Implement direct link between porter and gatekeeper

2021-02-03 20:14:59 +01:00 · 2021-02-03 20:14:59 +01:00 · c83a72f955
parent b214a237fd
commit c83a72f955
2 changed files with 40 additions and 2 deletions
--- a/hosts/gatekeeper/configuration.nix
+++ b/hosts/gatekeeper/configuration.nix
@ -50,6 +50,17 @@
      allowedIPsAsRoutes = false;
      privateKeyFile = "/var/src/secrets/wireguard/wg-carbon4";
    };
+    wg-porter6 = {
+      ips = [ "fe80::101:1/64" "169.254.101.1/24" ];
+      peers = [ {
+          allowedIPs = [ "0.0.0.0/0" "::/0" ];
+          endpoint = "[2a03:4000:6:48d::1]:50101";
+          publicKey = "Jr1GBeNWrYjz7QyiI8XSOSRo/kGsCCtGGAzxmM5Hkn0=";
+      } ];
+      listenPort = 50101;
+      allowedIPsAsRoutes = false;
+      privateKeyFile = "/var/src/secrets/wireguard/wg-porter6";
+    };
    wg-nonat6 = {
      ips = [ "fe80::128:1/64" "169.254.128.1/24" ];
      peers = [ {
@ -100,7 +111,7 @@
    };
  };

-  networking.firewall.allowedUDPPorts = [ 50127 50128 51820 ];
+  networking.firewall.allowedUDPPorts = [ 50101 50127 50128 51820 ];

  clerie.nginx-port-forward = {
    enable = true;
@ -190,6 +201,10 @@
        cost 80;
        type pointopoint;
      };
+      interface "wg-porter6" {
+        cost 80;
+        type pointopoint;
+      };
      interface "wg-nonat6" {
        cost 80;
        type pointopoint;
@ -208,6 +223,10 @@
        cost 80;
        type pointopoint;
      };
+      interface "wg-porter6" {
+        cost 80;
+        type pointopoint;
+      };
      interface "wg-nonat6" {
        cost 80;
        type pointopoint;
--- a/hosts/porter/configuration.nix
+++ b/hosts/porter/configuration.nix
@ -43,6 +43,17 @@
      allowedIPsAsRoutes = false;
      privateKeyFile = "/var/src/secrets/wireguard/wg-carbon4";
    };
+    wg-gatekeeper6 = {
+      ips = [ "fe80::101:2/64" "169.254.101.2/24" ];
+      peers = [ {
+          allowedIPs = [ "0.0.0.0/0" "::/0" ];
+          endpoint = "[2a01:4f8:c0c:15f1::1]:50101";
+          publicKey = "ZmyAqrBOmF2LxANPnICtBk3x3qpJp3i+iQrNliqdi1g=";
+      } ];
+      listenPort = 50101;
+      allowedIPsAsRoutes = false;
+      privateKeyFile = "/var/src/secrets/wireguard/wg-gatekeeper6";
+    };
    wg-nonat6 = {
      ips = [ "fe80::1337:1/64" "169.254.137.1/24" ];
      peers = [ {
@ -64,7 +75,7 @@
    };
  };

-  networking.firewall.allowedUDPPorts = [ 50138 51337 ];
+  networking.firewall.allowedUDPPorts = [ 50101 50138 51337 ];

  services.bird2.enable = true;
  services.bird2.config = ''
@ -116,6 +127,10 @@
        cost 80;
        type pointopoint;
      };
+      interface "wg-gatekeeper6" {
+        cost 80;
+        type pointopoint;
+      };
      interface "wg-nonat6" {
        cost 80;
        type pointopoint;
@ -134,6 +149,10 @@
        cost 80;
        type pointopoint;
      };
+      interface "wg-gatekeeper6" {
+        cost 80;
+        type pointopoint;
+      };
      interface "wg-nonat6" {
        cost 80;
        type pointopoint;