{ pkgs, ... }: { networking = { networkmanager.dns = "systemd-resolved"; #networkmanager.dispatcherScripts = [ # { source = "${pkgs.prison-break}/bin/prison-break"; } #]; hosts = { "10.0.0.42" = ["nomad.service.consul" "nomad.service.cgn-1.consul"]; "10.0.0.66" = ["consul.service.cgn-1.consul"]; "10.0.1.9" = ["consul.service.lev-1.consul"]; "10.0.0.70" = ["vault.service.consul" "vault.service.cgn-1.consul"]; "10.0.0.200" = ["headnode.cgn-1"]; "10.0.0.201" = ["cn01.cgn-1"]; "10.0.0.202" = ["cn02.cgn-1"]; "10.0.0.205" = ["cn05.cgn-1"]; "10.0.0.206" = ["cn06.cgn-1"]; "10.0.0.207" = ["cn07.cgn-1"]; "10.0.0.208" = ["cn08.cgn-1"]; "10.0.1.200" = ["headnode.lev-1"]; "10.0.1.201" = ["cn01.lev-1"]; "10.0.1.202" = ["cn02.lev-1"]; "10.0.1.203" = ["cn03.lev-1"]; "10.0.1.204" = ["cn04.lev-1"]; "10.0.1.205" = ["cn05.lev-1"]; "10.0.1.206" = ["cn00.lev-1"]; "10.0.1.207" = ["cn06.lev-1"]; "10.0.1.208" = ["cn07.lev-1"]; "10.101.64.10" = ["wifi.bahn.de"]; "80.71.153.29" = ["eu-central.manta.greenbaum.cloud"]; "85.88.23.37" = ["git.greenbaum.cloud"]; "10.0.1.17" = ["drone.greenbaum.cloud"]; "10.0.1.2" = ["lev-1.adminui.greenbaum.cloud"]; "80.71.153.10" = ["lev-1.api.greenbaum.cloud"]; "80.71.153.12" = ["lev-1.docker.greenbaum.cloud"]; "80.71.153.56" = ["lev-1.monitor.greenbaum.cloud"]; "192.168.13.35" = ["paperless.local"]; }; wireguard.enable = true; wg-quick.interfaces = { wg0 = { autostart = false; address = ["10.8.8.6/32"]; privateKeyFile = "/etc/wireguard/wg0.privatekey"; peers = [ { publicKey = "l0DJLicCrcrixNP6zAWTXNSEaNM2jML253BXEZ1KpiU="; allowedIPs = ["10.8.8.16/32" "10.0.0.0/24" "10.88.88.0/24"]; endpoint = "85.88.23.16:51820"; persistentKeepalive = 25; } ]; }; wg1 = { address = ["192.168.188.203/24"]; privateKeyFile = "/etc/wireguard/wg1.privatekey"; peers = [ { publicKey = "iZkgeA/mFxBRclCa5SJYdqffClly/uho5krebcUloCY="; allowedIPs = ["192.168.188.0/24"]; presharedKeyFile = "/etc/wireguard/wg1.presharedkey"; #endpoint = "85.214.70.91:50163"; #endpoint = "7gwzft61sc8txc4r.myfritz.net:50163"; endpoint = "[2a00:6020:1000:47::2ded]:50163"; persistentKeepalive = 25; } ]; }; wg2 = { address = ["10.6.6.4/32"]; privateKeyFile = "/etc/wireguard/wg2.privatekey"; peers = [ { publicKey = "nYMmaCIW8lZ7SokivN8HXxYDch+SS1G7ab1SC9meDAw="; presharedKeyFile = "/etc/wireguard/wg2.presharedkey"; allowedIPs = ["10.6.6.1/32" "10.1.1.0/24"]; endpoint = "85.88.23.127:51820"; persistentKeepalive = 16; } ]; }; wg3 = { address = ["10.11.11.2/32"]; privateKeyFile = "/etc/wireguard/wg3.privatekey"; mtu = 1300; peers = [ { publicKey = "7RRgfZSneqAtAHBeI6+aaYLqz9e1jikg/lIK8mhW928="; presharedKeyFile = "/etc/wireguard/wg3.presharedkey"; allowedIPs = ["10.11.11.0/24" "192.168.1.0/24" "10.0.1.0/24"]; endpoint = "80.71.153.1:51820"; persistentKeepalive = 16; } ]; }; wg4 = { address = ["fdaa:1:3234:a7b:16a9:0:a:202/120"]; privateKeyFile = "/etc/wireguard/wg4.privatekey"; postUp = "resolvectl dns wg4 fdaa:1:3234::3; resolvectl domain wg4 ~internal"; preDown = "resolvectl revert wg4"; #dns = [ # "fdaa:1:3234::3, internal" #]; peers = [ { publicKey = "yUyg63j5+17YeJ7gRhxoQuF6rvdX0JF59M6skytJFTQ="; allowedIPs = ["fdaa:1:3234::/48"]; #endpoint = "ams1.gateway.6pn.dev:51820"; endpoint = "176.58.93.206:51820"; persistentKeepalive = 15; } ]; }; wg5 = { autostart = false; address = ["192.168.13.201/24"]; privateKeyFile = "/etc/wireguard/wg5.privatekey"; postUp = "resolvectl dnsovertls wg5 no; resolvectl dns wg5 192.168.13.1; resolvectl domain wg5 ~fritz.box"; preDown = "resolvectl revert wg5"; peers = [ { publicKey = "UhPW8jebAPaMYqjJfSFO9QAMhk0E+dq4i6lB4Wjg91Q="; presharedKeyFile = "/etc/wireguard/wg5.presharedkey"; allowedIPs = [ "192.168.13.0/24" ]; endpoint = "ktjh20jr89gkcqwr.myfritz.net:59538"; persistentKeepalive = 25; } ]; }; wg6 = { address = ["10.7.6.201/32" "fd00:fae:fae:fae:fae:201::/96"]; privateKeyFile = "/etc/wireguard/wg6.privatekey"; peers = [ { # nachtigall.pub.solar publicKey = "qzNywKY9RvqTnDO8eLik75/SHveaSk9OObilDzv+xkk="; allowedIPs = [ "10.7.6.1/32" "fd00:fae:fae:fae:fae:1::/96" ]; #endpoint = "138.201.80.102:51820"; endpoint = "[2a01:4f8:172:1c25::1]:51820"; persistentKeepalive = 15; } { # flora-6.pub.solar publicKey = "jtSR5G2P/nm9s8WrVc26Xc/SQLupRxyXE+5eIeqlsTU="; allowedIPs = [ "10.7.6.2/32" "fd00:fae:fae:fae:fae:2::/96" ]; endpoint = "80.71.153.210:51820"; persistentKeepalive = 15; } { # metronom.pub.solar publicKey = "zOSYGO7MfnOOUnzaTcWiKRQM0qqxR3JQrwx/gtEtHmo="; allowedIPs = [ "10.7.6.3/32" "fd00:fae:fae:fae:fae:3::/96" ]; endpoint = "49.13.236.167:51820"; #endpoint = "[2a01:4f8:c2c:7082::]:51820"; persistentKeepalive = 15; } { # tankstelle.pub.solar publicKey = "iRTlY1lB7nPXf2eXzX8ZZDkfMmXyGjff5/joccbP8Cg="; allowedIPs = [ "10.7.6.4/32" "fd00:fae:fae:fae:fae:4::/96" ]; #endpoint = "80.244.242.5:51820"; endpoint = "[2001:4d88:1ffa:26::5]:51820"; persistentKeepalive = 15; } ]; }; # mozillavpn moz0 = { autostart = false; address = ["10.142.131.196/32" "fc00:bbbb:bbbb:bb01:d:0:e:83c4/128"]; privateKeyFile = "/etc/wireguard/moz0.privatekey"; #postUp = "resolvectl dns wg4 fdaa:1:3234::3; resolvectl domain wg4 ~internal"; #preDown = "resolvectl revert wg4"; #dns = [ # "fdaa:1:3234::3, internal" #]; peers = [ { publicKey = "ku1NYeOAGbY65YL/JKZhrqVzDJKXQiVj9USXbfkOBA0="; allowedIPs = ["0.0.0.0/0" "::/0"]; endpoint = "185.254.75.3:36294"; } ]; }; }; }; }