os/hosts/dumpyourvms/networking.nix

279 lines
8.8 KiB
Nix

{ pkgs, lib, ... }:
{
systemd.services.wg-quick-wg5.serviceConfig.Type = lib.mkForce "simple";
systemd.services.wg-quick-wg5.serviceConfig.Restart = "on-failure";
systemd.services.wg-quick-wg5.serviceConfig.RestartSec = "5s";
networking = {
networkmanager.dns = "systemd-resolved";
#networkmanager.dispatcherScripts = [
# { source = "${pkgs.prison-break}/bin/prison-break"; }
#];
hosts = {
"10.0.0.42" = [
"nomad.service.consul"
"nomad.service.cgn-1.consul"
];
"10.0.0.66" = [ "consul.service.cgn-1.consul" ];
"10.0.1.9" = [ "consul.service.lev-1.consul" ];
"10.0.0.70" = [
"vault.service.consul"
"vault.service.cgn-1.consul"
];
"10.0.0.200" = [ "headnode.cgn-1" ];
"10.0.0.201" = [ "cn01.cgn-1" ];
"10.0.0.202" = [ "cn02.cgn-1" ];
"10.0.0.205" = [ "cn05.cgn-1" ];
"10.0.0.206" = [ "cn06.cgn-1" ];
"10.0.0.207" = [ "cn07.cgn-1" ];
"10.0.0.208" = [ "cn08.cgn-1" ];
"10.0.1.200" = [ "headnode.lev-1" ];
"10.0.1.201" = [ "cn01.lev-1" ];
"10.0.1.202" = [ "cn02.lev-1" ];
"10.0.1.203" = [ "cn03.lev-1" ];
"10.0.1.204" = [ "cn04.lev-1" ];
"10.0.1.205" = [ "cn05.lev-1" ];
"10.0.1.206" = [ "cn00.lev-1" ];
"10.0.1.207" = [ "cn06.lev-1" ];
"10.0.1.208" = [ "cn07.lev-1" ];
"10.101.64.10" = [ "wifi.bahn.de" ];
"80.71.153.29" = [ "eu-central.manta.greenbaum.cloud" ];
"85.88.23.37" = [ "git.greenbaum.cloud" ];
"10.0.1.17" = [ "drone.greenbaum.cloud" ];
"10.0.1.2" = [ "lev-1.adminui.greenbaum.cloud" ];
"80.71.153.10" = [ "lev-1.api.greenbaum.cloud" ];
"80.71.153.12" = [ "lev-1.docker.greenbaum.cloud" ];
"80.71.153.56" = [ "lev-1.monitor.greenbaum.cloud" ];
"192.168.13.25" = [
"ryzensun.local"
"cloudapi.coal-1.mnx.io"
];
};
wireguard.enable = true;
wg-quick.interfaces = {
wg0 = {
autostart = false;
address = [ "10.8.8.6/32" ];
privateKeyFile = "/etc/wireguard/wg0.privatekey";
peers = [
{
publicKey = "l0DJLicCrcrixNP6zAWTXNSEaNM2jML253BXEZ1KpiU=";
allowedIPs = [
"10.8.8.16/32"
"10.0.0.0/24"
"10.88.88.0/24"
];
endpoint = "85.88.23.16:51820";
persistentKeepalive = 25;
}
];
};
wg1 = {
autostart = false;
address = [ "192.168.188.203/24" ];
privateKeyFile = "/etc/wireguard/wg1.privatekey";
peers = [
{
publicKey = "iZkgeA/mFxBRclCa5SJYdqffClly/uho5krebcUloCY=";
allowedIPs = [ "192.168.188.0/24" ];
presharedKeyFile = "/etc/wireguard/wg1.presharedkey";
#endpoint = "85.214.70.91:50163";
#endpoint = "7gwzft61sc8txc4r.myfritz.net:50163";
endpoint = "[2a00:6020:1000:47::2ded]:50163";
persistentKeepalive = 25;
}
];
};
wg2 = {
address = [ "10.6.6.4/32" ];
privateKeyFile = "/etc/wireguard/wg2.privatekey";
peers = [
{
publicKey = "nYMmaCIW8lZ7SokivN8HXxYDch+SS1G7ab1SC9meDAw=";
presharedKeyFile = "/etc/wireguard/wg2.presharedkey";
allowedIPs = [
"10.6.6.1/32"
"10.1.1.0/24"
];
endpoint = "85.88.23.127:51820";
persistentKeepalive = 16;
}
];
};
wg3 = {
address = [ "10.11.11.2/32" ];
privateKeyFile = "/etc/wireguard/wg3.privatekey";
mtu = 1300;
peers = [
{
publicKey = "7RRgfZSneqAtAHBeI6+aaYLqz9e1jikg/lIK8mhW928=";
presharedKeyFile = "/etc/wireguard/wg3.presharedkey";
allowedIPs = [
"10.11.11.0/24"
"192.168.1.0/24"
"10.0.1.0/24"
];
endpoint = "80.71.153.1:51820";
persistentKeepalive = 16;
}
];
};
wg4 = {
address = [ "fdaa:1:3234:a7b:16a9:0:a:202/120" ];
privateKeyFile = "/etc/wireguard/wg4.privatekey";
