hosts/beryllium: disable firewall

hosts/aluminium: use policyrouting for IPv4 too
2022-12-30 17:47:12 +01:00 · 2022-12-30 17:46:11 +01:00
2 changed files with 13 additions and 2 deletions
--- a/hosts/aluminium/configuration.nix
+++ b/hosts/aluminium/configuration.nix
@ -20,12 +20,21 @@

  networking.hostName = "aluminium";

+  networking.iproute2.enable = true;
+  networking.iproute2.rttablesExtraConfig = ''
+    200 wg-clerie
+  '';
+
  petabyte.policyrouting = {
    enable = true;
    rules6 = [
-      { rule = "from 2a01:4f8:c0c:15f1::8106/128 lookup 200"; prio = 20000; }
+      { rule = "from 2a01:4f8:c0c:15f1::8106/128 lookup wg-clerie"; prio = 20000; }
      { rule = "from 2a01:4f8:c0c:15f1::8106/128 unreachable"; prio = 20001; }
    ];
+    rules4 = [
+      { rule = "from 10.20.30.106/32 lookup wg-clerie"; prio = 20000; }
+      { rule = "from 10.20.30.106/32 unreachable"; prio = 20001; }
+    ];
  };


@ -33,7 +42,7 @@
  networking.wireguard.interfaces = {
    wg-clerie = {
      ips = [ "2a01:4f8:c0c:15f1::8106/128" "10.20.30.106/32" ];
-      table = "200";
+      table = "wg-clerie";
      peers = [
        {
          endpoint = "vpn.clerie.de:51820";
--- a/hosts/beryllium/configuration.nix
+++ b/hosts/beryllium/configuration.nix
@ -20,6 +20,8 @@

  networking.hostName = "beryllium";

+  networking.firewall.enable = false;
+
  networking.iproute2.enable = true;
  networking.iproute2.rttablesExtraConfig = ''
    200 wg-clerie
Author	SHA1	Message	Date
clerie	1b0b4e2d95	hosts/beryllium: disable firewall	2022-12-30 17:47:12 +01:00
clerie	1ba4c66697	hosts/aluminium: use policyrouting for IPv4 too	2022-12-30 17:46:11 +01:00