b12f/os
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

feat: enable ipv6 in wireguard

Browse source
This commit is contained in:
Benjamin Bädorf 2023-10-26 15:10:54 +02:00
parent 615ef9a856
commit 98bd9d30d8
No known key found for this signature in database
GPG key ID: 1B7BF5B77A521346
8 changed files with 26 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
hosts/biolimo/networking.nix
View file

@ -10,7 +10,7 @@
pub-solar.wireguard-client = { pub-solar.wireguard-client = {
ownIPs = [ ownIPs = [
"10.0.1.6/32" "10.0.1.6/32"
"fd00:acab:1312:acab:6::/128" "fd00:b12f:acab:1312:acab:6::/32"
]; ];
wireguardPrivateKeyFile = "/run/agenix/wg-private-key"; wireguardPrivateKeyFile = "/run/agenix/wg-private-key";
}; };

2
hosts/chocolatebar/networking.nix
View file

@ -10,7 +10,7 @@
pub-solar.wireguard-client = { pub-solar.wireguard-client = {
ownIPs = [ ownIPs = [
"10.0.1.5/32" "10.0.1.5/32"
"fd00:acab:1312:acab:5::/128" "fd00:b12f:acab:1312:acab:5::/32"
]; ];
wireguardPrivateKeyFile = "/run/agenix/wg-private-key"; wireguardPrivateKeyFile = "/run/agenix/wg-private-key";
}; };

2
hosts/droppie/networking.nix
View file

@ -10,7 +10,7 @@
pub-solar.wireguard-client = { pub-solar.wireguard-client = {
ownIPs = [ ownIPs = [
"10.0.1.3/32" "10.0.1.3/32"
"fd00:acab:1312:acab:3::/128" "fd00:b12f:acab:1312:acab:3::/32"
]; ];
wireguardPrivateKeyFile = "/run/agenix/wg-private-key"; wireguardPrivateKeyFile = "/run/agenix/wg-private-key";
}; };

6
hosts/frikandel/wireguard.nix
View file

@ -8,9 +8,9 @@
boot.kernel.sysctl = { boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1; "net.ipv4.ip_forward" = 1;
"net.ipv6.conf.all.forwarding" = 1; "net.ipv6.conf.wg0.forwarding" = 1;
"net.ipv6.conf.all.accept_ra" = 1; "net.ipv6.conf.wg0.accept_ra" = 1;
"net.ipv6.conf.all.accept_ra_pinfo" = 1; "net.ipv6.conf.wg0.accept_ra_pinfo" = 1;
}; };
networking.nat = { networking.nat = {

7
hosts/pie/networking.nix
View file

@ -25,7 +25,7 @@
# Caddy reverse proxy for local services like cups # Caddy reverse proxy for local services like cups
services.caddy = { services.caddy = {
globalConfig = '' globalConfig = ''
default_bind 192.168.178.2 2a02:908:5b1:e3c0:3077:2:: 10.0.1.2 fd00:acab:1312:acab:2:: default_bind 192.168.178.2 2a02:908:5b1:e3c0:3077:2:: 10.0.1.2 fd00:b12f:acab:1312:acab:2::
auto_https off auto_https off
''; '';
}; };
@ -33,7 +33,10 @@
age.secrets.wg-private-key.file = "${flake.self}/secrets/wg-private-pie.age"; age.secrets.wg-private-key.file = "${flake.self}/secrets/wg-private-pie.age";
pub-solar.wireguard-client = { pub-solar.wireguard-client = {
ownIPs = [ "10.0.1.2/32" ]; ownIPs = [
"10.0.1.2/32"
"fd00:b12f:acab:1312:acab:2::/32"
];
wireguardPrivateKeyFile = "/run/agenix/wg-private-key"; wireguardPrivateKeyFile = "/run/agenix/wg-private-key";
}; };
} }

