From 525e83b9fd658d5a6e3f2a332f4858d6b34a6312 Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Fri, 1 Jul 2022 21:19:19 +0200
Subject: [PATCH] Remove heimnetz IPv6 tunnel

---
 hosts/carbon/configuration.nix     | 16 +---------------
 hosts/gatekeeper/configuration.nix | 12 ------------
 2 files changed, 1 insertion(+), 27 deletions(-)

diff --git a/hosts/carbon/configuration.nix b/hosts/carbon/configuration.nix
index 00c42ac..8246983 100644
--- a/hosts/carbon/configuration.nix
+++ b/hosts/carbon/configuration.nix
@@ -51,7 +51,6 @@
     { address = "fe80::1"; prefixLength = 64; }
     { address = "fd00:152:152:4::1"; prefixLength = 64; }
     { address = "2001:4cd8:100:1337::1"; prefixLength = 64; } # public IPs for local network
-    { address = "2a01:4f8:1c0c:8221::1"; prefixLength = 64; } # public IPs for services
   ];
   networking.interfaces."enp1s0.201".ipv4.addresses = [
     { address = "10.152.4.1"; prefixLength = 24; }
@@ -267,18 +266,6 @@
       allowedIPsAsRoutes = false;
       privateKeyFile = "/var/src/secrets/wireguard/wg-porter4";
     };
-    wg-heimnetz = {
-      ips = [ "fd00:153:153:201::2/64" ];
-      peers = [ {
-        allowedIPs = [ "::/0" ];
-        endpoint = "[fd00:152:152:101::1]:60001";
-        publicKey = "j/XAIOJGgLieg0jry4AGSkxQySuDdwhJShqC5SCgsWw=";
-      } ];
-      listenPort = 60001;
-      allowedIPsAsRoutes = false;
-      privateKeyFile = "/var/src/secrets/wireguard/wg-heimnetz";
-      postSetup = "ip link set wg-heimnetz mtu 1340";
-    };
   };
 
   networking.firewall.allowedUDPPorts = [ 53 60001 ];
@@ -329,8 +316,7 @@
       # main routes first except default route
       { rule = "lookup main suppress_prefixlength 0"; prio = 10000; }
       # Prefixes defaulting to gatekeeper
-      { rule = "from 2a01:4f8:1c0c:8221::/64 lookup 20101"; prio = 20000; }
-      { rule = "from 2a01:4f8:1c0c:8221::/64 unreachable"; prio = 20001; }
+      #{ rule = "from xxx lookup 20101"; prio = 20000; }
       # Everything else defaulting to main table after this
     ];
     rules4 = [
diff --git a/hosts/gatekeeper/configuration.nix b/hosts/gatekeeper/configuration.nix
index 23f3ddb..c76d640 100644
--- a/hosts/gatekeeper/configuration.nix
+++ b/hosts/gatekeeper/configuration.nix
@@ -72,18 +72,6 @@
       allowedIPsAsRoutes = false;
       privateKeyFile = "/var/src/secrets/wireguard/wg-nonat6";
     };
-    wg-heimnetz = {
-      ips = [ "fd00:153:153:201::1/64" ];
-      peers = [ {
-          allowedIPs = [ "::/0" ];
-          endpoint = "[fd00:152:152:104::1]:60001";
-          publicKey = "x44tpGt+uqIWTEl4qwZE7iPRjEHkYSZGKOQ7EuwLzX8=";
-      } ];
-      listenPort = 60001;
-      allowedIPsAsRoutes = false;
-      privateKeyFile = "/var/src/secrets/wireguard/wg-heimnetz";
-      postSetup = "ip link set wg-heimnetz mtu 1340";
-    };
     wg-vpn = {
       ips = [ "2a01:4f8:c0c:15f1::8001/113" "10.20.30.1/24" ];
       peers = [