wireguard: change network to 10.13.12.0/24

2024-02-08 19:23:22 +01:00 · 2024-02-08 19:23:22 +01:00 · 5abeeb8751
parent 67e924f022
commit 5abeeb8751
10 changed files with 26 additions and 26 deletions
--- a/hosts/biolimo/networking.nix
+++ b/hosts/biolimo/networking.nix
@ -12,7 +12,7 @@
  pub-solar.wireguard-client = {
    ownIPs = [
-      "10.0.1.6/32"
+      "10.13.12.6/32"
      "fd00:b12f:acab:1312:acab:6::/96"
    ];
    wireguardPrivateKeyFile = "/run/agenix/wg-private-key";
--- a/hosts/chocolatebar/networking.nix
+++ b/hosts/chocolatebar/networking.nix
@ -11,7 +11,7 @@
  pub-solar.wireguard-client = {
    ownIPs = [
-      "10.0.1.5/32"
+      "10.13.12.5/32"
      "fd00:b12f:acab:1312:acab:5::/96"
    ];
    wireguardPrivateKeyFile = "/run/agenix/wg-private-key";
--- a/hosts/droppie/networking.nix
+++ b/hosts/droppie/networking.nix
@ -21,7 +21,7 @@
  pub-solar.wireguard-client = {
    ownIPs = [
-      "10.0.1.3/32"
+      "10.13.12.3/32"
      "fd00:b12f:acab:1312:acab:3::/96"
    ];
    wireguardPrivateKeyFile = "/run/agenix/wg-private-key";
--- a/hosts/frikandel/unbound.nix
+++ b/hosts/frikandel/unbound.nix
@ -44,40 +44,40 @@
          "127.0.0.1"
          "::1"
-          "10.0.1.7"
+          "10.13.12.7"
          "fd00:b12f:acab:1312:acab:7::"
        ];
        access-control = [
          "127.0.0.1/32 allow"
          # Allow from wireguard
-          "10.0.1.0/24 allow"
+          "10.13.12.0/24 allow"
          "fd00:b12f:acab:1312::/64 allow"
        ];
        local-zone = [
          "\"b12f.io\" transparent"
        ];
        local-data = [
-          "\"droppie.b12f.io. 10800 IN A 10.0.1.3\""
+          "\"droppie.b12f.io. 10800 IN A 10.13.12.3\""
          "\"droppie.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:3::\""
-          "\"backup.b12f.io. 10800 IN A 10.0.1.3\""
+          "\"backup.b12f.io. 10800 IN A 10.13.12.3\""
          "\"backup.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:3::\""
-          "\"pie.b12f.io. 10800 IN A 10.0.1.2\""
+          "\"pie.b12f.io. 10800 IN A 10.13.12.2\""
          "\"pie.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:2::\""
-          "\"firefly.b12f.io. 10800 IN A 10.0.1.2\""
+          "\"firefly.b12f.io. 10800 IN A 10.13.12.2\""
          "\"firefly.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:2::\""
-          "\"firefly-importer.b12f.io. 10800 IN A 10.0.1.2\""
+          "\"firefly-importer.b12f.io. 10800 IN A 10.13.12.2\""
          "\"firefly-importer.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:2::\""
-          "\"paperless.b12f.io. 10800 IN A 10.0.1.2\""
+          "\"paperless.b12f.io. 10800 IN A 10.13.12.2\""
          "\"paperless.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:2::\""
-          "\"invoicing.b12f.io. 10800 IN A 10.0.1.2\""
+          "\"invoicing.b12f.io. 10800 IN A 10.13.12.2\""
          "\"invoicing.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:2::\""
          "\"vpn.b12f.io. 10800 IN A 128.140.109.213\""
          "\"vpn.b12f.io. 10800 IN AAAA 2a01:4f8:c2c:b60::\""
-          "\"frikandel.b12f.io. 10800 IN A 10.0.1.7\""
+          "\"frikandel.b12f.io. 10800 IN A 10.13.12.7\""
          "\"frikandel.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\""
        ];
--- a/hosts/frikandel/wireguard.nix
+++ b/hosts/frikandel/wireguard.nix
@ -51,7 +51,7 @@
      listenPort = 51899;
      mtu = 1300;
      ips = [
-        "10.0.1.7/32"
+        "10.13.12.7/32"
        "fd00:b12f:acab:1312:acab:7::/96"
      ];
