forked from pub-solar/os
279 lines
8.8 KiB
Nix
279 lines
8.8 KiB
Nix
{ pkgs, lib, ... }:
|
|
{
|
|
systemd.services.wg-quick-wg5.serviceConfig.Type = lib.mkForce "simple";
|
|
systemd.services.wg-quick-wg5.serviceConfig.Restart = "on-failure";
|
|
systemd.services.wg-quick-wg5.serviceConfig.RestartSec = "5s";
|
|
|
|
networking = {
|
|
networkmanager.dns = "systemd-resolved";
|
|
|
|
#networkmanager.dispatcherScripts = [
|
|
# { source = "${pkgs.prison-break}/bin/prison-break"; }
|
|
#];
|
|
|
|
hosts = {
|
|
"10.0.0.42" = [
|
|
"nomad.service.consul"
|
|
"nomad.service.cgn-1.consul"
|
|
];
|
|
"10.0.0.66" = [ "consul.service.cgn-1.consul" ];
|
|
"10.0.1.9" = [ "consul.service.lev-1.consul" ];
|
|
"10.0.0.70" = [
|
|
"vault.service.consul"
|
|
"vault.service.cgn-1.consul"
|
|
];
|
|
"10.0.0.200" = [ "headnode.cgn-1" ];
|
|
"10.0.0.201" = [ "cn01.cgn-1" ];
|
|
"10.0.0.202" = [ "cn02.cgn-1" ];
|
|
"10.0.0.205" = [ "cn05.cgn-1" ];
|
|
"10.0.0.206" = [ "cn06.cgn-1" ];
|
|
"10.0.0.207" = [ "cn07.cgn-1" ];
|
|
"10.0.0.208" = [ "cn08.cgn-1" ];
|
|
"10.0.1.200" = [ "headnode.lev-1" ];
|
|
"10.0.1.201" = [ "cn01.lev-1" ];
|
|
"10.0.1.202" = [ "cn02.lev-1" ];
|
|
"10.0.1.203" = [ "cn03.lev-1" ];
|
|
"10.0.1.204" = [ "cn04.lev-1" ];
|
|
"10.0.1.205" = [ "cn05.lev-1" ];
|
|
"10.0.1.206" = [ "cn00.lev-1" ];
|
|
"10.0.1.207" = [ "cn06.lev-1" ];
|
|
"10.0.1.208" = [ "cn07.lev-1" ];
|
|
"10.101.64.10" = [ "wifi.bahn.de" ];
|
|
"80.71.153.29" = [ "eu-central.manta.greenbaum.cloud" ];
|
|
"85.88.23.37" = [ "git.greenbaum.cloud" ];
|
|
"10.0.1.17" = [ "drone.greenbaum.cloud" ];
|
|
"10.0.1.2" = [ "lev-1.adminui.greenbaum.cloud" ];
|
|
"80.71.153.10" = [ "lev-1.api.greenbaum.cloud" ];
|
|
"80.71.153.12" = [ "lev-1.docker.greenbaum.cloud" ];
|
|
"80.71.153.56" = [ "lev-1.monitor.greenbaum.cloud" ];
|
|
"192.168.13.25" = [
|
|
"ryzensun.local"
|
|
"cloudapi.coal-1.mnx.io"
|
|
];
|
|
};
|
|
|
|
wireguard.enable = true;
|
|
wg-quick.interfaces = {
|
|
wg0 = {
|
|
autostart = false;
|
|
address = [ "10.8.8.6/32" ];
|
|
privateKeyFile = "/etc/wireguard/wg0.privatekey";
|
|
|
|
peers = [
|
|
{
|
|
publicKey = "l0DJLicCrcrixNP6zAWTXNSEaNM2jML253BXEZ1KpiU=";
|
|
allowedIPs = [
|
|
"10.8.8.16/32"
|
|
"10.0.0.0/24"
|
|
"10.88.88.0/24"
|
|
];
|
|
endpoint = "85.88.23.16:51820";
|
|
persistentKeepalive = 25;
|
|
}
|
|
];
|
|
};
|
|
wg1 = {
|
|
autostart = false;
|
|
address = [ "192.168.188.203/24" ];
|
|
privateKeyFile = "/etc/wireguard/wg1.privatekey";
|
|
|
|
peers = [
|
|
{
|
|
publicKey = "iZkgeA/mFxBRclCa5SJYdqffClly/uho5krebcUloCY=";