16
hosts/pie/unbound.nix
View file

@ -19,7 +19,7 @@
# Allow from wireguard # Allow from wireguard
"10.0.1.0/24 allow" "10.0.1.0/24 allow"
"fd00:acab:1312:acab::/48 allow" "fd00:b12f:acab:1312:acab::/48 allow"
]; ];
local-zone = [ local-zone = [
"\"b12f.io\" static" "\"b12f.io\" static"
@ -33,23 +33,23 @@
"\"droppie.local. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:3::\"" "\"droppie.local. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:3::\""
"\"droppie.b12f.io. 10800 IN A 10.0.1.3\"" "\"droppie.b12f.io. 10800 IN A 10.0.1.3\""
"\"droppie.b12f.io. 10800 IN AAAA fd00:acab:1312:acab:3::\"" "\"droppie.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:3::\""
"\"backup.b12f.io. 10800 IN A 10.0.1.3\"" "\"backup.b12f.io. 10800 IN A 10.0.1.3\""
"\"backup.b12f.io. 10800 IN AAAA fd00:acab:1312:acab:3::\"" "\"backup.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:3::\""
"\"pie.local. 10800 IN A 192.168.178.2\"" "\"pie.local. 10800 IN A 192.168.178.2\""
"\"pie.local. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:2::\"" "\"pie.local. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:2::\""
"\"pie.b12f.io. 10800 IN A 10.0.1.2\"" "\"pie.b12f.io. 10800 IN A 10.0.1.2\""
"\"pie.b12f.io. 10800 IN AAAA fd00:acab:1312:acab:2::\"" "\"pie.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:2::\""
"\"firefly.b12f.io. 10800 IN A 10.0.1.2\"" "\"firefly.b12f.io. 10800 IN A 10.0.1.2\""
"\"firefly.b12f.io. 10800 IN AAAA fd00:acab:1312:acab:2::\"" "\"firefly.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:2::\""
"\"firefly-importer.b12f.io. 10800 IN A 10.0.1.2\"" "\"firefly-importer.b12f.io. 10800 IN A 10.0.1.2\""
"\"firefly-importer.b12f.io. 10800 IN AAAA fd00:acab:1312:acab:2::\"" "\"firefly-importer.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:2::\""
"\"paperless.b12f.io. 10800 IN A 10.0.1.2\"" "\"paperless.b12f.io. 10800 IN A 10.0.1.2\""
"\"paperless.b12f.io. 10800 IN AAAA fd00:acab:1312:acab:2::\"" "\"paperless.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:2::\""
"\"invoicing.b12f.io. 10800 IN A 10.0.1.2\"" "\"invoicing.b12f.io. 10800 IN A 10.0.1.2\""
"\"invoicing.b12f.io. 10800 IN AAAA fd00:acab:1312:acab:2::\"" "\"invoicing.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:2::\""
"\"vpn.b12f.io. 10800 IN A 128.140.109.213\"" "\"vpn.b12f.io. 10800 IN A 128.140.109.213\""
"\"vpn.b12f.io. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:2::\"" "\"vpn.b12f.io. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:2::\""

2
modules/wireguard-client/default.nix
View file

@ -42,7 +42,7 @@ in {
publicKey = "p6YKNYBlySKfhTN+wbSsKdoNjzko/XSAiTAlCJzP1jA="; publicKey = "p6YKNYBlySKfhTN+wbSsKdoNjzko/XSAiTAlCJzP1jA=";
allowedIPs = [ allowedIPs = [
"10.0.1.0/24" "10.0.1.0/24"
"fd00:b12f:acab:1312:acab::/48" "fd00:b12f:acab:1312::/64"
]; ];
endpoint = "[2a01:4f8:c2c:b60::]:51899"; endpoint = "[2a01:4f8:c2c:b60::]:51899";
persistentKeepalive = 25; persistentKeepalive = 25;

12
users/b12f/home.nix
View file

@ -18,11 +18,6 @@ in {
programs.ssh = { programs.ssh = {
enable = true; enable = true;
matchBlocks = { matchBlocks = {
"pie.local" = {
hostname = "pie.local";
user = "yule";
};
"git.b12f.io" = { "git.b12f.io" = {
hostname = "git.b12f.io"; hostname = "git.b12f.io";
user = "git"; user = "git";
@ -73,12 +68,17 @@ in {
port = 2244; port = 2244;
}; };
"pie.local" = {
hostname = "pie.local";
user = "yule";
};
"pie.b12f.io" = { "pie.b12f.io" = {
user = "yule"; user = "yule";
}; };
"frikandel-initrd.b12f.io" = { "frikandel-initrd.b12f.io" = {
user = "yule"; user = "root";
port = 2222; port = 2222;
}; };