diff --git a/hosts/dn42-il-gw1/configuration.nix b/hosts/dn42-il-gw1/configuration.nix index 32d7481..4332f4c 100644 --- a/hosts/dn42-il-gw1/configuration.nix +++ b/hosts/dn42-il-gw1/configuration.nix @@ -43,6 +43,9 @@ networking.wireguard.enable = true; networking.wireguard.interfaces = { + # dn42-router-general-wireguard-key public key: + # r38qvXqu26x4f6yUGxg44Ji4db/g2HK7RZwG7Boh+38= + # e1mo wg0565 = { ips = [ @@ -64,6 +67,25 @@ ]; privateKeyFile = config.sops.secrets.wg0565.path; }; + # pilz + wg0663 = { + ips = [ + "fe80::1111/128" + ]; + postSetup = '' + ip addr replace dev wg0663 fe80::1111/128 peer fe80::acab/128 + ''; + listenPort = 50663; + allowedIPsAsRoutes = false; + peers = [ + { + allowedIPs = [ "fe80::/10" "fd00::/8" ]; + endpoint = "dn42.ams1.as214958.net:163"; + publicKey = "NxHkdwZPVL+3HdrHTFOslUpUckTf0dzEG9qpZ0FTBnA="; + } + ]; + privateKeyFile = config.sops.secrets.dn42-router-general-wireguard-key.path; + }; # prefixlabs # https://prefixlabs.net/ wg1240 = { @@ -223,6 +245,13 @@ remoteAsn = "4242420565"; localAddress = "fe80::2574"; } + { + peerName = "peer_0663"; + remoteAddress = "fe80::acab"; + interfaceName = "wg0663"; + remoteAsn = "4242420663"; + localAddress = "fe80::1111"; + } { peerName = "peer_1240_de_01"; remoteAddress = "fe80::1240:11"; diff --git a/hosts/dn42-il-gw1/secrets.json b/hosts/dn42-il-gw1/secrets.json index b7d0fa2..8f79812 100644 --- a/hosts/dn42-il-gw1/secrets.json +++ b/hosts/dn42-il-gw1/secrets.json @@ -1,4 +1,5 @@ { + "dn42-router-general-wireguard-key": "ENC[AES256_GCM,data:z1qOABBiObnWgcJDSnCHCfttJdDXQ3LO+Y/uHblJg49wrxTostamnP6GuvE=,iv:0KTyNqMOLQue8UODWXF2I+sY4pVKVe0aNiVETC9zOzk=,tag:KOzS9HaR6plPA0HlMT8jhQ==,type:str]", "wg0197": "ENC[AES256_GCM,data:1QJ5GXLMLIOj6xNC4sMnShjyB1wqfTkhkPTlLJz6AJxMjA0BsBZvZ1Pdln4=,iv:nVRIQB8/Ged616ELhkGnDyAz6A+3HQ55+yG0vf0f7aQ=,tag:GtI8ICMCih1tN4Xoc+8RdQ==,type:str]", "wg0565": "ENC[AES256_GCM,data:kLgKOGDA+kPDB0SZ/yU7Ax7NYn28LiVT2W6zSsc0APfyoZWW6nF0fUQFv4s=,iv:6zjLGAOROifubQUMxRLvoFzN6GRYob841rzNiVyrt84=,tag:Gh15/ROPYiqqobcJcTzmGQ==,type:str]", "wg1240": "ENC[AES256_GCM,data:ta0FRxhDGeta6TpWghWP2ogqymtiVsnWvuwzOhqhGN6zyK/GYd5b+SgSYAI=,iv:9gxEtK+ZOFj0D/SNWV7GyWHkBXjGgofJPmqcu3CMMKo=,tag:MFE/bhGk6oLeOK4TaEoXgQ==,type:str]", @@ -16,8 +17,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3QWdFYjFjTmRVRlV3U3p4\nTSsyc1E0dWtiYjNtVkV2SXJEWkxnTDhLN1Y0Cng4aGlidjhydUVGaFcvK215aGdq\nN0FGajYwa1lPUCsva0tmNkErUGtlOWsKLS0tIG9pLzJEUDA2WWUzd1kzSVZrdVRX\nbUxjQzBCd3p0R1dWTTJaRmZNQjJEUVkKPz6OUQHpYrhRxMdQzpZRR3exVqkG2JvX\nI32PwvbeQK8cgpYwKLGar8U8aiPPm0Y64pID1wedDsNZzLqLOrS3wQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-12-03T20:38:54Z", - "mac": "ENC[AES256_GCM,data:2UqSo78YZrdIZBcVyBsArjFobl7BZ3hoZ3FayIMkXQX2HQMBWRDkNSoJRvTPTD9rjdqjVugGE02RzTikSxiw8MYAP7oyZbF4EdP9yk25yOEJQTSu6eTajkqstugAS+ojs28m93UXTzbDI0korb2cmTyxNt0X5YVeQRld3ntEJH8=,iv:lEbuuQEC5KIYgbJg4Qv8U1PaF0KE6LQYiwks3ZwwEQA=,tag:BAr7/EFsq7yeeO8MMXsAGQ==,type:str]", + "lastmodified": "2025-12-03T20:44:07Z", + "mac": "ENC[AES256_GCM,data:GL2GWM7YcGxfKWh9Vt0wm6YqbXTgqskkVHzsTTWqcQWhzbtqyWfFebli77UsDYoCYSR+yiPhi2opF1oMJl6Jr44PtmpPk+WGPUrcjuVDuf0NueaW8j++nzJzSFEnHeTbIg8qNpb9FwapWM0jlHVkGo6RVwVa9E597U/AKdES9ww=,iv:s3ABxKoCcEUOjtnvDGcrJoEiwXC0imLLO0kEXT+/69s=,tag:Vzk6aKDRwD6T60G0pDF9Jw==,type:str]", "pgp": [ { "created_at": "2024-04-28T09:25:37Z",