115 lines
3.7 KiB
Nix
115 lines
3.7 KiB
Nix
{
|
|
networking = {
|
|
networkmanager.dns = "systemd-resolved";
|
|
|
|
# https://github.com/tailscale/tailscale/issues/4432#issuecomment-1112819111
|
|
# https://github.com/NixOS/nixpkgs/commit/68e514ed1cf55451901e8d0edd3e8ee5102d3565
|
|
#firewall.checkReversePath = "loose";
|
|
|
|
hosts = {
|
|
"10.0.0.42" = ["nomad.service.consul" "nomad.service.cgn-1.consul"];
|
|
"10.0.0.66" = ["consul.service.cgn-1.consul"];
|
|
"10.0.1.9" = ["consul.service.lev-1.consul"];
|
|
"10.0.0.70" = ["vault.service.consul" "vault.service.cgn-1.consul"];
|
|
"10.0.0.200" = ["headnode.cgn-1"];
|
|
"10.0.0.201" = ["cn01.cgn-1"];
|
|
"10.0.0.202" = ["cn02.cgn-1"];
|
|
"10.0.0.205" = ["cn05.cgn-1"];
|
|
"10.0.0.206" = ["cn06.cgn-1"];
|
|
"10.0.0.207" = ["cn07.cgn-1"];
|
|
"10.0.0.208" = ["cn08.cgn-1"];
|
|
"10.0.1.200" = ["headnode.lev-1"];
|
|
"10.0.1.201" = ["cn01.lev-1"];
|
|
"10.0.1.202" = ["cn02.lev-1"];
|
|
"10.0.1.203" = ["cn03.lev-1"];
|
|
"10.0.1.204" = ["cn04.lev-1"];
|
|
"10.0.1.205" = ["cn05.lev-1"];
|
|
"10.0.1.206" = ["cn00.lev-1"];
|
|
"10.0.1.207" = ["cn06.lev-1"];
|
|
"10.0.1.208" = ["cn07.lev-1"];
|
|
"10.101.64.10" = ["wifi.bahn.de"];
|
|
};
|
|
|
|
wireguard.enable = true;
|
|
wg-quick.interfaces = {
|
|
wg0 = {
|
|
address = ["10.8.8.6/32"];
|
|
privateKeyFile = "/etc/wireguard/wg0.privatekey";
|
|
|
|
peers = [
|
|
{
|
|
publicKey = "l0DJLicCrcrixNP6zAWTXNSEaNM2jML253BXEZ1KpiU=";
|
|
allowedIPs = ["10.8.8.16/32" "10.0.0.0/24" "10.88.88.0/24"];
|
|
endpoint = "85.88.23.16:51820";
|
|
persistentKeepalive = 25;
|
|
}
|
|
];
|
|
};
|
|
wg1 = {
|
|
address = ["192.168.188.203/24"];
|
|
privateKeyFile = "/etc/wireguard/wg1.privatekey";
|
|
|
|
peers = [
|
|
{
|
|
publicKey = "iZkgeA/mFxBRclCa5SJYdqffClly/uho5krebcUloCY=";
|
|
allowedIPs = ["192.168.188.0/24"];
|
|
presharedKeyFile = "/etc/wireguard/wg1.presharedkey";
|
|
#endpoint = "85.214.70.91:50163";
|
|
#endpoint = "7gwzft61sc8txc4r.myfritz.net:50163";
|
|
endpoint = "[2a00:6020:1000:47::2ded]:50163";
|
|
persistentKeepalive = 25;
|
|
}
|
|
];
|
|
};
|
|
wg2 = {
|
|
address = ["10.6.6.4/32"];
|
|
privateKeyFile = "/etc/wireguard/wg2.privatekey";
|
|
|
|
peers = [
|
|
{
|
|
publicKey = "nYMmaCIW8lZ7SokivN8HXxYDch+SS1G7ab1SC9meDAw=";
|
|
presharedKeyFile = "/etc/wireguard/wg2.presharedkey";
|
|
allowedIPs = ["10.6.6.1/32" "10.1.1.0/24"];
|
|
endpoint = "85.88.23.127:51820";
|
|
persistentKeepalive = 16;
|
|
}
|
|
];
|
|
};
|
|
wg3 = {
|
|
address = ["10.11.11.2/32"];
|
|
privateKeyFile = "/etc/wireguard/wg3.privatekey";
|
|
mtu = 1300;
|
|
|
|
peers = [
|
|
{
|
|
publicKey = "7RRgfZSneqAtAHBeI6+aaYLqz9e1jikg/lIK8mhW928=";
|
|
presharedKeyFile = "/etc/wireguard/wg3.presharedkey";
|
|
allowedIPs = ["10.11.11.0/24" "192.168.1.0/24" "10.0.1.0/24"];
|
|
endpoint = "80.71.153.1:51820";
|
|
persistentKeepalive = 16;
|
|
}
|
|
];
|
|
};
|
|
wg4 = {
|
|
address = ["fdaa:1:3234:a7b:16a9:0:a:202/120"];
|
|
privateKeyFile = "/etc/wireguard/wg4.privatekey";
|
|
postUp = "resolvectl dns wg4 fdaa:1:3234::3; resolvectl domain wg4 ~internal";
|
|
preDown = "resolvectl revert wg4";
|
|
#dns = [
|
|
# "fdaa:1:3234::3, internal"
|
|
#];
|
|
|
|
peers = [
|
|
{
|
|
publicKey = "yUyg63j5+17YeJ7gRhxoQuF6rvdX0JF59M6skytJFTQ=";
|
|
allowedIPs = ["fdaa:1:3234::/48"];
|
|
#endpoint = "ams1.gateway.6pn.dev:51820";
|
|
endpoint = "176.58.93.206:51820";
|
|
persistentKeepalive = 15;
|
|
}
|
|
];
|
|
};
|
|
};
|
|
};
|
|
}
|