hosts/dn42-il-gw1: Add tbspace peering

2025-12-04 16:36:27 +01:00
parent c6322949fe
commit d4f6812f70
1 changed files with 26 additions and 0 deletions
--- a/hosts/dn42-il-gw1/configuration.nix
+++ b/hosts/dn42-il-gw1/configuration.nix
@@ -223,6 +223,25 @@
      ];
      privateKeyFile = config.sops.secrets.wg1718.path;
    };
+    # tbspace
+    wg6190 = {
+      ips = [
+        "fe80::2574/128"
+      ];
+      postSetup = ''
+      ip addr replace dev wg6190 fe80::2574/128 peer fe80::1299:e/128
+      '';
+      listenPort = 56190;
+      allowedIPsAsRoutes = false;
+      peers = [
+        {
+          allowedIPs = [ "fe80::/10" "fd00::/8" ];
+          endpoint = "dn42.tbspace.de:49168";
+          publicKey = "skvyDl81J8Zu3Ziem+7JKeU4UYLhhWt7gWelg8nEbzQ=";
+        }
+      ];
+      privateKeyFile = config.sops.secrets.dn42-router-general-wireguard-key.path;
+    };
  };

  networking.firewall.allowedUDPPorts = [
@@ -320,6 +339,13 @@
        remoteAsn = "4242421718";
        localAddress = "fe80::2574";
      }
+      {
+        peerName = "peer_6190";
+        remoteAddress = "fe80::1299:e";
+        interfaceName = "wg6190";
+        remoteAsn = "76190";
+        localAddress = "fe80::2574";
+      }
    ];
  };