|
|
allowedIPs = [ "192.168.188.0/24" ];
|
|
presharedKeyFile = "/etc/wireguard/wg1.presharedkey";
|
|
#endpoint = "85.214.70.91:50163";
|
|
#endpoint = "7gwzft61sc8txc4r.myfritz.net:50163";
|
|
endpoint = "[2a00:6020:1000:47::2ded]:50163";
|
|
persistentKeepalive = 25;
|
|
}
|
|
];
|
|
};
|
|
wg2 = {
|
|
address = [ "10.6.6.4/32" ];
|
|
privateKeyFile = "/etc/wireguard/wg2.privatekey";
|
|
|
|
peers = [
|
|
{
|
|
publicKey = "nYMmaCIW8lZ7SokivN8HXxYDch+SS1G7ab1SC9meDAw=";
|
|
presharedKeyFile = "/etc/wireguard/wg2.presharedkey";
|
|
allowedIPs = [
|
|
"10.6.6.1/32"
|
|
"10.1.1.0/24"
|
|
];
|
|
endpoint = "85.88.23.127:51820";
|
|
persistentKeepalive = 16;
|
|
}
|
|
];
|
|
};
|
|
wg3 = {
|
|
address = [ "10.11.11.2/32" ];
|
|
privateKeyFile = "/etc/wireguard/wg3.privatekey";
|
|
mtu = 1300;
|
|
|
|
peers = [
|
|
{
|
|
publicKey = "7RRgfZSneqAtAHBeI6+aaYLqz9e1jikg/lIK8mhW928=";
|
|
presharedKeyFile = "/etc/wireguard/wg3.presharedkey";
|
|
allowedIPs = [
|
|
"10.11.11.0/24"
|
|
"192.168.1.0/24"
|
|
"10.0.1.0/24"
|
|
];
|
|
endpoint = "80.71.153.1:51820";
|
|
persistentKeepalive = 16;
|
|
}
|
|
];
|
|
};
|
|
wg4 = {
|
|
address = [ "fdaa:1:3234:a7b:16a9:0:a:202/120" ];
|
|
privateKeyFile = "/etc/wireguard/wg4.privatekey";
|
|
postUp = "resolvectl dns wg4 fdaa:1:3234::3; resolvectl domain wg4 ~internal";
|
|
preDown = "resolvectl revert wg4";
|
|
#dns = [
|
|
# "fdaa:1:3234::3, internal"
|
|
#];
|
|
|
|
peers = [
|
|
{
|
|
publicKey = "yUyg63j5+17YeJ7gRhxoQuF6rvdX0JF59M6skytJFTQ=";
|
|
allowedIPs = [ "fdaa:1:3234::/48" ];
|
|
#endpoint = "ams1.gateway.6pn.dev:51820";
|
|
endpoint = "176.58.93.206:51820";
|
|
persistentKeepalive = 15;
|
|
}
|
|
];
|
|
};
|
|
wg5 = {
|
|
autostart = false;
|
|
address = [ "192.168.13.201/24" ];
|
|
privateKeyFile = "/etc/wireguard/wg5.privatekey";
|
|
postUp = "resolvectl dnsovertls wg5 no; resolvectl dns wg5 192.168.13.1; resolvectl domain wg5 ~fritz.box";
|
|
preDown = "resolvectl revert wg5";
|
|
|
|
peers = [
|
|
{
|
|
publicKey = "UhPW8jebAPaMYqjJfSFO9QAMhk0E+dq4i6lB4Wjg91Q=";
|
|
presharedKeyFile = "/etc/wireguard/wg5.presharedkey";
|
|
allowedIPs = [ "192.168.13.0/24" ];
|
|
endpoint = "svxqr7qjmk9beu7t.myfritz.net:59538";
|
|
#endpoint = "84.44.134.172:59538";
|
|
persistentKeepalive = 25;
|
|
}
|
|
];
|
|
};
|
|
wg6 = {
|
|
address = [
|
|
"10.7.6.201/32"
|
|
"fd00:fae:fae:fae:fae:201::/96"
|
|
];
|
|
privateKeyFile = "/etc/wireguard/wg6.privatekey";
|
|
|
|
peers = [
|
|
{
|
|
# nachtigall.pub.solar
|
|
publicKey = "qzNywKY9RvqTnDO8eLik75/SHveaSk9OObilDzv+xkk=";
