etheroute-lon01: GRE->Wireguard
This commit is contained in:
parent
1c4530988d
commit
551c4f27ad
1 changed files with 36 additions and 10 deletions
|
@ -84,14 +84,8 @@
|
|||
"8.8.8.8"
|
||||
"8.8.4.4"
|
||||
];
|
||||
defaultGateway = {
|
||||
address = "103.141.25.49";
|
||||
interface = "eno1";
|
||||
};
|
||||
defaultGateway6 = {
|
||||
address = "2a07:242:800:64::1";
|
||||
interface = "eno1";
|
||||
};
|
||||
defaultGateway.address = "103.141.25.49";
|
||||
defaultGateway6.address = "2a07:242:800:64::1";
|
||||
interfaces.eno1 = {
|
||||
ipv4.addresses = [{ address = "103.141.25.50"; prefixLength = 30; }];
|
||||
ipv6.addresses = [{ address = "2a07:242:800:64::68"; prefixLength = 64; }];
|
||||
|
@ -101,6 +95,7 @@
|
|||
# virtual = true;
|
||||
#};
|
||||
firewall.allowedTCPPorts = [ 80 443 ];
|
||||
firewall.allowedUDPPorts = [ 51820 ];
|
||||
firewall.extraCommands = ''
|
||||
# Flush old rules.
|
||||
ip46tables -D FORWARD -j lukegb-forward 2>/dev/null || true
|
||||
|
@ -118,8 +113,8 @@
|
|||
|
||||
ip46tables -N lukegb-forward
|
||||
|
||||
# Accept from "trusted" quadv1-4 interface
|
||||
ip46tables -A lukegb-forward -i quadv1-4 -j lukegb-fwd-accept
|
||||
# Accept from "trusted" quadv1 interface
|
||||
ip46tables -A lukegb-forward -i quadv1 -j lukegb-fwd-accept
|
||||
|
||||
# Accept from established/related connections.
|
||||
ip46tables -A lukegb-forward -m conntrack --ctstate ESTABLISHED,RELATED -j lukegb-fwd-accept
|
||||
|
@ -132,6 +127,37 @@
|
|||
my.ip.tailscale = "100.99.227.112";
|
||||
my.ip.tailscale6 = "fd7a:115c:a1e0:ab12:4843:cd96:6263:e370";
|
||||
|
||||
systemd.network.netdevs.quadv1 = {
|
||||
netdevConfig = {
|
||||
Name = "quadv1";
|
||||
Kind = "wireguard";
|
||||
};
|
||||
|
||||
wireguardConfig = {
|
||||
PrivateKeyFile = pkgs.writeText "etheroute-lon01-quadv" depot.ops.secrets.wireguard.quadv1.lukegb.privateKey;
|
||||
ListenPort = 51820;
|
||||
RouteTable = "off";
|
||||
};
|
||||
|
||||
wireguardPeers = [{
|
||||
wireguardPeerConfig = {
|
||||
PublicKey = depot.ops.secrets.wireguard.quadv1.quadv.publicKey;
|
||||
AllowedIPs = "0.0.0.0/0,::/0";
|
||||
};
|
||||
}];
|
||||
};
|
||||
systemd.network.networks.quadv1 = {
|
||||
matchConfig.Name = "quadv1";
|
||||
networkConfig.Address = "169.254.111.0/31";
|
||||
|
||||
routes = [{
|
||||
routeConfig = {
|
||||
Gateway = "169.254.111.1";
|
||||
Destination = "92.118.31.0/24";
|
||||
};
|
||||
}];
|
||||
};
|
||||
|
||||
services.openssh.hostKeys = [
|
||||
{
|
||||
path = "/persist/etc/ssh/ssh_host_ed25519_key";
|
||||
|
|
Loading…
Reference in a new issue