dumpyourvms: more wireguard configs, add
prisonbreak script
This commit is contained in:
parent
9aa3aec588
commit
83d72c275a
|
@ -1,10 +1,14 @@
|
||||||
|
{
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
{
|
{
|
||||||
networking = {
|
networking = {
|
||||||
networkmanager.dns = "systemd-resolved";
|
networkmanager.dns = "systemd-resolved";
|
||||||
|
|
||||||
# https://github.com/tailscale/tailscale/issues/4432#issuecomment-1112819111
|
#networkmanager.dispatcherScripts = [
|
||||||
# https://github.com/NixOS/nixpkgs/commit/68e514ed1cf55451901e8d0edd3e8ee5102d3565
|
# { source = "${pkgs.prison-break}/bin/prison-break"; }
|
||||||
#firewall.checkReversePath = "loose";
|
#];
|
||||||
|
|
||||||
hosts = {
|
hosts = {
|
||||||
"10.0.0.42" = ["nomad.service.consul" "nomad.service.cgn-1.consul"];
|
"10.0.0.42" = ["nomad.service.consul" "nomad.service.cgn-1.consul"];
|
||||||
|
@ -28,6 +32,14 @@
|
||||||
"10.0.1.207" = ["cn06.lev-1"];
|
"10.0.1.207" = ["cn06.lev-1"];
|
||||||
"10.0.1.208" = ["cn07.lev-1"];
|
"10.0.1.208" = ["cn07.lev-1"];
|
||||||
"10.101.64.10" = ["wifi.bahn.de"];
|
"10.101.64.10" = ["wifi.bahn.de"];
|
||||||
|
"80.71.153.29" = ["eu-central.manta.greenbaum.cloud"];
|
||||||
|
"85.88.23.37" = ["git.greenbaum.cloud"];
|
||||||
|
"10.0.1.17" = ["drone.greenbaum.cloud"];
|
||||||
|
"10.0.1.2" = ["lev-1.adminui.greenbaum.cloud"];
|
||||||
|
"80.71.153.10" = ["lev-1.api.greenbaum.cloud"];
|
||||||
|
"80.71.153.12" = ["lev-1.docker.greenbaum.cloud"];
|
||||||
|
"80.71.153.56" = ["lev-1.monitor.greenbaum.cloud"];
|
||||||
|
"192.168.13.35" = ["paperless.local"];
|
||||||
};
|
};
|
||||||
|
|
||||||
wireguard.enable = true;
|
wireguard.enable = true;
|
||||||
|
@ -109,6 +121,44 @@
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
wg6 = {
|
||||||
|
address = ["10.7.6.201/32"];
|
||||||
|
privateKeyFile = "/etc/wireguard/wg6.privatekey";
|
||||||
|
|
||||||
|
peers = [
|
||||||
|
{ # nachtigall.pub.solar
|
||||||
|
publicKey = "qzNywKY9RvqTnDO8eLik75/SHveaSk9OObilDzv+xkk=";
|
||||||
|
allowedIPs = [ "10.7.6.1/32" "fd00:fae:fae:fae:fae:1::/96" ];
|
||||||
|
endpoint = "[2a01:4f8:172:1c25::1]:51820";
|
||||||
|
persistentKeepalive = 15;
|
||||||
|
}
|
||||||
|
{ # flora-6.pub.solar
|
||||||
|
publicKey = "jtSR5G2P/nm9s8WrVc26Xc/SQLupRxyXE+5eIeqlsTU=";
|
||||||
|
allowedIPs = [ "10.7.6.2/32" "fd00:fae:fae:fae:fae:2::/96" ];
|
||||||
|
endpoint = "80.71.153.210:51820";
|
||||||
|
persistentKeepalive = 15;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
# mozillavpn
|
||||||
|
moz0 = {
|
||||||
|
autostart = false;
|
||||||
|
address = ["10.142.131.196/32" "fc00:bbbb:bbbb:bb01:d:0:e:83c4/128"];
|
||||||
|
privateKeyFile = "/etc/wireguard/wg5.privatekey";
|
||||||
|
#postUp = "resolvectl dns wg4 fdaa:1:3234::3; resolvectl domain wg4 ~internal";
|
||||||
|
#preDown = "resolvectl revert wg4";
|
||||||
|
#dns = [
|
||||||
|
# "fdaa:1:3234::3, internal"
|
||||||
|
#];
|
||||||
|
|
||||||
|
peers = [
|
||||||
|
{
|
||||||
|
publicKey = "ku1NYeOAGbY65YL/JKZhrqVzDJKXQiVj9USXbfkOBA0=";
|
||||||
|
allowedIPs = ["0.0.0.0/0" "::/0"];
|
||||||
|
endpoint = "185.254.75.3:36294";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue