From 0e4f3cce469e90f684c3053963fe83e859b2f57b Mon Sep 17 00:00:00 2001 From: clerie Date: Tue, 4 Apr 2023 21:30:56 +0200 Subject: [PATCH] hosts/astatine: add event management vpn --- hosts/astatine/configuration.nix | 38 +++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/hosts/astatine/configuration.nix b/hosts/astatine/configuration.nix index 48320a6..198a9ec 100644 --- a/hosts/astatine/configuration.nix +++ b/hosts/astatine/configuration.nix @@ -22,9 +22,45 @@ terminal_output serial "; - networking.hostName = "astatine"; + networking.firewall.enable = false; + + networking.iproute2.enable = true; + networking.iproute2.rttablesExtraConfig = '' + 200 wg-clerie + ''; + + petabyte.policyrouting = { + enable = true; + rules6 = [ + { rule = "from 2a01:4f8:c0c:15f1::8108/128 lookup wg-clerie"; prio = 20000; } + { rule = "from 2a01:4f8:c0c:15f1::8108/128 unreachable"; prio = 20001; } + ]; + rules4 = [ + { rule = "from 10.20.30.108/32 lookup wg-clerie"; prio = 20000; } + { rule = "from 10.20.30.108/32 unreachable"; prio = 20001; } + ]; + }; + + + networking.wireguard.enable = true; + networking.wireguard.interfaces = { + wg-clerie = { + ips = [ "2a01:4f8:c0c:15f1::8108/128" "10.20.30.108/32" ]; + table = "wg-clerie"; + peers = [ + { + endpoint = "vpn.clerie.de:51820"; + persistentKeepalive = 25; + allowedIPs = [ "0.0.0.0/0" "::/0" "10.20.30.0/24" "2a01:4f8:c0c:15f1::/113" ]; + publicKey = "2p1Jqs3bkXbXHFWE6vp1yxHIFoUaZQEARS2nJzbkuBA="; + } + ]; + privateKeyFile = "/var/src/secrets/wireguard/wg-clerie"; + }; + }; + clerie.monitoring = { # enable = true; id = "%MONITORING_ID%";