{ config, pkgs, lib, ... }:
{
imports =
[
./hardware-configuration.nix
];
profiles.clerie.mercury-vm.enable = true;
profiles.clerie.common-networking.enable = true;
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/vda";
systemd.network.networks."10-wan" = {
matchConfig.Name = "ens20";
address = [
"2001:638:904:ffc9::7/64"
];
routes = [
{ Gateway = "2001:638:904:ffc9::1"; }
];
linkConfig.RequiredForOnline = "routable";
};
systemd.network.networks."10-nat-netz-mercury" = {
matchConfig.Name = "ens18";
address = [
"192.168.10.23/24"
];
routes = [
{ Gateway = "192.168.10.1"; }
];
linkConfig.RequiredForOnline = "routable";
};
systemd.network.networks."10-dn42-ospf-netz" = {
matchConfig.Name = "ens19";
linkConfig.RequiredForOnline = "no";
};
networking.wireguard.enable = true;
networking.wireguard.interfaces = {
# e1mo
wg0565 = {
ips = [
"fe80::2574/128"
# peer fe80::565/128
];
postSetup = ''
ip -6 route flush dev wg0565
ip addr del dev wg0565 fe80::2574/128 && ip addr add dev wg0565 fe80::2574/128 peer fe80::565/128
'';
listenPort = 50565;
allowedIPsAsRoutes = false;
peers = [
{
allowedIPs = [ "fe80::/10" "fd00::/8" ];
endpoint = "dn42-nbg1.net.dont-break.it:22574";
publicKey = "qYaDuYYVpuFqy7KyC5PmJavqs0a7GtyuES8VwugdPSQ=";
}
];
privateKeyFile = config.sops.secrets.wg0565.path;
};
# fooker
wg1271 = {
ips = [
"fe80::1/128"
# peer fe80::2/128
];
postSetup = ''
ip -6 route flush dev wg1271
ip addr del dev wg1271 fe80::1/128 && ip addr add dev wg1271 fe80::1/128 peer fe80::2/128
'';
listenPort = 51271;
allowedIPsAsRoutes = false;
peers = [
{
allowedIPs = [ "fe80::/10" "fd00::/8" ];
endpoint = "north.zitadelle.dev.open-desk.net:23425";
publicKey = "xxPjHWVzePinOOMnuhwGAI3PKY9pvpifIvIbPu3IwQw=";
}
];
privateKeyFile = config.sops.secrets.wg1271.path;
};
wg1272 = {
ips = [
"fe80::1:1/128"
# peer fe80::1:2/128
];
postSetup = ''
ip -6 route flush dev wg1272
ip addr del dev wg1272 fe80::1:1/128 && ip addr add dev wg1272 fe80::1:1/128 peer fe80::1:2/128
'';
listenPort = 51272;
allowedIPsAsRoutes = false;
peers = [
{
allowedIPs = [ "fe80::/10" "fd00::/8" ];
endpoint = "south.zitadelle.dev.open-desk.net:23425";
publicKey = "Iae2R4B7VVsloKWK8T1j1vLMuxpP4dVDUdzEg/YpAjE=";
}
];
privateKeyFile = config.sops.secrets.wg1272.path;
};
# margau
wg1280 = {
ips = [
"fde3:4c0d:2836:ff00::21/127"
# peer fde3:4c0d:2836:ff00::20/127
];
listenPort = 51280;
allowedIPsAsRoutes = false;
peers = [
{
allowedIPs = [ "fe80::/10" "fd00::/8" ];
endpoint = "wg1.margau.ipv6.church:51830";
publicKey = "CEge9jdHQArzdniUiWyB3IUZOjGiew3gPmz/MOf4ahU=";
}
];
privateKeyFile = config.sops.secrets.wg1280.path;
};
# lutoma
wg4719 = {
ips = [
#"fe80::1/128"
# peer fe80::acab/128
];
postSetup = ''
ip addr add dev wg4719 fe80::1/128 peer fe80::acab/128
'';
listenPort = 54719;
allowedIPsAsRoutes = false;
peers = [
{
allowedIPs = [ "fe80::/10" "fd00::/8" ];
endpoint = "[2603:c020:8001:ed42::42]:42546";
publicKey = "MkVyCgIq0BOStFIu2/Wl91ofFuRvnG3ZqTWFfVs/VlQ=";
}
];
privateKeyFile = config.sops.secrets.wg4719.path;
};
};
profiles.clerie.dn42-router = {
enable = true;
loopbackIp = "fd56:4902:eca0:1::1";
routerId = "192.168.10.23";
ospfInterfaces = [
"ens19"
];
ibgpPeers = [
{
peerName = "gw5";
remoteAddress = "fd56:4902:eca0:5::1";
}
{
peerName = "gw6";
remoteAddress = "fd56:4902:eca0:6::1";
}
];
wireguardPeers = [
{
peerName = "peer_0565";
remoteAddress = "fe80::565";
interfaceName = "wg0565";
remoteAsn = "4242420565";
localAddress = "fe80::2574";
}
{
peerName = "peer_1271_north";
remoteAddress = "fe80::2";
interfaceName = "wg1271";
remoteAsn = "4242421271";
localAddress = "fe80::1";
}
{
peerName = "peer_1271_south";
remoteAddress = "fe80::1:2";
interfaceName = "wg1272";
remoteAsn = "4242421271";
localAddress = "fe80::1:1";
}
{
peerName = "peer_1280_wg1";
remoteAddress = "fde3:4c0d:2836:ff00::20";
interfaceName = "wg1280";
remoteAsn = "4242421280";
localAddress = "fde3:4c0d:2836:ff00::21";
}
{
peerName = "peer_4719";
remoteAddress = "fe80::acab";
interfaceName = "wg4719";
remoteAsn = "64719";
localAddress = "fe80::1";
}
];
};
clerie.system-auto-upgrade = {
allowReboot = true;
autoUpgrade = true;
};
clerie.monitoring = {
enable = true;
id = "301";
pubkey = "kTuC3/rLr4Qb3C4oEn1ecB/vS78poxmu6/Id3Rc1VGY=";
bird = true;
};
system.stateVersion = "21.03";
}