clerie/nixfiles
1
0
Fork 0
Code

Implement direct link between porter and gatekeeper

Browse Source
This commit is contained in:
clerie 2021-02-03 20:14:59 +01:00
parent b214a237fd
commit c83a72f955
2 changed files with 40 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
hosts/gatekeeper/configuration.nix
View File

@ -50,6 +50,17 @@
allowedIPsAsRoutes = false; allowedIPsAsRoutes = false;
privateKeyFile = "/var/src/secrets/wireguard/wg-carbon4"; privateKeyFile = "/var/src/secrets/wireguard/wg-carbon4";
}; };
wg-porter6 = {
ips = [ "fe80::101:1/64" "169.254.101.1/24" ];
peers = [ {
allowedIPs = [ "0.0.0.0/0" "::/0" ];
endpoint = "[2a03:4000:6:48d::1]:50101";
publicKey = "Jr1GBeNWrYjz7QyiI8XSOSRo/kGsCCtGGAzxmM5Hkn0=";
} ];
listenPort = 50101;
allowedIPsAsRoutes = false;
privateKeyFile = "/var/src/secrets/wireguard/wg-porter6";
};
wg-nonat6 = { wg-nonat6 = {
ips = [ "fe80::128:1/64" "169.254.128.1/24" ]; ips = [ "fe80::128:1/64" "169.254.128.1/24" ];
peers = [ { peers = [ {
@ -100,7 +111,7 @@
}; };
}; };
networking.firewall.allowedUDPPorts = [ 50127 50128 51820 ]; networking.firewall.allowedUDPPorts = [ 50101 50127 50128 51820 ];
clerie.nginx-port-forward = { clerie.nginx-port-forward = {
enable = true; enable = true;
@ -190,6 +201,10 @@
cost 80; cost 80;
type pointopoint; type pointopoint;
}; };
interface "wg-porter6" {
cost 80;
type pointopoint;
};
interface "wg-nonat6" { interface "wg-nonat6" {
cost 80; cost 80;
type pointopoint; type pointopoint;
@ -208,6 +223,10 @@
cost 80; cost 80;
type pointopoint; type pointopoint;
}; };
interface "wg-porter6" {
cost 80;
type pointopoint;
};
interface "wg-nonat6" { interface "wg-nonat6" {
cost 80; cost 80;
type pointopoint; type pointopoint;

21
hosts/porter/configuration.nix
View File

@ -43,6 +43,17 @@
allowedIPsAsRoutes = false; allowedIPsAsRoutes = false;
privateKeyFile = "/var/src/secrets/wireguard/wg-carbon4"; privateKeyFile = "/var/src/secrets/wireguard/wg-carbon4";
}; };
wg-gatekeeper6 = {
ips = [ "fe80::101:2/64" "169.254.101.2/24" ];
peers = [ {
allowedIPs = [ "0.0.0.0/0" "::/0" ];
endpoint = "[2a01:4f8:c0c:15f1::1]:50101";
publicKey = "ZmyAqrBOmF2LxANPnICtBk3x3qpJp3i+iQrNliqdi1g=";
} ];
listenPort = 50101;
allowedIPsAsRoutes = false;
privateKeyFile = "/var/src/secrets/wireguard/wg-gatekeeper6";
};
wg-nonat6 = { wg-nonat6 = {
ips = [ "fe80::1337:1/64" "169.254.137.1/24" ]; ips = [ "fe80::1337:1/64" "169.254.137.1/24" ];
peers = [ { peers = [ {
@ -64,7 +75,7 @@
}; };
}; };
networking.firewall.allowedUDPPorts = [ 50138 51337 ]; networking.firewall.allowedUDPPorts = [ 50101 50138 51337 ];
services.bird2.enable = true; services.bird2.enable = true;
services.bird2.config = '' services.bird2.config = ''
@ -116,6 +127,10 @@
cost 80; cost 80;
type pointopoint; type pointopoint;
}; };
interface "wg-gatekeeper6" {
cost 80;
type pointopoint;
};
interface "wg-nonat6" { interface "wg-nonat6" {
cost 80; cost 80;
type pointopoint; type pointopoint;
@ -134,6 +149,10 @@
cost 80; cost 80;
type pointopoint; type pointopoint;
}; };
interface "wg-gatekeeper6" {
cost 80;
type pointopoint;
};
interface "wg-nonat6" { interface "wg-nonat6" {
cost 80; cost 80;
type pointopoint; type pointopoint;