diff --git a/hosts/biolimo/networking.nix b/hosts/biolimo/networking.nix index de95eda..2d5c394 100644 --- a/hosts/biolimo/networking.nix +++ b/hosts/biolimo/networking.nix @@ -12,7 +12,7 @@ pub-solar.wireguard-client = { ownIPs = [ - "10.0.1.6/32" + "10.13.12.6/32" "fd00:b12f:acab:1312:acab:6::/96" ]; wireguardPrivateKeyFile = "/run/agenix/wg-private-key"; diff --git a/hosts/chocolatebar/networking.nix b/hosts/chocolatebar/networking.nix index cea2521..c2508b7 100644 --- a/hosts/chocolatebar/networking.nix +++ b/hosts/chocolatebar/networking.nix @@ -11,7 +11,7 @@ pub-solar.wireguard-client = { ownIPs = [ - "10.0.1.5/32" + "10.13.12.5/32" "fd00:b12f:acab:1312:acab:5::/96" ]; wireguardPrivateKeyFile = "/run/agenix/wg-private-key"; diff --git a/hosts/droppie/networking.nix b/hosts/droppie/networking.nix index fc0c371..341eda7 100644 --- a/hosts/droppie/networking.nix +++ b/hosts/droppie/networking.nix @@ -21,7 +21,7 @@ pub-solar.wireguard-client = { ownIPs = [ - "10.0.1.3/32" + "10.13.12.3/32" "fd00:b12f:acab:1312:acab:3::/96" ]; wireguardPrivateKeyFile = "/run/agenix/wg-private-key"; diff --git a/hosts/frikandel/unbound.nix b/hosts/frikandel/unbound.nix index a445ca2..58d3188 100644 --- a/hosts/frikandel/unbound.nix +++ b/hosts/frikandel/unbound.nix @@ -44,40 +44,40 @@ "127.0.0.1" "::1" - "10.0.1.7" + "10.13.12.7" "fd00:b12f:acab:1312:acab:7::" ]; access-control = [ "127.0.0.1/32 allow" # Allow from wireguard - "10.0.1.0/24 allow" + "10.13.12.0/24 allow" "fd00:b12f:acab:1312::/64 allow" ]; local-zone = [ "\"b12f.io\" transparent" ]; local-data = [ - "\"droppie.b12f.io. 10800 IN A 10.0.1.3\"" + "\"droppie.b12f.io. 10800 IN A 10.13.12.3\"" "\"droppie.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:3::\"" - "\"backup.b12f.io. 10800 IN A 10.0.1.3\"" + "\"backup.b12f.io. 10800 IN A 10.13.12.3\"" "\"backup.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:3::\"" - "\"pie.b12f.io. 10800 IN A 10.0.1.2\"" + "\"pie.b12f.io. 10800 IN A 10.13.12.2\"" "\"pie.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:2::\"" - "\"firefly.b12f.io. 10800 IN A 10.0.1.2\"" + "\"firefly.b12f.io. 10800 IN A 10.13.12.2\"" "\"firefly.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:2::\"" - "\"firefly-importer.b12f.io. 10800 IN A 10.0.1.2\"" + "\"firefly-importer.b12f.io. 10800 IN A 10.13.12.2\"" "\"firefly-importer.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:2::\"" - "\"paperless.b12f.io. 10800 IN A 10.0.1.2\"" + "\"paperless.b12f.io. 10800 IN A 10.13.12.2\"" "\"paperless.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:2::\"" - "\"invoicing.b12f.io. 10800 IN A 10.0.1.2\"" + "\"invoicing.b12f.io. 10800 IN A 10.13.12.2\"" "\"invoicing.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:2::\"" "\"vpn.b12f.io. 10800 IN A 128.140.109.213\"" "\"vpn.b12f.io. 10800 IN AAAA 2a01:4f8:c2c:b60::\"" - "\"frikandel.b12f.io. 10800 IN A 10.0.1.7\"" + "\"frikandel.b12f.io. 10800 IN A 10.13.12.7\"" "\"frikandel.