forked from pub-solar/infra
tankstelle: configure wireguard
This commit is contained in:
parent
b039dec111
commit
941eff6d87
|
@ -28,6 +28,15 @@
|
||||||
"fd00:fae:fae:fae:fae:2::/96"
|
"fd00:fae:fae:fae:fae:2::/96"
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
# tankstelle.pub.solar
|
||||||
|
endpoint = "80.244.242.5:51820";
|
||||||
|
publicKey = "iRTlY1lB7nPXf2eXzX8ZZDkfMmXyGjff5/joccbP8Cg=";
|
||||||
|
allowedIPs = [
|
||||||
|
"10.7.6.4/32"
|
||||||
|
"fd00:fae:fae:fae:fae:4::/96"
|
||||||
|
];
|
||||||
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
|
|
||||||
./networking.nix
|
./networking.nix
|
||||||
./forgejo-actions-runner.nix
|
./forgejo-actions-runner.nix
|
||||||
#./wireguard.nix
|
./wireguard.nix
|
||||||
#./backups.nix
|
#./backups.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,27 +7,18 @@
|
||||||
{
|
{
|
||||||
networking.firewall.allowedUDPPorts = [ 51820 ];
|
networking.firewall.allowedUDPPorts = [ 51820 ];
|
||||||
|
|
||||||
age.secrets.wg-private-key.file = "${flake.self}/secrets/metronom-wg-private-key.age";
|
age.secrets.wg-private-key.file = "${flake.self}/secrets/tankstelle-wg-private-key.age";
|
||||||
|
|
||||||
networking.wireguard.interfaces = {
|
networking.wireguard.interfaces = {
|
||||||
wg-ssh = {
|
wg-ssh = {
|
||||||
listenPort = 51820;
|
listenPort = 51820;
|
||||||
mtu = 1300;
|
mtu = 1300;
|
||||||
ips = [
|
ips = [
|
||||||
"10.7.6.3/32"
|
"10.7.6.4/32"
|
||||||
"fd00:fae:fae:fae:fae:3::/96"
|
"fd00:fae:fae:fae:fae:4::/96"
|
||||||
];
|
];
|
||||||
privateKeyFile = config.age.secrets.wg-private-key.path;
|
privateKeyFile = config.age.secrets.wg-private-key.path;
|
||||||
peers = flake.self.logins.admins.wireguardDevices ++ [
|
peers = flake.self.logins.admins.wireguardDevices ++ [
|
||||||
{
|
|
||||||
# flora-6.pub.solar
|
|
||||||
endpoint = "80.71.153.210:51820";
|
|
||||||
publicKey = "jtSR5G2P/nm9s8WrVc26Xc/SQLupRxyXE+5eIeqlsTU=";
|
|
||||||
allowedIPs = [
|
|
||||||
"10.7.6.2/32"
|
|
||||||
"fd00:fae:fae:fae:fae:2::/96"
|
|
||||||
];
|
|
||||||
}
|
|
||||||
{
|
{
|
||||||
# nachtigall.pub.solar
|
# nachtigall.pub.solar
|
||||||
endpoint = "138.201.80.102:51820";
|
endpoint = "138.201.80.102:51820";
|
||||||
|
@ -41,14 +32,14 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.openssh.listenAddresses = [
|
#services.openssh.listenAddresses = [
|
||||||
{
|
# {
|
||||||
addr = "10.7.6.3";
|
# addr = "10.7.6.4";
|
||||||
port = 22;
|
# port = 22;
|
||||||
}
|
# }
|
||||||
{
|
# {
|
||||||
addr = "[fd00:fae:fae:fae:fae:3::]";