postUp = "resolvectl dns wg4 fdaa:1:3234::3; resolvectl domain wg4 ~internal";
preDown = "resolvectl revert wg4";
#dns = [
# "fdaa:1:3234::3, internal"
#];
peers = [
{
publicKey = "yUyg63j5+17YeJ7gRhxoQuF6rvdX0JF59M6skytJFTQ=";
allowedIPs = [ "fdaa:1:3234::/48" ];
#endpoint = "ams1.gateway.6pn.dev:51820";
endpoint = "176.58.93.206:51820";
persistentKeepalive = 15;
}
];
};
wg5 = {
autostart = false;
address = [ "192.168.13.201/24" ];
privateKeyFile = "/etc/wireguard/wg5.privatekey";
postUp = "resolvectl dnsovertls wg5 no; resolvectl dns wg5 192.168.13.1; resolvectl domain wg5 ~fritz.box";
preDown = "resolvectl revert wg5";
peers = [
{
publicKey = "UhPW8jebAPaMYqjJfSFO9QAMhk0E+dq4i6lB4Wjg91Q=";
presharedKeyFile = "/etc/wireguard/wg5.presharedkey";
allowedIPs = [ "192.168.13.0/24" ];
endpoint = "svxqr7qjmk9beu7t.myfritz.net:59538";
#endpoint = "84.44.134.172:59538";
persistentKeepalive = 25;
}
];
};
wg6 = {
address = [
"10.7.6.201/32"
"fd00:fae:fae:fae:fae:201::/96"
];
privateKeyFile = "/etc/wireguard/wg6.privatekey";
peers = [
{
# nachtigall.pub.solar
publicKey = "qzNywKY9RvqTnDO8eLik75/SHveaSk9OObilDzv+xkk=";
allowedIPs = [
"10.7.6.1/32"
"fd00:fae:fae:fae:fae:1::/96"
];
#endpoint = "138.201.80.102:51820";
endpoint = "[2a01:4f8:172:1c25::1]:51820";
persistentKeepalive = 15;
}
{
# flora-6.pub.solar
publicKey = "jtSR5G2P/nm9s8WrVc26Xc/SQLupRxyXE+5eIeqlsTU=";
allowedIPs = [
"10.7.6.2/32"
"fd00:fae:fae:fae:fae:2::/96"
];
endpoint = "80.71.153.210:51820";
persistentKeepalive = 15;
}
{
# metronom.pub.solar
publicKey = "zOSYGO7MfnOOUnzaTcWiKRQM0qqxR3JQrwx/gtEtHmo=";
allowedIPs = [
"10.7.6.3/32"
"fd00:fae:fae:fae:fae:3::/96"
];
endpoint = "49.13.236.167:51820";
#endpoint = "[2a01:4f8:c2c:7082::]:51820";
persistentKeepalive = 15;
}
{
# tankstelle.pub.solar
publicKey = "iRTlY1lB7nPXf2eXzX8ZZDkfMmXyGjff5/joccbP8Cg=";
allowedIPs = [
"10.7.6.4/32"
"fd00:fae:fae:fae:fae:4::/96"
];
#endpoint = "80.244.242.5:51820";
endpoint = "[2001:4d88:1ffa:26::5]:51820";
persistentKeepalive = 15;
}
{
# trinkgenossin.pub.solar
publicKey = "QWgHovHxtqiQhnHLouSWiT6GIoQDmuvnThYL5c/rvU4=";
allowedIPs = [
"10.7.6.5/32"
"fd00:fae:fae:fae:fae:5::/96"
];
#endpoint = "80.244.242.5:51820";
endpoint = "[2a01:239:35d:f500::1]:51820";
persistentKeepalive = 15;
}
{
# delite.pub.solar
publicKey = "ZT2qGWgMPwHRUOZmTQHWCRX4m14YwOsiszjsA5bpc2k=";
allowedIPs = [
"10.7.6.6/32"
"fd00:fae:fae:fae:fae:6::/96"
];
#endpoint = "80.244.242.5:51820";
endpoint = "[2a04:52c0:124:9d8c::2]:51820";
persistentKeepalive = 15;
}
{
# blue-shell.pub.solar
publicKey = "bcrIpWrKc1M+Hq4ds3aN1lTaKE26f2rvXhd+93QrzR8=";
allowedIPs = [
"10.7.6.7/32"
"fd00:fae:fae:fae:fae:7::/96"
];
#endpoint = "80.244.242.5:51820";
endpoint = "[2a03:4000:43:24e::1]:51820";
persistentKeepalive = 15;
}
];
};
# mozillavpn
moz0 = {
autostart = false;
address = [
"10.142.131.196/32"
"fc00:bbbb:bbbb:bb01:d:0:e:83c4/128"
];
privateKeyFile = "/etc/wireguard/moz0.privatekey";
#postUp = "resolvectl dns wg4 fdaa:1:3234::3; resolvectl domain wg4 ~internal";
#preDown = "resolvectl revert wg4";
#dns = [
# "fdaa:1:3234::3, internal"
#];
peers = [
{
publicKey = "ku1NYeOAGbY65YL/JKZhrqVzDJKXQiVj9USXbfkOBA0=";
allowedIPs = [
"0.0.0.0/0"
"::/0"
];
endpoint = "185.254.75.3:36294";
}
];
};
};
};
}