From c83a72f9553fae3beb4865af5284c5ea2638e8c3 Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Wed, 3 Feb 2021 20:14:59 +0100
Subject: [PATCH] Implement direct link between porter and gatekeeper

---
 hosts/gatekeeper/configuration.nix | 21 ++++++++++++++++++++-
 hosts/porter/configuration.nix     | 21 ++++++++++++++++++++-
 2 files changed, 40 insertions(+), 2 deletions(-)

diff --git a/hosts/gatekeeper/configuration.nix b/hosts/gatekeeper/configuration.nix
index c5500d3..afd4ceb 100644
--- a/hosts/gatekeeper/configuration.nix
+++ b/hosts/gatekeeper/configuration.nix
@@ -50,6 +50,17 @@
       allowedIPsAsRoutes = false;
       privateKeyFile = "/var/src/secrets/wireguard/wg-carbon4";
     };
+    wg-porter6 = {
+      ips = [ "fe80::101:1/64" "169.254.101.1/24" ];
+      peers = [ {
+          allowedIPs = [ "0.0.0.0/0" "::/0" ];
+          endpoint = "[2a03:4000:6:48d::1]:50101";
+          publicKey = "Jr1GBeNWrYjz7QyiI8XSOSRo/kGsCCtGGAzxmM5Hkn0=";
+      } ];
+      listenPort = 50101;
+      allowedIPsAsRoutes = false;
+      privateKeyFile = "/var/src/secrets/wireguard/wg-porter6";
+    };
     wg-nonat6 = {
       ips = [ "fe80::128:1/64" "169.254.128.1/24" ];
       peers = [ {
@@ -100,7 +111,7 @@
     };
   };
 
-  networking.firewall.allowedUDPPorts = [ 50127 50128 51820 ];
+  networking.firewall.allowedUDPPorts = [ 50101 50127 50128 51820 ];
 
   clerie.nginx-port-forward = {
     enable = true;
@@ -190,6 +201,10 @@
         cost 80;
         type pointopoint;
       };
+      interface "wg-porter6" {
+        cost 80;
+        type pointopoint;
+      };
       interface "wg-nonat6" {
         cost 80;
         type pointopoint;
@@ -208,6 +223,10 @@
         cost 80;
         type pointopoint;
       };
+      interface "wg-porter6" {
+        cost 80;
+        type pointopoint;
+      };
       interface "wg-nonat6" {
         cost 80;
         type pointopoint;
diff --git a/hosts/porter/configuration.nix b/hosts/porter/configuration.nix
index e442c18..3c7e4fc 100644
--- a/hosts/porter/configuration.nix
+++ b/hosts/porter/configuration.nix
@@ -43,6 +43,17 @@
       allowedIPsAsRoutes = false;
       privateKeyFile = "/var/src/secrets/wireguard/wg-carbon4";
     };
+    wg-gatekeeper6 = {
+      ips = [ "fe80::101:2/64" "169.254.101.2/24" ];
+      peers = [ {
+          allowedIPs = [ "0.0.0.0/0" "::/0" ];
+          endpoint = "[2a01:4f8:c0c:15f1::1]:50101";
+          publicKey = "ZmyAqrBOmF2LxANPnICtBk3x3qpJp3i+iQrNliqdi1g=";
+      } ];
+      listenPort = 50101;
+      allowedIPsAsRoutes = false;
+      privateKeyFile = "/var/src/secrets/wireguard/wg-gatekeeper6";
+    };
     wg-nonat6 = {
       ips = [ "fe80::1337:1/64" "169.254.137.1/24" ];
       peers = [ {
@@ -64,7 +75,7 @@
     };
   };
 
-  networking.firewall.allowedUDPPorts = [ 50138 51337 ];
+  networking.firewall.allowedUDPPorts = [ 50101 50138 51337 ];
 
   services.bird2.enable = true;
   services.bird2.config = ''
@@ -116,6 +127,10 @@
         cost 80;
         type pointopoint;
       };
+      interface "wg-gatekeeper6" {
+        cost 80;
+        type pointopoint;
+      };
       interface "wg-nonat6" {
         cost 80;
         type pointopoint;
@@ -134,6 +149,10 @@
         cost 80;
         type pointopoint;
       };
+      interface "wg-gatekeeper6" {
+        cost 80;
+        type pointopoint;
+      };
       interface "wg-nonat6" {
         cost 80;
         type pointopoint;