|
# addr = "[fd00:fae:fae:fae:fae:4::]";
|
||||||
port = 22;
|
# port = 22;
|
||||||
}
|
# }
|
||||||
];
|
#];
|
||||||
}
|
}
|
||||||
|
|
|
@ -28,7 +28,6 @@
|
||||||
networking.firewall.interfaces.wg-ssh.allowedTCPPorts = [ 22 ];
|
networking.firewall.interfaces.wg-ssh.allowedTCPPorts = [ 22 ];
|
||||||
|
|
||||||
networking.hosts = {
|
networking.hosts = {
|
||||||
"138.201.80.102" = [ "git.${config.pub-solar-os.networking.domain}" ];
|
|
||||||
"10.7.6.1" = [ "nachtigall.${config.pub-solar-os.networking.domain}" ];
|
"10.7.6.1" = [ "nachtigall.${config.pub-solar-os.networking.domain}" ];
|
||||||
"10.7.6.2" = [ "flora-6.${config.pub-solar-os.networking.domain}" ];
|
"10.7.6.2" = [ "flora-6.${config.pub-solar-os.networking.domain}" ];
|
||||||
};
|
};
|
||||||
|
|
|
@ -20,6 +20,7 @@ in
|
||||||
"nachtigall-root-ssh-key.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"nachtigall-root-ssh-key.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
|
|
||||||
"nachtigall-wg-private-key.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"nachtigall-wg-private-key.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
|
"tankstelle-wg-private-key.age".publicKeys = tankstelleKeys ++ adminKeys;
|
||||||
"flora6-wg-private-key.age".publicKeys = flora6Keys ++ adminKeys;
|
"flora6-wg-private-key.age".publicKeys = flora6Keys ++ adminKeys;
|
||||||
|
|
||||||
"mastodon-secret-key-base.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"mastodon-secret-key-base.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
|
|
45
secrets/tankstelle-wg-private-key.age
Normal file
45
secrets/tankstelle-wg-private-key.age
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 1X0eLA MwsWZb3girtAXvxgr3IBZhSthg5xzC2z88WIkG2GTDk
|
||||||
|
4yKFoIU/SbKcpSXYShUwEY6KV9o59bgIsDCJ0POOmZU
|
||||||
|
-> ssh-ed25519 uYcDNw 4CPU+vcJcXt+sVSD60ThkWWu87wEzo/TkFAfkJ7lAxU
|
||||||
|
K5ubfpowb/mBjRS9AaoEuPJEAy3jZQF9vBVK6+StrEE
|
||||||
|
-> ssh-rsa f5THog
|
||||||
|
GVZN3/Yl8OX+j8GuAp5ixsmz59HS+0z9OeGMoUl3m4S0kjpl39vY5+Fd5SXTtNLB
|
||||||
|
O5itG/nbo4lK/PVtH/s3UuzRlEvGzASkxTVGZAXBUgXlPf6hsUdxUhLn8G1DRTj9
|
||||||
|
qmZyk5ERH/uqA8LIH8kBWPE8OJ9qf5oVwttOuJLlkrmiojEvbK4Egf4pBAKxv1Vu
|
||||||
|
JUwoO2W5QxB9lOkOiGOfq6e++pWL+PN1URpGFxbvmM7N6OKNhix+HV9lBdTbS4tl
|
||||||
|
uP8n0nrM5h5yh7Waz+aAVb7Wu4YgsFCEmGlhEksM/tiHFun+9kFI3xUNTTO3PbYP
|
||||||
|
KH6KAV8mOA8tL/6PNbbLmaHp5v7//5Abgjmy1BCwNe/WfZiTVLmGDaOpW7qE0pcq
|
||||||
|
h+ooOk81MenF84FRQGEEMMBVHgckxxCGYYve7bEsWMJP+ua1BmZjQu/I2LpXN6OA
|
||||||
|
