From c83a72f9553fae3beb4865af5284c5ea2638e8c3 Mon Sep 17 00:00:00 2001 From: clerie Date: Wed, 3 Feb 2021 20:14:59 +0100 Subject: [PATCH] Implement direct link between porter and gatekeeper --- hosts/gatekeeper/configuration.nix | 21 ++++++++++++++++++++- hosts/porter/configuration.nix | 21 ++++++++++++++++++++- 2 files changed, 40 insertions(+), 2 deletions(-) diff --git a/hosts/gatekeeper/configuration.nix b/hosts/gatekeeper/configuration.nix index c5500d3..afd4ceb 100644 --- a/hosts/gatekeeper/configuration.nix +++ b/hosts/gatekeeper/configuration.nix @@ -50,6 +50,17 @@ allowedIPsAsRoutes = false; privateKeyFile = "/var/src/secrets/wireguard/wg-carbon4"; }; + wg-porter6 = { + ips = [ "fe80::101:1/64" "169.254.101.1/24" ]; + peers = [ { + allowedIPs = [ "0.0.0.0/0" "::/0" ]; + endpoint = "[2a03:4000:6:48d::1]:50101"; + publicKey = "Jr1GBeNWrYjz7QyiI8XSOSRo/kGsCCtGGAzxmM5Hkn0="; + } ]; + listenPort = 50101; + allowedIPsAsRoutes = false; + privateKeyFile = "/var/src/secrets/wireguard/wg-porter6"; + }; wg-nonat6 = { ips = [ "fe80::128:1/64" "169.254.128.1/24" ]; peers = [ { @@ -100,7 +111,7 @@ }; }; - networking.firewall.allowedUDPPorts = [ 50127 50128 51820 ]; + networking.firewall.allowedUDPPorts = [ 50101 50127 50128 51820 ]; clerie.nginx-port-forward = { enable = true; @@ -190,6 +201,10 @@ cost 80; type pointopoint; }; + interface "wg-porter6" { + cost 80; + type pointopoint; + }; interface "wg-nonat6" { cost 80; type pointopoint; @@ -208,6 +223,10 @@ cost 80; type pointopoint; }; + interface "wg-porter6" { + cost 80; + type pointopoint; + }; interface "wg-nonat6" { cost 80; type pointopoint; diff --git a/hosts/porter/configuration.nix b/hosts/porter/configuration.nix index e442c18..3c7e4fc 100644 --- a/hosts/porter/configuration.nix +++ b/hosts/porter/configuration.nix @@ -43,6 +43,17 @@ allowedIPsAsRoutes = false; privateKeyFile = "/var/src/secrets/wireguard/wg-carbon4"; }; + wg-gatekeeper6 = { + ips = [ "fe80::101:2/64" "169.254.101.2/24" ]; + peers = [ { + allowedIPs = [ "0.0.0.0/0" "::/0" ]; + endpoint = "[2a01:4f8:c0c:15f1::1]:50101"; + publicKey = "ZmyAqrBOmF2LxANPnICtBk3x3qpJp3i+iQrNliqdi1g="; + } ]; + listenPort = 50101; + allowedIPsAsRoutes = false; + privateKeyFile = "/var/src/secrets/wireguard/wg-gatekeeper6"; + }; wg-nonat6 = { ips = [ "fe80::1337:1/64" "169.254.137.1/24" ]; peers = [ { @@ -64,7 +75,7 @@ }; }; - networking.firewall.allowedUDPPorts = [ 50138 51337 ]; + networking.firewall.allowedUDPPorts = [ 50101 50138 51337 ]; services.bird2.enable = true; services.bird2.config = '' @@ -116,6 +127,10 @@ cost 80; type pointopoint; }; + interface "wg-gatekeeper6" { + cost 80; + type pointopoint; + }; interface "wg-nonat6" { cost 80; type pointopoint; @@ -134,6 +149,10 @@ cost 80; type pointopoint; }; + interface "wg-gatekeeper6" { + cost 80; + type pointopoint; + }; interface "wg-nonat6" { cost 80; type pointopoint;