|
|
allowedIPs = [
|
|
"10.7.6.1/32"
|
|
"fd00:fae:fae:fae:fae:1::/96"
|
|
];
|
|
#endpoint = "138.201.80.102:51820";
|
|
endpoint = "[2a01:4f8:172:1c25::1]:51820";
|
|
persistentKeepalive = 15;
|
|
}
|
|
{
|
|
# flora-6.pub.solar
|
|
publicKey = "jtSR5G2P/nm9s8WrVc26Xc/SQLupRxyXE+5eIeqlsTU=";
|
|
allowedIPs = [
|
|
"10.7.6.2/32"
|
|
"fd00:fae:fae:fae:fae:2::/96"
|
|
];
|
|
endpoint = "80.71.153.210:51820";
|
|
persistentKeepalive = 15;
|
|
}
|
|
{
|
|
# metronom.pub.solar
|
|
publicKey = "zOSYGO7MfnOOUnzaTcWiKRQM0qqxR3JQrwx/gtEtHmo=";
|
|
allowedIPs = [
|
|
"10.7.6.3/32"
|
|
"fd00:fae:fae:fae:fae:3::/96"
|
|
];
|
|
endpoint = "49.13.236.167:51820";
|
|
#endpoint = "[2a01:4f8:c2c:7082::]:51820";
|
|
persistentKeepalive = 15;
|
|
}
|
|
{
|
|
# tankstelle.pub.solar
|
|
publicKey = "iRTlY1lB7nPXf2eXzX8ZZDkfMmXyGjff5/joccbP8Cg=";
|
|
allowedIPs = [
|
|
"10.7.6.4/32"
|
|
"fd00:fae:fae:fae:fae:4::/96"
|
|
];
|
|
#endpoint = "80.244.242.5:51820";
|
|
endpoint = "[2001:4d88:1ffa:26::5]:51820";
|
|
persistentKeepalive = 15;
|
|
}
|
|
{
|
|
# trinkgenossin.pub.solar
|
|
publicKey = "QWgHovHxtqiQhnHLouSWiT6GIoQDmuvnThYL5c/rvU4=";
|
|
allowedIPs = [
|
|
"10.7.6.5/32"
|
|
"fd00:fae:fae:fae:fae:5::/96"
|
|
];
|
|
#endpoint = "80.244.242.5:51820";
|
|
endpoint = "[2a01:239:35d:f500::1]:51820";
|
|
persistentKeepalive = 15;
|
|
}
|
|
{
|
|
# delite.pub.solar
|
|
publicKey = "ZT2qGWgMPwHRUOZmTQHWCRX4m14YwOsiszjsA5bpc2k=";
|
|
allowedIPs = [
|
|
"10.7.6.6/32"
|
|
"fd00:fae:fae:fae:fae:6::/96"
|
|
];
|
|
#endpoint = "80.244.242.5:51820";
|
|
endpoint = "[2a04:52c0:124:9d8c::2]:51820";
|
|
persistentKeepalive = 15;
|
|
}
|
|
{
|
|
# blue-shell.pub.solar
|
|
publicKey = "bcrIpWrKc1M+Hq4ds3aN1lTaKE26f2rvXhd+93QrzR8=";
|
|
allowedIPs = [
|
|
"10.7.6.7/32"
|
|
"fd00:fae:fae:fae:fae:7::/96"
|
|
];
|
|
#endpoint = "80.244.242.5:51820";
|
|
endpoint = "[2a03:4000:43:24e::1]:51820";
|
|
persistentKeepalive = 15;
|
|
}
|
|
];
|
|
};
|
|
# mozillavpn
|
|
moz0 = {
|
|
autostart = false;
|
|
address = [
|
|
"10.142.131.196/32"
|
|
"fc00:bbbb:bbbb:bb01:d:0:e:83c4/128"
|
|
];
|
|
privateKeyFile = "/etc/wireguard/moz0.privatekey";
|
|
#postUp = "resolvectl dns wg4 fdaa:1:3234::3; resolvectl domain wg4 ~internal";
|
|
#preDown = "resolvectl revert wg4";
|
|
#dns = [
|
|
# "fdaa:1:3234::3, internal"
|
|
#];
|
|
|
|
peers = [
|
|
{
|
|
publicKey = "ku1NYeOAGbY65YL/JKZhrqVzDJKXQiVj9USXbfkOBA0=";
|
|
allowedIPs = [
|
|
"0.0.0.0/0"
|
|
"::/0"
|
|
];
|
|
endpoint = "185.254.75.3:36294";
|
|
}
|
|
];
|
|
};
|
|
};
|
|
};
|
|
}
|