Move clerie.de to web-2

carbon pin wireguard to ipv4
dn42 hosts disable reverse path check
2021-01-23 13:27:43 +01:00 · 2021-01-23 13:27:06 +01:00 · 2021-01-23 13:24:16 +01:00
4 changed files with 35 additions and 10 deletions
--- a/configuration/dn42/default.nix
+++ b/configuration/dn42/default.nix
@ -10,6 +10,8 @@
    "net.ipv6.conf.all.forwarding" = true;
  };
  networking.firewall.checkReversePath = false;
  # Open Firewall for BGP
  networking.firewall.allowedTCPPorts = [ 179 ];
  # Open Fireall for OSPF
--- a/hosts/carbon/configuration.nix
+++ b/hosts/carbon/configuration.nix
@ -53,27 +53,27 @@
  networking.wireguard.enable = true;
  networking.wireguard.interfaces = {
-    wg-gatekeeper = {
+    wg-gatekeeper4 = {
      ips = [ "fe80::127:2/64" "169.254.127.2/24" ];
      peers = [ {
          allowedIPs = [ "0.0.0.0/0" "::/0" ];
-          endpoint = "gatekeeper.net.clerie.de:50127";
+          endpoint = "78.47.183.82:50127";
          publicKey = "y+Bk5eIHgmnq9xuBDD+fk/OIkKRZU6AE4ISx4RdDDyg=";
          persistentKeepalive = 25;
      } ];
      allowedIPsAsRoutes = false;
-      privateKeyFile = "/var/src/secrets/wireguard/wg-gatekeeper";
+      privateKeyFile = "/var/src/secrets/wireguard/wg-gatekeeper4";
    };
-    wg-porter = {
+    wg-porter4 = {
      ips = [ "fe80::138:2/64" "169.254.138.2/24" ];
      peers = [ {
          allowedIPs = [ "0.0.0.0/0" "::/0" ];
-          endpoint = "porter.net.clerie.de:50138";
+          endpoint = "188.34.158.206:50138";
          publicKey = "aP6optNE7nVk6coo+USkSDtB62rAc/isfofRML9V2HM=";
          persistentKeepalive = 25;
      } ];
      allowedIPsAsRoutes = false;
-      privateKeyFile = "/var/src/secrets/wireguard/wg-porter";
+      privateKeyFile = "/var/src/secrets/wireguard/wg-porter4";
    };
  };
@ -218,11 +218,11 @@
      export all;
    };
    area 0 {
-      interface "wg-gatekeeper" {
+      interface "wg-gatekeeper4" {
        cost 80;
        type pointopoint;
      };
-      interface "wg-porter" {
+      interface "wg-porter4" {
        cost 80;
        type pointopoint;
      };
@ -236,11 +236,11 @@
      export all;
    };
    area 0 {
-      interface "wg-gatekeeper" {
+      interface "wg-gatekeeper4" {
        cost 80;
        type pointopoint;
      };
-      interface "wg-porter" {
+      interface "wg-porter4" {
        cost 80;
        type pointopoint;
      };
--- a/hosts/web-2/clerie.nix
+++ b/hosts/web-2/clerie.nix
@ -0,0 +1,22 @@
 { ... }:
 {
  services.nginx.virtualHosts = {
    "www.clerie.de" = {
      enableACME = true;
      forceSSL = true;
      locations."/" = {
        return = "301 https://clerie.de$request_uri";
      };
    };
    "clerie.de" = {
      enableACME = true;
      forceSSL = true;
      root = fetchGit {
        url = "https://git.clerie.de/clerie/clerie.de.git";
        rev = "7fbb8042100fde4a8524eec656519eb8b48ae68a";
      };
    };
  };
 }
--- a/hosts/web-2/configuration.nix
+++ b/hosts/web-2/configuration.nix
@ -6,6 +6,7 @@
      ./hardware-configuration.nix
      ../../configuration/common
      ./bubblesort.nix
      ./clerie.nix
      ./gitea.nix
      ./ip.nix
      ./meow.nix
Author	SHA1	Message	Date
clerie	a29b9c648a	Move clerie.de to web-2	2021-01-23 13:27:43 +01:00
clerie	7337e2100b	carbon pin wireguard to ipv4	2021-01-23 13:27:06 +01:00
clerie	bf3f70a4e7	dn42 hosts disable reverse path check	2021-01-23 13:24:16 +01:00