From 91eeec2b2b3ba66ee7ebadd8f540697a0f9a600a Mon Sep 17 00:00:00 2001 From: clerie Date: Tue, 13 Aug 2024 12:46:02 +0200 Subject: [PATCH 1/3] hosts/carbon: Fix ppp mtu --- hosts/carbon/ppp.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/carbon/ppp.nix b/hosts/carbon/ppp.nix index a97289e..8a22cf6 100644 --- a/hosts/carbon/ppp.nix +++ b/hosts/carbon/ppp.nix @@ -15,7 +15,7 @@ noipdefault lcp-echo-interval 20 lcp-echo-failure 3 - mtu 14592 + mtu 1492 hide-password defaultroute +ipv6 From fdeddf8fc938af241f32d9cf05eb2e3670972451 Mon Sep 17 00:00:00 2001 From: clerie Date: Tue, 13 Aug 2024 16:13:22 +0200 Subject: [PATCH 2/3] hosts/carbon: Add wg-clerie --- hosts/carbon/configuration.nix | 1 + hosts/carbon/secrets.json | 5 +++-- hosts/carbon/wg-clerie.nix | 9 +++++++++ hosts/gatekeeper/configuration.nix | 5 +++++ 4 files changed, 18 insertions(+), 2 deletions(-) create mode 100644 hosts/carbon/wg-clerie.nix diff --git a/hosts/carbon/configuration.nix b/hosts/carbon/configuration.nix index df504e1..0a352e0 100644 --- a/hosts/carbon/configuration.nix +++ b/hosts/carbon/configuration.nix @@ -15,6 +15,7 @@ ./net-voip.nix ./ntp.nix ./ppp.nix + ./wg-clerie.nix ]; boot.kernelParams = [ "console=ttyS0,115200n8" ]; diff --git a/hosts/carbon/secrets.json b/hosts/carbon/secrets.json index 1b585f6..f3c77f3 100644 --- a/hosts/carbon/secrets.json +++ b/hosts/carbon/secrets.json @@ -2,6 +2,7 @@ "wg-monitoring": "ENC[AES256_GCM,data:+k5MgBrj/psMCE1T2jDtCCJI9Q7L+wJ3j83inNkeGp3LSUjoAPtBp4YoyL4=,iv:C19g/Lqi+cWAyiJBMNDtgLc3SDNI9bMBrBPWn+26mVY=,tag:9zIoawuGeGCMbOX1HKR/sQ==,type:str]", "pppd-dtagdsl-username": "ENC[AES256_GCM,data:JC7EyyMoN0p5YwnS9W5I0G5Omhk5usw28UiJrCfifGr+2FUgMrtFYAHQdrtWAELvYNBQDPgrHMmQjGQLhpqqK0hH,iv:/q+Fm63GVBApGInyS8i39V/lo6iv+I2omVh47deq+o8=,tag:LkR+1zTDNWuYkhH2iWT7SA==,type:str]", "pppd-dtagdsl-secrets": "ENC[AES256_GCM,data:c5pOb8It1py/9NXNTgLvt9zmsBVbSLHJt4iXWiNA+Osvomw3r7pgoO/JJh9ujomPMnOlDwN7g+pJ,iv:W36gA8E1mWchN6+8hdMdt2epv/RdS91T5ANB/JTcHCE=,tag:7eZ3fZkjERCVJCXYrABnlQ==,type:str]", + "wg-clerie": "ENC[AES256_GCM,data:OEZg8ZoLAdVhKkvB0ai13ID3gPnVUU/xkOjZ4KiJ9MnRbcFu5HBd7Nw6iNwh,iv:edPuaehya2ZvYKkiBqNUbXVDAxAT6yNgETnWtd6it94=,tag:cX12szdQfAcC6cij6zk6Dw==,type:str]", "sops": { "kms": null, "gcp_kms": null, @@ -13,8 +14,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3Rkd5WFE3aE5EQzY5ZXV4\nbXVGYmxTdVg1ekRpVjlRUnozY2tMTGloL21RCktjZW95OU9ZZ2owTCtMR1NxaXJn\na2VYS2ttb3VhSjNXOG84UUJtYU04QjAKLS0tIGd3aHM0RldFYnVFdDRVS0Vhc3BF\nckJhYmN6a1FJUC9ibks1cGlRaU1zbFkKE4ClunQ3XGAILwluC6iYFs+rlR02PdhK\njOmPbOlS0aNG0hoC7Z6aetgpj689AkJgl68QVcyvm+ecHH7TOT7l1A==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2024-07-13T21:56:57Z", - "mac": "ENC[AES256_GCM,data:/jZ/aIQUxYrF0deBTJOyc009yPKfshiYnAB2GR5SRTi00Ls5efKzhjDJaEWvAkgBTFz5/a8fy2k+vXEDsDlrgcgWqMS8/Az5LRf9RWUBWkerDyoBJ2UZRdt7UVPfkN8ObKQpfFqxhzkm4zio+MwSbqSMZil6fGaxz6lyUkwaphg=,iv:KStinEtV1DTaEl0ebMEw8lSMvrE5rtxqfTbzssC9oGY=,tag:YOr8T3wqqxyv0mpO1wMDEg==,type:str]", + "lastmodified": "2024-08-13T14:06:43Z", + "mac": "ENC[AES256_GCM,data:yGKY0fi3KQWGHBeyNtQ8EJ6561dKRZ5aAjO9zq3odDtX75i2RSjORIlNjBsVvegBzeo8AkwwnzxNPt2sHl6MKDZfEsysWAi8Wolh4UvHk087AnR/uKvtG6t4uUaNIWej2DEzxUtTQ8QP1afsdqGCf0vZVruNcJ4u2xiQbN2vJPc=,iv:CDXJ5/P+h0Enq/0EL1su1Mw55FVYLy4XPSoUCkRkt+U=,tag:AvRfEDYMBunyIQIVCPbXag==,type:str]", "pgp": [ { "created_at": "2024-05-10T13:05:56Z", diff --git a/hosts/carbon/wg-clerie.nix b/hosts/carbon/wg-clerie.nix new file mode 100644 index 0000000..14bf443 --- /dev/null +++ b/hosts/carbon/wg-clerie.nix @@ -0,0 +1,9 @@ +{ ... }: + +{ + services.wg-clerie = { + enable = true; + ipv6s = [ "2a01:4f8:c0c:15f1::8111/128" ]; + ipv4s = [ "10.20.30.111/32" ]; + }; +} diff --git a/hosts/gatekeeper/configuration.nix b/hosts/gatekeeper/configuration.nix index b2c6770..bf0b261 100644 --- a/hosts/gatekeeper/configuration.nix +++ b/hosts/gatekeeper/configuration.nix @@ -109,6 +109,11 @@ allowedIPs = [ "2a01:4f8:c0c:15f1::8110/128" "10.20.30.110/32" ]; publicKey = "kn6ZtViagKGSyfQJQW6csQE/5r7uKlbC1rbInlQ33xs="; } + { + # carbon + allowedIPs = [ "2a01:4f8:c0c:15f1::8111/128" "10.20.30.111/32" ]; + publicKey = "o6qxGKIoW2ZSFhXeNRXd4G9BRFeYyjZsrUPulB3KhTI="; + } ]; listenPort = 51820; allowedIPsAsRoutes = false; From 02bfbab29ba44113289103b9c9151ccc57a936cb Mon Sep 17 00:00:00 2001 From: Flake Update Bot Date: Wed, 14 Aug 2024 03:04:05 +0200 Subject: [PATCH 3/3] Update nixpkgs 2024-08-14-01-03 --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 06a5176..3ebc633 100644 --- a/flake.lock +++ b/flake.lock @@ -288,11 +288,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1722421184, - "narHash": "sha256-/DJBI6trCeVnasdjUo9pbnodCLZcFqnVZiLUfqLH4jA=", + "lastModified": 1723362943, + "narHash": "sha256-dFZRVSgmJkyM0bkPpaYRtG/kRMRTorUIDj8BxoOt1T4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9f918d616c5321ad374ae6cb5ea89c9e04bf3e58", + "rev": "a58bc8ad779655e790115244571758e8de055e3d", "type": "github" }, "original": {