clerie/nixfiles
1
0
Fork 0
Code

Switch from gre tunnel to wireguard for heimnetz transport

Browse Source
This commit is contained in:
clerie 2021-05-12 10:04:04 +02:00
parent a3002d2455
commit 1caff12782
2 changed files with 26 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
hosts/carbon/configuration.nix
View File

@ -75,25 +75,21 @@
allowedIPsAsRoutes = false; allowedIPsAsRoutes = false;
privateKeyFile = "/var/src/secrets/wireguard/wg-porter4"; privateKeyFile = "/var/src/secrets/wireguard/wg-porter4";
}; };
wg-heimnetz = {
ips = [ "fd00:153:153:201::2/64" ];
peers = [ {
allowedIPs = [ "::/0" ];
endpoint = "[fd00:152:152:101::1]:60001";
publicKey = "j/XAIOJGgLieg0jry4AGSkxQySuDdwhJShqC5SCgsWw=";
} ];
listenPort = 60001;
allowedIPsAsRoutes = false;
privateKeyFile = "/var/src/secrets/wireguard/wg-heimnetz";
postSetup = "ip link set wg-heimnetz mtu 1340";
};
}; };
clerie.gre-tunnel = { networking.firewall.allowedUDPPorts = [ 60001 ];
enable = true;
ipv6= {
gre-gatekeeper6 = {
remote = "fd00:152:152:101::1";
local = (lib.head config.networking.interfaces.lo.ipv6.addresses).address;
address = "fd00:153:153:201::2/64";
};
};
ipv4 = {
gre-gatekeeper4 = {
remote = "10.152.101.1";
local = (lib.head config.networking.interfaces.lo.ipv4.addresses).address;
address = "10.153.201.2/24";
};
};
};
# Routing tables # Routing tables
# Table: 10000 # Table: 10000

32
hosts/gatekeeper/configuration.nix
View File

@ -72,6 +72,18 @@
allowedIPsAsRoutes = false; allowedIPsAsRoutes = false;
privateKeyFile = "/var/src/secrets/wireguard/wg-nonat6"; privateKeyFile = "/var/src/secrets/wireguard/wg-nonat6";
}; };
wg-heimnetz = {
ips = [ "fd00:153:153:201::1/64" ];
peers = [ {
allowedIPs = [ "::/0" ];
endpoint = "[fd00:152:152:104::1]:60001";
publicKey = "x44tpGt+uqIWTEl4qwZE7iPRjEHkYSZGKOQ7EuwLzX8=";
} ];
listenPort = 60001;
allowedIPsAsRoutes = false;
privateKeyFile = "/var/src/secrets/wireguard/wg-heimnetz";
postSetup = "ip link set wg-heimnetz mtu 1340";
};
wg-vpn = { wg-vpn = {
ips = [ "2a01:4f8:c0c:15f1::8001/113" "10.20.30.1/24" ]; ips = [ "2a01:4f8:c0c:15f1::8001/113" "10.20.30.1/24" ];
peers = [ peers = [
@ -111,7 +123,7 @@
}; };
}; };
networking.firewall.allowedUDPPorts = [ 50101 50127 50128 51820 ]; networking.firewall.allowedUDPPorts = [ 50101 50127 50128 51820 60001 ];
clerie.nginx-port-forward = { clerie.nginx-port-forward = {
enable = true; enable = true;
@ -140,24 +152,6 @@
}; };
}; };
clerie.gre-tunnel = {
enable = true;
ipv6= {
gre-carbon6 = {
remote = "fd00:152:152:104::1";
local = (lib.head config.networking.interfaces.lo.ipv6.addresses).address;
address = "fd00:153:153:201::1/64";
};
};
ipv4 = {
gre-carbon4 = {
remote = "10.152.104.1";
local = (lib.head config.networking.interfaces.lo.ipv4.addresses).address;
address = "10.153.201.1/24";
};
};
};
services.bird2.enable = true; services.bird2.enable = true;
services.bird2.config = '' services.bird2.config = ''
router id ${ (lib.head config.networking.interfaces.lo.ipv4.addresses).address }; router id ${ (lib.head config.networking.interfaces.lo.ipv4.addresses).address };