KtoPcnmCGyrZMWKLVdSjzeeEqKk7wtG6BISeLdguF4pEUN2Qoqppx33UQ0ztACf1
|
||||||
|
PHAsKbABkCG0yZz13M0bKSCP1O3HWzy2Cmw0EU+WbP6GEGCWmzZRDmjI9+CgtowH
|
||||||
|
9jz16+1k0PgO5EjV2s1Hijt0gEizl2Q07c2/BYx97951BOR9/LGVRKGtduXixf4a
|
||||||
|
qFt0Qw0JPZwP2XaXJmJ9x+4e1go5ydJFNnhcvTMUx3I
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
mM/LqZJl+5sDjDRhUZlPiFH43+BKkawgiPkQ6eNQmvS7fGjS6FWyGteiRdzxHax3
|
||||||
|
y2YE0GC0EmllMfXpjidHQHd4IBP82LrAlry2if9QYOdxtPg3577EZT1XFsR4Eegx
|
||||||
|
9xuG0+UYIYoEi4wUnnc58z/lV/iCJ4hTBsSMD69ciPdUVzeaA7RoFKImuLx3zhu4
|
||||||
|
Gc5ggAFKL9CYwMaJATB3e6+kTu3jkSUSa6vc4D0z7x7Sd2LjRN/THHlpvQQyMi4e
|
||||||
|
XREkhSNbOHp3mADLv7taFnjwUS/MltFDV8bPsemKmg+He0cVWc4JZynxaRXgdo4p
|
||||||
|
I3zkYcuWuUzWLgr6l8Aj4B7vd9tk9D0YyPmyMFWhq/IYjx62o/qTUSmBsluj2cqg
|
||||||
|
pg+45m/WTEAI7vnZXPcSlgbXyll1QE5TISqd7ugRyL3QhzR0h6TkRbMn5iCb15xy
|
||||||
|
zAgDCaN7z9Xhz9Y4zZG1zrKiF2qCNuZa6ZrgKRZLiFaVmhPvizCeYaZpRI2BfWwH
|
||||||
|
mo957eHh1//DIAbqWwRfblGZJUbuMK/vyvPoRsum3Pgft2LZLYF0U4vd8b0W5wBW
|
||||||
|
GBH3+zJBz5hhZVY96b5e70a6Uuwzub51RJlSJ07kNA/n5F1dN+8BFZlp52vCCSXQ
|
||||||
|
yzNnGZVnVF451CrsLtotzScO4r5KULpJaLK7Vkx20RE
|
||||||
|
-> piv-p256 vRzPNw AoFeX/N95u7AJHk3CEuFIf7tr0vYaGD+vFeh03kOmj2+
|
||||||
|
qBrMOjlgPdY9hDUeMBZ/oWkduTr2fyHkQWPzjU8wsKE
|
||||||
|
-> piv-p256 zqq/iw A6134rkgfZQCqdSsE4PtaAq8QfJP5h/+L9WxfvQ6nFSg
|
||||||
|
kz/3tibowB2x7akq8slScl3XW9OcOFqUaVMA5hP03CQ
|
||||||
|
-> ssh-ed25519 YFSOsg TjpLEHbKVX8eT5FJyj5OjoczjlbfE1QxrSQV7nmK3z8
|
||||||
|
+60JLcmaQEwEHkwRSD8ZxOVKfPfp+oCIxNz26h4EW4Q
|
||||||
|
-> ssh-ed25519 iHV63A /EMk1Hj4P0+VDBWneswmBE6rKRLuTBkcR42Y3NAGCxs
|
||||||
|
gFK/5AZAGptQ2GNbT25oiM1jENs70UYJVmBsH/9FRBE
|
||||||
|
-> ssh-ed25519 BVsyTA LwsnNWko4BLTMYIsW+iaagyTq1amhYfB+p0HUikzwT4
|
||||||
|
7rZengSXZzlTFh/FFVS8Jt+LMJZQ2wE7F3al1+DFe9Y
|
||||||
|
-> ssh-ed25519 +3V2lQ JGc07grd52VZSARjFBckyoA7D6686kSP/rhW6B8CiCg
|
||||||
|
R77Oha9dKKYX7YxHbeiVRwpSgxNeUQcQIld1v30xwaE
|
||||||
|
--- 8J1Hx/Cb3bTUm4llIEeQx+YUwHkX9XzTIAZm+YdJxVQ
|
||||||
|
}ÙÛKuØwˆe[ªºQ
|
||||||
|
s^p§x‘æÉ¡Éi·9a;Hݲ…ÑÃynÄÁ
|
||||||
|
QáÐÌëùóƒÈÂqöekµà;j¦ùôú7È©\„
|
|
@ -19,6 +19,11 @@ resource "namecheap_domain_records" "pub-solar" {
|
||||||
type = "A"
|
type = "A"
|
||||||
address = "80.71.153.210"
|
address = "80.71.153.210"
|
||||||
}
|
}
|
||||||
|
record {
|
||||||
|
hostname = "tankstelle"
|
||||||
|
type = "A"
|
||||||
|
address = "80.244.242.5"
|
||||||
|
}
|
||||||
record {
|
record {
|
||||||
hostname = "alerts"
|
hostname = "alerts"
|
||||||
type = "A"
|
type = "A"
|
||||||
|
|
Loading…
Reference in a new issue