      privateKeyFile = "/run/agenix/wg-private-key-server";
@ -59,7 +59,7 @@
        { # pie
          publicKey = "hPTXEqQ2GYEywdPNdZBacwB9KKcoFZ/heClxnqmizyw=";
          allowedIPs = [
-            "10.0.1.2/32"
+            "10.13.12.2/32"
            "fd00:b12f:acab:1312:acab:2::/96"
          ];
          endpoint = "pie-wg.b12f.io:51899";
@ -68,7 +68,7 @@
        { # droppie
          publicKey = "qsnBMoj9Z16D8PJ5ummRtIfT5AiMpoF3SoOCo4sbyiw=";
          allowedIPs = [
-            "10.0.1.3/32"
+            "10.13.12.3/32"
            "fd00:b12f:acab:1312:acab:3::/96"
          ];
@ -77,7 +77,7 @@
        { # chocolatebar
          publicKey = "nk8EtGE/QsnSEm1lhLS3/w83nOBD2OGYhODIf92G91A=";
          allowedIPs = [
-            "10.0.1.5/32"
+            "10.13.12.5/32"
            "fd00:b12f:acab:1312:acab:5::/96"
          ];
@ -86,7 +86,7 @@
        { # biolimo
          publicKey = "4ymN7wwBuhF+h+5fFN0TqXmVyOe1AsWiTqRL0jJ3CDc=";
          allowedIPs = [
-            "10.0.1.6/32"
+            "10.13.12.6/32"
            "fd00:b12f:acab:1312:acab:6::/96"
          ];
@ -95,7 +95,7 @@
        { # stroopwafel
          publicKey = "5iNRg13utOJ30pX2Z8SjwPNUFwfH2zonlbeYW2mKFkU=";
          allowedIPs = [
-            "10.0.1.8/32"
+            "10.13.12.8/32"
            "fd00:b12f:acab:1312:acab:8::/96"
          ];
--- a/hosts/pie/networking.nix
+++ b/hosts/pie/networking.nix
@ -31,7 +31,7 @@
  pub-solar.wireguard-client = {
    useDNS = false;
    ownIPs = [
-      "10.0.1.2/32"
+      "10.13.12.2/32"
      "fd00:b12f:acab:1312:acab:2::/96"
    ];
    wireguardPrivateKeyFile = "/run/agenix/wg-private-key";
--- a/hosts/pie/nginx.nix
+++ b/hosts/pie/nginx.nix
@ -18,7 +18,7 @@
    defaultListenAddresses = [
      "192.168.178.2"
      # "2a02:908:5b1:e3c0:2::"
-      "10.0.1.2"
+      "10.13.12.2"
      "[fd00:b12f:acab:1312:acab:2::]"
    ];
  };
--- a/hosts/pie/unbound.nix
+++ b/hosts/pie/unbound.nix
@ -55,7 +55,7 @@
          "2a02:908:5b1:e3c0::/64 allow"
          # Allow from wireguard
-          "10.0.1.0/24 allow"
+          "10.13.12.0/24 allow"
          "fd00:b12f:acab:1312::/64 allow"
        ];
        local-zone = [
@ -79,7 +79,7 @@
        {
          name = ".";
          forward-addr = [
-            "10.0.1.7"
+            "10.13.12.7"
            "fd00:b12f:acab:1312:acab:7::"
            "193.110.81.0#dns0.eu"
--- a/hosts/stroopwafel/networking.nix
+++ b/hosts/stroopwafel/networking.nix
@ -12,7 +12,7 @@
  pub-solar.wireguard-client = {
    ownIPs = [
-      "10.0.1.8/32"
+      "10.13.12.8/32"
      "fd00:b12f:acab:1312:acab:8::/96"
    ];
    wireguardPrivateKeyFile = "/run/agenix/wg-private-key";
--- a/modules/wireguard-client/default.nix
+++ b/modules/wireguard-client/default.nix
@ -68,7 +68,7 @@ in {
        ips = cfg.ownIPs;
        privateKeyFile = cfg.wireguardPrivateKeyFile;
        postSetup = lib.mkIf cfg.useDNS ''
-          printf "nameserver 10.0.1.7\nnameserver fd00:b12f:acab:1312:acab:7::" | resolvconf -a wg0 -m 0 -x
+          printf "nameserver 10.13.12.7\nnameserver fd00:b12f:acab:1312:acab:7::" | resolvconf -a wg0 -m 0 -x
        '';
        postShutdown = lib.mkIf cfg.useDNS ''
          resolvconf -d wg0 -f
@ -78,7 +78,7 @@ in {
            # frikandel
            publicKey = "p6YKNYBlySKfhTN+wbSsKdoNjzko/XSAiTAlCJzP1jA=";
            allowedIPs = [
-              "10.0.1.0/24"
+              "10.13.12.0/24"
              "fd00:b12f:acab:1312::/64"
            ] ++ (if cfg.fullTunnel then [
              "0.0.0.0/0"