cray: Update vpn config

This commit is contained in:
fleaz 2024-02-03 22:47:03 +01:00
parent 945e3ec247
commit eb01c0bae8
No known key found for this signature in database
GPG key ID: AED15F8FDD04D083
3 changed files with 80 additions and 39 deletions

View file

@ -3,6 +3,8 @@
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./tunnel-backbone.nix
./tunnel-cccda.nix
../../roles/all.nix
../../modules/luks.nix
../../modules/grub.nix
@ -18,45 +20,6 @@
networking.interfaces.enp4s0.useDHCP = true;
networking.interfaces.enp4s0.wakeOnLan.enable = true;
#boot.extraModulePackages = [ config.boot.kernelPackages.wireguard ];
systemd.network = {
enable = true;
netdevs = {
"10-wg-backbone" = {
netdevConfig = {
Kind = "wireguard";
MTUBytes = "1300";
Name = "wg-backbone";
};
extraConfig = ''
[WireGuard]
PrivateKeyFile=/etc/secrets/wireguard
ListenPort=9918
[WireGuardPeer]
PublicKey=JjJrLv6ocRIgPGPz6TUexPj0eUSKPDEQFye4397nbwM=
AllowedIPs=192.168.8.0/24
Endpoint=marge.fleaz.me:50200
'';
};
};
networks = {
# See also man systemd.network
"40-wg0".extraConfig = ''
[Match]
Name=wg-backbone
[Network]
DHCP=no
IPv6AcceptRA=false
# IP addresses the client interface will have
[Address]
Address=192.168.8.13/24
'';
};
};
# Enable CUPS
services.printing.enable = true;
services.printing.drivers = with pkgs; [ splix ];

View file

@ -0,0 +1,40 @@
{
systemd.network = {
enable = true;
netdevs = {
"10-wg-backbone" = {
netdevConfig = {
Kind = "wireguard";
MTUBytes = "1300";
Name = "wg-backbone";
};
extraConfig = ''
[WireGuard]
PrivateKeyFile=/etc/secrets/wireguard-backbone
ListenPort=9918
[WireGuardPeer]
PublicKey=JjJrLv6ocRIgPGPz6TUexPj0eUSKPDEQFye4397nbwM=
AllowedIPs=192.168.8.0/24
Endpoint=marge.fleaz.me:50200
'';
};
};
networks = {
# See also man systemd.network
"40-wg0-backbone".extraConfig = ''
[Match]
Name=wg-backbone
[Network]
DHCP=no
IPv6AcceptRA=false
# IP addresses the client interface will have
[Address]
Address=192.168.8.13/24
'';
};
};
}

View file

@ -0,0 +1,38 @@
{
systemd.network = {
enable = true;
netdevs = {
"10-wg-cccda" = {
netdevConfig = {
Kind = "wireguard";
MTUBytes = "1300";
Name = "wg-cccda";
};
extraConfig = ''
[WireGuard]
PrivateKeyFile=/etc/secrets/wireguard-cccda
ListenPort=9919
[WireGuardPeer]
PublicKey=4/Ta8Ms2g5UNxjzSY+2khfH9YK45tUbnipH8Np9wGgk=
AllowedIPs=192.168.204.0/24,192.168.201.0/24
Endpoint=vpn.darmstadt.ccc.de:443
'';
};
};
networks = {
"40-wg0-cccda".extraConfig = ''
[Match]
Name=wg-cccda
[Network]
DHCP=no
IPv6AcceptRA=false
[Address]
Address=192.168.204.12/24
'';
};
};
}