clerie/nixfiles
1
0
Fork 0
Code

Remove heimnetz IPv6 tunnel

Browse Source
This commit is contained in:
clerie 2022-07-01 21:19:19 +02:00
parent fd1d9a2252
commit 525e83b9fd
2 changed files with 1 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
hosts/carbon/configuration.nix
View File

@ -51,7 +51,6 @@
{ address = "fe80::1"; prefixLength = 64; } { address = "fe80::1"; prefixLength = 64; }
{ address = "fd00:152:152:4::1"; prefixLength = 64; } { address = "fd00:152:152:4::1"; prefixLength = 64; }
{ address = "2001:4cd8:100:1337::1"; prefixLength = 64; } # public IPs for local network { address = "2001:4cd8:100:1337::1"; prefixLength = 64; } # public IPs for local network
{ address = "2a01:4f8:1c0c:8221::1"; prefixLength = 64; } # public IPs for services
]; ];
networking.interfaces."enp1s0.201".ipv4.addresses = [ networking.interfaces."enp1s0.201".ipv4.addresses = [
{ address = "10.152.4.1"; prefixLength = 24; } { address = "10.152.4.1"; prefixLength = 24; }
@ -267,18 +266,6 @@
allowedIPsAsRoutes = false; allowedIPsAsRoutes = false;
privateKeyFile = "/var/src/secrets/wireguard/wg-porter4"; privateKeyFile = "/var/src/secrets/wireguard/wg-porter4";
}; };
wg-heimnetz = {
ips = [ "fd00:153:153:201::2/64" ];
peers = [ {
allowedIPs = [ "::/0" ];
endpoint = "[fd00:152:152:101::1]:60001";
publicKey = "j/XAIOJGgLieg0jry4AGSkxQySuDdwhJShqC5SCgsWw=";
} ];
listenPort = 60001;
allowedIPsAsRoutes = false;
privateKeyFile = "/var/src/secrets/wireguard/wg-heimnetz";
postSetup = "ip link set wg-heimnetz mtu 1340";
};
}; };
networking.firewall.allowedUDPPorts = [ 53 60001 ]; networking.firewall.allowedUDPPorts = [ 53 60001 ];
@ -329,8 +316,7 @@
# main routes first except default route # main routes first except default route
{ rule = "lookup main suppress_prefixlength 0"; prio = 10000; } { rule = "lookup main suppress_prefixlength 0"; prio = 10000; }
# Prefixes defaulting to gatekeeper # Prefixes defaulting to gatekeeper
{ rule = "from 2a01:4f8:1c0c:8221::/64 lookup 20101"; prio = 20000; } #{ rule = "from xxx lookup 20101"; prio = 20000; }
{ rule = "from 2a01:4f8:1c0c:8221::/64 unreachable"; prio = 20001; }
# Everything else defaulting to main table after this # Everything else defaulting to main table after this
]; ];
rules4 = [ rules4 = [

12
hosts/gatekeeper/configuration.nix
View File

@ -72,18 +72,6 @@
allowedIPsAsRoutes = false; allowedIPsAsRoutes = false;
privateKeyFile = "/var/src/secrets/wireguard/wg-nonat6"; privateKeyFile = "/var/src/secrets/wireguard/wg-nonat6";
}; };
wg-heimnetz = {
ips = [ "fd00:153:153:201::1/64" ];
peers = [ {
allowedIPs = [ "::/0" ];
endpoint = "[fd00:152:152:104::1]:60001";
publicKey = "x44tpGt+uqIWTEl4qwZE7iPRjEHkYSZGKOQ7EuwLzX8=";
} ];
listenPort = 60001;
allowedIPsAsRoutes = false;
privateKeyFile = "/var/src/secrets/wireguard/wg-heimnetz";
postSetup = "ip link set wg-heimnetz mtu 1340";
};
wg-vpn = { wg-vpn = {
ips = [ "2a01:4f8:c0c:15f1::8001/113" "10.20.30.1/24" ]; ips = [ "2a01:4f8:c0c:15f1::8001/113" "10.20.30.1/24" ];
peers = [ peers = [