
-        [Address]
-        Address=192.168.8.13/24
-      '';
-    };
-  };
-
   # Enable CUPS
   services.printing.enable = true;
   services.printing.drivers = with pkgs; [ splix ];

machines/cray/tunnel-backbone.nix

@@ -0,0 +1,40 @@
+{
+  systemd.network = {
+    enable = true;
+    netdevs = {
+      "10-wg-backbone" = {
+        netdevConfig = {
+          Kind = "wireguard";
+          MTUBytes = "1300";
+          Name = "wg-backbone";
+        };
+        extraConfig = ''
+          [WireGuard]
+          PrivateKeyFile=/etc/secrets/wireguard-backbone
+          ListenPort=9918
+
+          [WireGuardPeer]
+          PublicKey=JjJrLv6ocRIgPGPz6TUexPj0eUSKPDEQFye4397nbwM=
+          AllowedIPs=192.168.8.0/24
+          Endpoint=marge.fleaz.me:50200
+        '';
+      };
+    };
+    networks = {
+      # See also man systemd.network
+      "40-wg0-backbone".extraConfig = ''
+        [Match]
+        Name=wg-backbone
+
+        [Network]
+        DHCP=no
+        IPv6AcceptRA=false
+
+        # IP addresses the client interface will have
+        [Address]
+        Address=192.168.8.13/24
+      '';
+    };
+  };
+
+}

machines/cray/tunnel-cccda.nix

@@ -0,0 +1,38 @@
+{
+  systemd.network = {
+    enable = true;
+    netdevs = {
+      "10-wg-cccda" = {
+        netdevConfig = {
+          Kind = "wireguard";
+          MTUBytes = "1300";
+          Name = "wg-cccda";
+        };
+        extraConfig = ''
+          [WireGuard]
+          PrivateKeyFile=/etc/secrets/wireguard-cccda
+          ListenPort=9919
+
+          [WireGuardPeer]
+          PublicKey=4/Ta8Ms2g5UNxjzSY+2khfH9YK45tUbnipH8Np9wGgk=
+          AllowedIPs=192.168.204.0/24,192.168.201.0/24
+          Endpoint=vpn.darmstadt.ccc.de:443
+        '';
+      };
+    };
+    networks = {
+      "40-wg0-cccda".extraConfig = ''
+        [Match]
+        Name=wg-cccda
+
+        [Network]
+        DHCP=no
+        IPv6AcceptRA=false
+
+        [Address]
+        Address=192.168.204.12/24
+      '';
+    };
+  };
+
+}