From d4f6812f709312eab8a8e7b4f13c4763af99a61a Mon Sep 17 00:00:00 2001 From: clerie Date: Thu, 4 Dec 2025 16:36:27 +0100 Subject: [PATCH 1/5] hosts/dn42-il-gw1: Add tbspace peering --- hosts/dn42-il-gw1/configuration.nix | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/hosts/dn42-il-gw1/configuration.nix b/hosts/dn42-il-gw1/configuration.nix index 4d4c956..e061dbc 100644 --- a/hosts/dn42-il-gw1/configuration.nix +++ b/hosts/dn42-il-gw1/configuration.nix @@ -223,6 +223,25 @@ ]; privateKeyFile = config.sops.secrets.wg1718.path; }; + # tbspace + wg6190 = { + ips = [ + "fe80::2574/128" + ]; + postSetup = '' + ip addr replace dev wg6190 fe80::2574/128 peer fe80::1299:e/128 + ''; + listenPort = 56190; + allowedIPsAsRoutes = false; + peers = [ + { + allowedIPs = [ "fe80::/10" "fd00::/8" ]; + endpoint = "dn42.tbspace.de:49168"; + publicKey = "skvyDl81J8Zu3Ziem+7JKeU4UYLhhWt7gWelg8nEbzQ="; + } + ]; + privateKeyFile = config.sops.secrets.dn42-router-general-wireguard-key.path; + }; }; networking.firewall.allowedUDPPorts = [ @@ -320,6 +339,13 @@ remoteAsn = "4242421718"; localAddress = "fe80::2574"; } + { + peerName = "peer_6190"; + remoteAddress = "fe80::1299:e"; + interfaceName = "wg6190"; + remoteAsn = "76190"; + localAddress = "fe80::2574"; + } ]; }; From 9406b9b18dbd3de5f3cd9bf1b8f966f691102098 Mon Sep 17 00:00:00 2001 From: clerie Date: Fri, 5 Dec 2025 11:57:54 +0100 Subject: [PATCH 2/5] hosts/dn42-il-gw1: Add peer iedon --- hosts/dn42-il-gw1/configuration.nix | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/hosts/dn42-il-gw1/configuration.nix b/hosts/dn42-il-gw1/configuration.nix index e061dbc..ac02dad 100644 --- a/hosts/dn42-il-gw1/configuration.nix +++ b/hosts/dn42-il-gw1/configuration.nix @@ -183,6 +183,26 @@ ]; privateKeyFile = config.sops.secrets.wg1280.path; }; + # iedon + # https://iedon.net/ + wg2189 = { + ips = [ + "fe80::2574/128" + ]; + postSetup = '' + ip addr replace dev wg2189 fe80::2574/128 peer fe80::2189:e9/128 + ''; + listenPort = 52189; + allowedIPsAsRoutes = false; + peers = [ + { + allowedIPs = [ "fe80::/10" "fd00::/8" ]; + endpoint = "de-fra.dn42.iedon.net:42463"; + publicKey = "FHp0OR4UpAS8/Ra0FUNffTk18soUYCa6NcvZdOgxY0k="; + } + ]; + privateKeyFile = config.sops.secrets.dn42-router-general-wireguard-key.path; + }; # lutoma wg4719 = { ips = [ @@ -325,6 +345,13 @@ remoteAsn = "4242421280"; localAddress = "fde3:4c0d:2836:ff00::21"; } + { + peerName = "peer_2189_de_fra"; + remoteAddress = "fe80::2189:e9"; + interfaceName = "wg2189"; + remoteAsn = "4242422189"; + localAddress = "fe80::2574"; + } { peerName = "peer_4719"; remoteAddress = "fe80::acab"; From ff21771fe37fa49c77b3c830ddfb587fbbe6b54d Mon Sep 17 00:00:00 2001 From: clerie Date: Fri, 5 Dec 2025 11:58:38 +0100 Subject: [PATCH 3/5] hosts/dn42-il-gw1: Add missing ports to open in firewall --- hosts/dn42-il-gw1/configuration.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hosts/dn42-il-gw1/configuration.nix b/hosts/dn42-il-gw1/configuration.nix index ac02dad..1665ec5 100644 --- a/hosts/dn42-il-gw1/configuration.nix +++ b/hosts/dn42-il-gw1/configuration.nix @@ -265,14 +265,18 @@ }; networking.firewall.allowedUDPPorts = [ + 50150 # wg0150 50565 # wg0565 + 50663 # wg0663 51240 # wg1240 51241 # wg1241 51271 # wg1271 51272 # wg1272 51280 # wg1280 + 52189 # wg2189 54719 # wg4719 51718 # wg1718 + 56190 # wg6190 ]; profiles.clerie.dn42-router = { From ccdf9ceb0ec19eb08fd0b41159c67d9e5476ee50 Mon Sep 17 00:00:00 2001 From: clerie Date: Fri, 5 Dec 2025 12:06:39 +0100 Subject: [PATCH 4/5] hosts/dn42-il-gw1: Sort peering correctly --- hosts/dn42-il-gw1/configuration.nix | 56 ++++++++++++++--------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/hosts/dn42-il-gw1/configuration.nix b/hosts/dn42-il-gw1/configuration.nix index 1665ec5..2089522 100644 --- a/hosts/dn42-il-gw1/configuration.nix +++ b/hosts/dn42-il-gw1/configuration.nix @@ -183,6 +183,26 @@ ]; privateKeyFile = config.sops.secrets.wg1280.path; }; + # zaphyra + wg1718 = { + ips = [ + "fe80::2574/128" + # peer fe80::6b61/64 + ]; + postSetup = '' + ip addr replace dev wg1718 fe80::2574/128 peer fe80::6b61/128 + ''; + listenPort = 51718; + allowedIPsAsRoutes = false; + peers = [ + { + allowedIPs = [ "fe80::/10" "fd00::/8" ]; + endpoint = "router-a.dn42.zaphyra.eu:51831"; + publicKey = "Knm6uEpMsTfZAK68Pl98mHORtb8TtswBfYFGznpHUCI="; + } + ]; + privateKeyFile = config.sops.secrets.wg1718.path; + }; # iedon # https://iedon.net/ wg2189 = { @@ -223,26 +243,6 @@ ]; privateKeyFile = config.sops.secrets.wg4719.path; }; - # zaphyra - wg1718 = { - ips = [ - "fe80::2574/128" - # peer fe80::6b61/64 - ]; - postSetup = '' - ip addr replace dev wg1718 fe80::2574/128 peer fe80::6b61/128 - ''; - listenPort = 51718; - allowedIPsAsRoutes = false; - peers = [ - { - allowedIPs = [ "fe80::/10" "fd00::/8" ]; - endpoint = "router-a.dn42.zaphyra.eu:51831"; - publicKey = "Knm6uEpMsTfZAK68Pl98mHORtb8TtswBfYFGznpHUCI="; - } - ]; - privateKeyFile = config.sops.secrets.wg1718.path; - }; # tbspace wg6190 = { ips = [ @@ -273,9 +273,9 @@ 51271 # wg1271 51272 # wg1272 51280 # wg1280 + 51718 # wg1718 52189 # wg2189 54719 # wg4719 - 51718 # wg1718 56190 # wg6190 ]; @@ -349,6 +349,13 @@ remoteAsn = "4242421280"; localAddress = "fde3:4c0d:2836:ff00::21"; } + { + peerName = "peer_1718"; + remoteAddress = "fe80::6b61"; + interfaceName = "wg1718"; + remoteAsn = "4242421718"; + localAddress = "fe80::2574"; + } { peerName = "peer_2189_de_fra"; remoteAddress = "fe80::2189:e9"; @@ -363,13 +370,6 @@ remoteAsn = "64719"; localAddress = "fe80::1"; } - { - peerName = "peer_1718"; - remoteAddress = "fe80::6b61"; - interfaceName = "wg1718"; - remoteAsn = "4242421718"; - localAddress = "fe80::2574"; - } { peerName = "peer_6190"; remoteAddress = "fe80::1299:e"; From 75c8c3e6e264ac80f23b7ff21475813190db7f48 Mon Sep 17 00:00:00 2001 From: clerie Date: Fri, 5 Dec 2025 12:23:56 +0100 Subject: [PATCH 5/5] hosts/dn42-il-gw1: Add peer c4tg1rl5 --- hosts/dn42-il-gw1/configuration.nix | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/hosts/dn42-il-gw1/configuration.nix b/hosts/dn42-il-gw1/configuration.nix index 2089522..4f8b8f7 100644 --- a/hosts/dn42-il-gw1/configuration.nix +++ b/hosts/dn42-il-gw1/configuration.nix @@ -183,6 +183,26 @@ ]; privateKeyFile = config.sops.secrets.wg1280.path; }; + # c4tg1rl5 + # https://catgirls.systems/peering/ + wg1411 = { + ips = [ + "fe80::2574/128" + ]; + postSetup = '' + ip addr replace dev wg1411 fe80::2574/128 peer fe80::1411/128 + ''; + listenPort = 51411; + allowedIPsAsRoutes = false; + peers = [ + #{ + # allowedIPs = [ "fe80::/10" "fd00::/8" ]; + # endpoint = ""; + # publicKey = ""; + #} + ]; + privateKeyFile = config.sops.secrets.dn42-router-general-wireguard-key.path; + }; # zaphyra wg1718 = { ips = [ @@ -273,6 +293,7 @@ 51271 # wg1271 51272 # wg1272 51280 # wg1280 + 51411 # wg1411 51718 # wg1718 52189 # wg2189 54719 # wg4719 @@ -349,6 +370,13 @@ remoteAsn = "4242421280"; localAddress = "fde3:4c0d:2836:ff00::21"; } + { + peerName = "peer_1411_de_fsn"; + remoteAddress = "fe80::1411"; + interfaceName = "wg1411"; + remoteAsn = "4242421411"; + localAddress = "fe80::2574"; + } { peerName = "peer_1718"; remoteAddress = "fe80::6b61";