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\"" ]; diff --git a/hosts/frikandel/wireguard.nix b/hosts/frikandel/wireguard.nix index 215a20c..0a88f3a 100644 --- a/hosts/frikandel/wireguard.nix +++ b/hosts/frikandel/wireguard.nix @@ -51,7 +51,7 @@ listenPort = 51899; mtu = 1300; ips = [ - "10.0.1.7/32" + "10.13.12.7/32" "fd00:b12f:acab:1312:acab:7::/96" ]; privateKeyFile = "/run/agenix/wg-private-key-server"; @@ -59,7 +59,7 @@ { # pie publicKey = "hPTXEqQ2GYEywdPNdZBacwB9KKcoFZ/heClxnqmizyw="; allowedIPs = [ - "10.0.1.2/32" + "10.13.12.2/32" "fd00:b12f:acab:1312:acab:2::/96" ]; endpoint = "pie-wg.b12f.io:51899"; @@ -68,7 +68,7 @@ { # droppie publicKey = "qsnBMoj9Z16D8PJ5ummRtIfT5AiMpoF3SoOCo4sbyiw="; allowedIPs = [ - "10.0.1.3/32" + "10.13.12.3/32" "fd00:b12f:acab:1312:acab:3::/96" ]; @@ -77,7 +77,7 @@ { # chocolatebar publicKey = "nk8EtGE/QsnSEm1lhLS3/w83nOBD2OGYhODIf92G91A="; allowedIPs = [ - "10.0.1.5/32" + "10.13.12.5/32" "fd00:b12f:acab:1312:acab:5::/96" ]; @@ -86,7 +86,7 @@ { # biolimo publicKey = "4ymN7wwBuhF+h+5fFN0TqXmVyOe1AsWiTqRL0jJ3CDc="; allowedIPs = [ - "10.0.1.6/32" + "10.13.12.6/32" "fd00:b12f:acab:1312:acab:6::/96" ]; @@ -95,7 +95,7 @@ { # stroopwafel publicKey = "5iNRg13utOJ30pX2Z8SjwPNUFwfH2zonlbeYW2mKFkU="; allowedIPs = [ - "10.0.1.8/32" + "10.13.12.8/32" "fd00:b12f:acab:1312:acab:8::/96" ]; diff --git a/hosts/pie/networking.nix b/hosts/pie/networking.nix index 4f7d234..9fed0ae 100644 --- a/hosts/pie/networking.nix +++ b/hosts/pie/networking.nix @@ -31,7 +31,7 @@ pub-solar.wireguard-client = { useDNS = false; ownIPs = [ - "10.0.1.2/32" + "10.13.12.2/32" "fd00:b12f:acab:1312:acab:2::/96" ]; wireguardPrivateKeyFile = "/run/agenix/wg-private-key"; diff --git a/hosts/pie/nginx.nix b/hosts/pie/nginx.nix index de58beb..00f3ada 100644 --- a/hosts/pie/nginx.nix +++ b/hosts/pie/nginx.nix @@ -18,7 +18,7 @@ defaultListenAddresses = [ "192.168.178.2" # "2a02:908:5b1:e3c0:2::" - "10.0.1.2" + "10.13.12.2" "[fd00:b12f:acab:1312:acab:2::]" ]; }; diff --git a/hosts/pie/unbound.nix b/hosts/pie/unbound.nix index bf5bdbc..7a49b33 100644 --- a/hosts/pie/unbound.nix +++ b/hosts/pie/unbound.nix @@ -55,7 +55,7 @@ "2a02:908:5b1:e3c0::/64 allow" # Allow from wireguard - "10.0.1.0/24 allow" + "10.13.12.0/24 allow" "fd00:b12f:acab:1312::/64 allow" ]; local-zone = [ @@ -79,7 +79,7 @@ { name = "."; forward-addr = [ - "10.0.1.7" + "10.13.12.7" "fd00:b12f:acab:1312:acab:7::" "193.110.81.0#dns0.eu" diff --git a/hosts/stroopwafel/networking.nix b/hosts/stroopwafel/networking.nix index 0d62bc7..a7f67e2 100644 --- a/hosts/stroopwafel/networking.nix +++ b/hosts/stroopwafel/networking.nix @@ -12,7 +12,7 @@ pub-solar.wireguard-client = { ownIPs = [ - "10.0.1.8/32" + "10.13.12.8/32" "fd00:b12f:acab:1312:acab:8::/96" ]; wireguardPrivateKeyFile = "/run/agenix/wg-private-key"; diff --git a/modules/wireguard-client/default.nix b/modules/wireguard-client/default.nix index 260e077..7211c7d 100644 --- a/modules/wireguard-client/default.nix +++ b/modules/wireguard-client/default.nix @@ -68,7 +68,7 @@ in { ips = cfg.ownIPs; privateKeyFile = cfg.wireguardPrivateKeyFile; postSetup = lib.mkIf cfg.useDNS '' - printf "nameserver 10.0.1.7\nnameserver fd00:b12f:acab:1312:acab:7::" | resolvconf -a wg0 -m 0 -x + printf "nameserver 10.13.12.7\nnameserver fd00:b12f:acab:1312:acab:7::" | resolvconf -a wg0 -m 0 -x ''; postShutdown = lib.mkIf cfg.useDNS '' resolvconf -d wg0 -f @@ -78,7 +78,7 @@ in { # frikandel publicKey = "p6YKNYBlySKfhTN+wbSsKdoNjzko/XSAiTAlCJzP1jA="; allowedIPs = [ - "10.0.1.0/24" + "10.13.12.0/24" "fd00:b12f:acab:1312::/64" ] ++ (if cfg.fullTunnel then [ "0.0.0.0/0"