b12f/os
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

wireguard: add momo network

Browse source
This commit is contained in:
b12f 2024-09-13 15:45:20 +02:00
parent edc1f68670
commit 32f46d4d7d
Signed by: b12f
GPG key ID: 729956E1124F8F26
4 changed files with 82 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
hosts/stroopwafel/networking.nix
View file

@ -42,6 +42,16 @@
privateKeyFile = config.age.secrets.wg-pub-solar-key.path; privateKeyFile = config.age.secrets.wg-pub-solar-key.path;
}; };
age.secrets.wg-momo-key.file = "${flake.self}/secrets/wg-momo-stroopwafel.age";
pub-solar.wireguard.momo = {
ownIPs = [
"10.30.30.200/32"
"fd00:3030:3030:3030:3030:200::/96"
];
privateKeyFile = config.age.secrets.wg-momo-key.path;
};
age.secrets.wg-ehex-key.file = "${flake.self}/secrets/wg-ehex-stroopwafel.age"; age.secrets.wg-ehex-key.file = "${flake.self}/secrets/wg-ehex-stroopwafel.age";
pub-solar.wireguard.ehex = { pub-solar.wireguard.ehex = {

49
modules/wireguard/momo.nix Normal file
View file

@ -0,0 +1,49 @@
{
lib,
config,
...
}: let
cfg = config.pub-solar.wireguard.momo;
in {
options.pub-solar.wireguard.momo = {
ownIPs = lib.mkOption {
description = "Internal ips in wireguard used for cluster control-plane communication.";
type = lib.types.listOf lib.types.str;
default = [];
};
privateKeyFile = lib.mkOption {
description = "Location of private key file";
type = lib.types.path;
};
};
config = lib.mkIf (lib.length cfg.ownIPs != 0) {
networking.firewall.allowedUDPPorts = [51823];
systemd.network.wait-online.ignoredInterfaces = ["wg-momo"];
systemd.services.wireguard-wg-momo = import ./service-override.nix lib;
networking.wireguard.interfaces = {
wg-momo = {
listenPort = 51823;
mtu = 1300;
ips = cfg.ownIPs;
privateKeyFile = cfg.privateKeyFile;
peers = [
{
endpoint = "pioneer.momo.koeln:51820";
publicKey = "W9Vn2yv+AZjOD7sqKp4DyMbIz5N++Vjlr+6J3BnXj3o=";
allowedIPs = [
"10.30.30.1/32"
"fd00:3030:3030:3030:3030:1::/96"
];
persistentKeepalive = 15;
dynamicEndpointRefreshSeconds = 30;
}
];
};
};
};
}

2
secrets/secrets.nix
View file

@ -98,6 +98,8 @@ in {
"wg-pub-solar-stroopwafel.age".publicKeys = stroopwafelKeys ++ baseKeys; "wg-pub-solar-stroopwafel.age".publicKeys = stroopwafelKeys ++ baseKeys;
"wg-momo-stroopwafel.age".publicKeys = stroopwafelKeys ++ baseKeys;
"wg-ehex-stroopwafel.age".publicKeys = stroopwafelKeys ++ baseKeys; "wg-ehex-stroopwafel.age".publicKeys = stroopwafelKeys ++ baseKeys;
"invoiceplane-db-password.age".publicKeys = pieKeys ++ baseKeys; "invoiceplane-db-password.age".publicKeys = pieKeys ++ baseKeys;

21
secrets/wg-momo-stroopwafel.age Normal file
View file

@ -0,0 +1,21 @@
age-encryption.org/v1
-> ssh-ed25519 b0WFDg 3wxrL9Fig5w2rrsmoXv1m3e91MvSkxIKM+n7EmZLm1U
FvNYfDG5DjgxwuJAdyk4T37bel78zse5QmKvNGHjXo4
-> ssh-rsa kFDS0A
nTYzer2lsDlpBS5neQE3arva2/HOyXYobP/qY7fyry24Es/zdhOq6IrzcnJKPdCl
ORCfI/tuu8SZAm9VcEKstKXNmwY+eTGfjHVd+gnoExpyKMI8nW2Kez28vXnalzEG
V+hvn/NAIgUtY8n5e1mVpBaDsOatasYdKjYD1v45IyPh5yZbhki1JRVOJL5OF42V
GLaqLLQYZIT3YHXuHj3REvZWVP9ZBlvKne4lVm3zZ1cXTf1awBFRYvJI4sPe+GxB
uRW7D7dJJPuBHCRiViisJMaz+8PwtjjCj+4A6jjZbspndjL+xsdQbUfryWisFwtN
Jqj8W5xg6uJDCWrfFfYN+O+ClSQ7992/aX9yx9vf/rqC4K7dnUiO1O1136kSTXuS
dh49Tb9ONvfEdp8Om4SmLdFEsNHLckxXcfzpCCx4R9msOL2TsakIPvi3uBREys4c
49xlqWC1H9aqcjNU9APM8JjDBjQEyZMrW9Zl/GHHUmaWQME2U4u/ka/jk27mqfb7
mskGksky9xz75yTdNtuvkns8QjRx9WO7SeDJzEv6/WRAbNQ8nX6mCmImgdKx1i+Q
n2pkilMADyimImPItFLF/kJd4059EpDDjMM89GfmZWHQJB0+7Xy1SHFdcxrYJeQ6
yxId0LYkpW2VMjAXnLPu4Am2sT6qkFzLntA7EaWPopY
-> piv-p256 zqq/iw A71S3qDKdeMrCnyW3pXruuLgUTlLCzyHckQUeSYA4Wfj
6HsilO+d3W18QSbmECvdqcV68H82LA+TUWmknluFgDM
-> piv-p256 vRzPNw A+wAMWJhrKchxamL7DqBKXOQmG7WxLFQ/jLW7Zn1GwO+
2W6yCPmuW7vrJzAtASD/bUwmyAHq0Ru8RtQWFYVJ14s
--- R0PZIvmP3N0GX+CdSD7INWWDBW55w885gKLfkB4J0TM
0RkbyeÊ~µ¾öu²÷áªM¾óÌ_ÇÞÇŒ$Z¿©é<01>o°C<C2B0>ì¾°:Ö mù¯m™“0¾ÅïJ`iWsëPÏ,T@>“œ<E2809C>|