diff --git a/flake.nix b/flake.nix index 6f9e8b1e..4f9b6f10 100644 --- a/flake.nix +++ b/flake.nix @@ -66,7 +66,7 @@ osaka-linode-01 = libx.deploy { hostname = "osaka-linode-01"; }; nixos-vm-01 = libx.deploy { hostname = "nixos-vm-01"; }; framework-server = libx.deploy { hostname = "framework-server"; }; - nixos-framework = libx.deploy { hostname = "nixos-framework"; }; + # nixos-framework = libx.deploy { hostname = "nixos-framework"; }; nixos-rpi4-01 = libx.deploy { hostname = "nixos-rpi4-01"; platform = "aarch64-linux"; }; nixos-rpi4-02 = libx.deploy { hostname = "nixos-rpi4-02"; platform = "aarch64-linux"; }; nixos-rpi4-03 = libx.deploy { hostname = "nixos-rpi4-03"; platform = "aarch64-linux"; }; diff --git a/nixos/hosts/framework-server/wireguard.nix b/nixos/hosts/framework-server/wireguard.nix index 2a173540..3d9a0eaf 100644 --- a/nixos/hosts/framework-server/wireguard.nix +++ b/nixos/hosts/framework-server/wireguard.nix @@ -1,5 +1,13 @@ { pkgs, config, lib, ... }: { + # Allow these hosts to directly communicate with their hostnames + netweorking.extraHosts = '' + 10.100.0.1 osaka-linode-01 + 10.100.0.2 framework-server + ''; + + networking.firewall.interfaces.wireguard0.allowedTCPPorts = [ 22 ]; + # Set up the secrets file: sops.secrets."wireguard_keys/framework-server" = { owner = "root"; diff --git a/nixos/hosts/osaka-linode-01/wireguard.nix b/nixos/hosts/osaka-linode-01/wireguard.nix index c7ccc580..960a3c80 100644 --- a/nixos/hosts/osaka-linode-01/wireguard.nix +++ b/nixos/hosts/osaka-linode-01/wireguard.nix @@ -1,4 +1,11 @@ { pkgs, config, lib, ... }: { + + # Allow these hosts to directly communicate with their hostnames + netweorking.extraHosts = '' + 10.100.0.1 osaka-linode-01 + 10.100.0.2 framework-server + ''; + networking.firewall.allowedUDPPorts = [ 51820 ]; networking.firewall.interfaces.wireguard0.allowedTCPPorts = [ 22 ];