From 33195da4d7c19d6078c31ca9eefe6a984cb96310 Mon Sep 17 00:00:00 2001 From: clerie Date: Wed, 28 Dec 2022 01:25:12 +0100 Subject: [PATCH] host/aluminium: assign static management ip --- hosts/aluminium/configuration.nix | 26 ++++++++++++++++++++++++++ hosts/gatekeeper/configuration.nix | 5 +++++ 2 files changed, 31 insertions(+) diff --git a/hosts/aluminium/configuration.nix b/hosts/aluminium/configuration.nix index 65d16ad..8f356ef 100644 --- a/hosts/aluminium/configuration.nix +++ b/hosts/aluminium/configuration.nix @@ -20,6 +20,32 @@ networking.hostName = "aluminium"; + petabyte.policyrouting = { + enable = true; + rules6 = [ + { rule = "from 2a01:4f8:c0c:15f1::8106/128 lookup 200"; prio = 20000; } + { rule = "from 2a01:4f8:c0c:15f1::8106/128 unreachable"; prio = 20001; } + ]; + }; + + + networking.wireguard.enable = true; + networking.wireguard.interfaces = { + wg-clerie = { + ips = [ "2a01:4f8:c0c:15f1::8106/128" "10.20.30.106/32" ]; + table = "200"; + peers = [ + { + endpoint = "vpn.clerie.de:51820"; + persistentKeepalive = 25; + allowedIPs = [ "0.0.0.0/0" "::/0" "10.20.30.0/24" "2a01:4f8:c0c:15f1::/113" ]; + publicKey = "2p1Jqs3bkXbXHFWE6vp1yxHIFoUaZQEARS2nJzbkuBA="; + } + ]; + privateKeyFile = "/var/src/secrets/wireguard/wg-clerie"; + }; + }; + clerie.monitoring = { enable = true; id = "212"; diff --git a/hosts/gatekeeper/configuration.nix b/hosts/gatekeeper/configuration.nix index 507a9e7..6961a77 100644 --- a/hosts/gatekeeper/configuration.nix +++ b/hosts/gatekeeper/configuration.nix @@ -83,6 +83,11 @@ allowedIPs = [ "2a01:4f8:c0c:15f1::8105/128" "10.20.30.105/32" ]; publicKey = "6gi04ExLQnpwxmTzQwQz3AsPS+ujKmANh6+o0nAzJwM="; } + { + # aluminium + allowedIPs = [ "2a01:4f8:c0c:15f1::8106/128" "10.20.30.106/32" ]; + publicKey = "kuUeStBuU6d8PGFHFhP5pEvy0nuZ0TmScI8w7MOt0is="; + } ]; listenPort = 51820; allowedIPsAsRoutes = false;