hosts/dn42-il-gw1: Add missing ports to open in firewall

hosts/dn42-il-gw1: Add peer iedon
hosts/dn42-il-gw1: Add tbspace peering
2025-12-05 11:58:46 +01:00 · 2025-12-05 11:57:54 +01:00 · 2025-12-04 16:36:27 +01:00
1 changed files with 57 additions and 0 deletions
--- a/hosts/dn42-il-gw1/configuration.nix
+++ b/hosts/dn42-il-gw1/configuration.nix
@@ -183,6 +183,26 @@
      ];
      privateKeyFile = config.sops.secrets.wg1280.path;
    };
+    # iedon
+    # https://iedon.net/
+    wg2189 = {
+      ips = [
+        "fe80::2574/128"
+      ];
+      postSetup = ''
+      ip addr replace dev wg2189 fe80::2574/128 peer fe80::2189:e9/128
+      '';
+      listenPort = 52189;
+      allowedIPsAsRoutes = false;
+      peers = [
+        {
+          allowedIPs = [ "fe80::/10" "fd00::/8" ];
+          endpoint = "de-fra.dn42.iedon.net:42463";
+          publicKey = "FHp0OR4UpAS8/Ra0FUNffTk18soUYCa6NcvZdOgxY0k=";
+        }
+      ];
+      privateKeyFile = config.sops.secrets.dn42-router-general-wireguard-key.path;
+    };
    # lutoma
    wg4719 = {
      ips = [
@@ -223,17 +243,40 @@
      ];
      privateKeyFile = config.sops.secrets.wg1718.path;
    };
+    # tbspace
+    wg6190 = {
+      ips = [
+        "fe80::2574/128"
+      ];
+      postSetup = ''
+      ip addr replace dev wg6190 fe80::2574/128 peer fe80::1299:e/128
+      '';
+      listenPort = 56190;
+      allowedIPsAsRoutes = false;
+      peers = [
+        {
+          allowedIPs = [ "fe80::/10" "fd00::/8" ];
+          endpoint = "dn42.tbspace.de:49168";
+          publicKey = "skvyDl81J8Zu3Ziem+7JKeU4UYLhhWt7gWelg8nEbzQ=";
+        }
+      ];
+      privateKeyFile = config.sops.secrets.dn42-router-general-wireguard-key.path;
+    };
  };

  networking.firewall.allowedUDPPorts = [
+    50150 # wg0150
    50565 # wg0565
+    50663 # wg0663
    51240 # wg1240
    51241 # wg1241
    51271 # wg1271
    51272 # wg1272
    51280 # wg1280
+    52189 # wg2189
    54719 # wg4719
    51718 # wg1718
+    56190 # wg6190
  ];

  profiles.clerie.dn42-router = {
@@ -306,6 +349,13 @@
        remoteAsn = "4242421280";
        localAddress = "fde3:4c0d:2836:ff00::21";
      }
+      {
+        peerName = "peer_2189_de_fra";
+        remoteAddress = "fe80::2189:e9";
+        interfaceName = "wg2189";
+        remoteAsn = "4242422189";
+        localAddress = "fe80::2574";
+      }
      {
        peerName = "peer_4719";
        remoteAddress = "fe80::acab";
@@ -320,6 +370,13 @@
        remoteAsn = "4242421718";
        localAddress = "fe80::2574";
      }
+      {
+        peerName = "peer_6190";
+        remoteAddress = "fe80::1299:e";
+        interfaceName = "wg6190";
+        remoteAsn = "76190";
+        localAddress = "fe80::2574";
+      }
    ];
  };
Author	SHA1	Message	Date
clerie	ff21771fe3	hosts/dn42-il-gw1: Add missing ports to open in firewall	2025-12-05 11:58:46 +01:00
clerie	9406b9b18d	hosts/dn42-il-gw1: Add peer iedon	2025-12-05 11:57:54 +01:00
clerie	d4f6812f70	hosts/dn42-il-gw1: Add tbspace peering	2025-12-04 16:36:27 +01:00