Remove heimnetz IPv6 tunnel

2022-07-01 21:19:19 +02:00 · 2022-07-01 21:19:19 +02:00 · 525e83b9fd
commit 525e83b9fd
parent fd1d9a2252
2 changed files with 1 additions and 27 deletions
--- a/hosts/carbon/configuration.nix
+++ b/hosts/carbon/configuration.nix
@ -51,7 +51,6 @@
    { address = "fe80::1"; prefixLength = 64; }
    { address = "fd00:152:152:4::1"; prefixLength = 64; }
    { address = "2001:4cd8:100:1337::1"; prefixLength = 64; } # public IPs for local network
-    { address = "2a01:4f8:1c0c:8221::1"; prefixLength = 64; } # public IPs for services
  ];
  networking.interfaces."enp1s0.201".ipv4.addresses = [
    { address = "10.152.4.1"; prefixLength = 24; }
@ -267,18 +266,6 @@
      allowedIPsAsRoutes = false;
      privateKeyFile = "/var/src/secrets/wireguard/wg-porter4";
    };
-    wg-heimnetz = {
-      ips = [ "fd00:153:153:201::2/64" ];
-      peers = [ {
-        allowedIPs = [ "::/0" ];
-        endpoint = "[fd00:152:152:101::1]:60001";
-        publicKey = "j/XAIOJGgLieg0jry4AGSkxQySuDdwhJShqC5SCgsWw=";
-      } ];
-      listenPort = 60001;
-      allowedIPsAsRoutes = false;
-      privateKeyFile = "/var/src/secrets/wireguard/wg-heimnetz";
-      postSetup = "ip link set wg-heimnetz mtu 1340";
-    };
  };

  networking.firewall.allowedUDPPorts = [ 53 60001 ];
@ -329,8 +316,7 @@
      # main routes first except default route
      { rule = "lookup main suppress_prefixlength 0"; prio = 10000; }
      # Prefixes defaulting to gatekeeper
-      { rule = "from 2a01:4f8:1c0c:8221::/64 lookup 20101"; prio = 20000; }
-      { rule = "from 2a01:4f8:1c0c:8221::/64 unreachable"; prio = 20001; }
+      #{ rule = "from xxx lookup 20101"; prio = 20000; }
      # Everything else defaulting to main table after this
    ];
    rules4 = [
--- a/hosts/gatekeeper/configuration.nix
+++ b/hosts/gatekeeper/configuration.nix
@ -72,18 +72,6 @@
      allowedIPsAsRoutes = false;
      privateKeyFile = "/var/src/secrets/wireguard/wg-nonat6";
    };
-    wg-heimnetz = {
-      ips = [ "fd00:153:153:201::1/64" ];
-      peers = [ {
-          allowedIPs = [ "::/0" ];
-          endpoint = "[fd00:152:152:104::1]:60001";
-          publicKey = "x44tpGt+uqIWTEl4qwZE7iPRjEHkYSZGKOQ7EuwLzX8=";
-      } ];
-      listenPort = 60001;
-      allowedIPsAsRoutes = false;
-      privateKeyFile = "/var/src/secrets/wireguard/wg-heimnetz";
-      postSetup = "ip link set wg-heimnetz mtu 1340";
-    };
    wg-vpn = {
      ips = [ "2a01:4f8:c0c:15f1::8001/113" "10.20.30.1/24" ];
      peers = [