From 30b282a0e042a24c30755912ec728f2d2e87d2b9 Mon Sep 17 00:00:00 2001 From: iFargle Date: Mon, 11 Dec 2023 21:07:16 +0900 Subject: [PATCH] Update wireguard --- flake.nix | 2 +- nixos/hosts/framework-server/wireguard.nix | 8 ++++++++ nixos/hosts/osaka-linode-01/wireguard.nix | 7 +++++++ 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 6f9e8b1e..4f9b6f10 100644 --- a/flake.nix +++ b/flake.nix @@ -66,7 +66,7 @@ osaka-linode-01 = libx.deploy { hostname = "osaka-linode-01"; }; nixos-vm-01 = libx.deploy { hostname = "nixos-vm-01"; }; framework-server = libx.deploy { hostname = "framework-server"; }; - nixos-framework = libx.deploy { hostname = "nixos-framework"; }; + # nixos-framework = libx.deploy { hostname = "nixos-framework"; }; nixos-rpi4-01 = libx.deploy { hostname = "nixos-rpi4-01"; platform = "aarch64-linux"; }; nixos-rpi4-02 = libx.deploy { hostname = "nixos-rpi4-02"; platform = "aarch64-linux"; }; nixos-rpi4-03 = libx.deploy { hostname = "nixos-rpi4-03"; platform = "aarch64-linux"; }; diff --git a/nixos/hosts/framework-server/wireguard.nix b/nixos/hosts/framework-server/wireguard.nix index 2a173540..3d9a0eaf 100644 --- a/nixos/hosts/framework-server/wireguard.nix +++ b/nixos/hosts/framework-server/wireguard.nix @@ -1,5 +1,13 @@ { pkgs, config, lib, ... }: { + # Allow these hosts to directly communicate with their hostnames + netweorking.extraHosts = '' + 10.100.0.1 osaka-linode-01 + 10.100.0.2 framework-server + ''; + + networking.firewall.interfaces.wireguard0.allowedTCPPorts = [ 22 ]; + # Set up the secrets file: sops.secrets."wireguard_keys/framework-server" = { owner = "root"; diff --git a/nixos/hosts/osaka-linode-01/wireguard.nix b/nixos/hosts/osaka-linode-01/wireguard.nix index c7ccc580..960a3c80 100644 --- a/nixos/hosts/osaka-linode-01/wireguard.nix +++ b/nixos/hosts/osaka-linode-01/wireguard.nix @@ -1,4 +1,11 @@ { pkgs, config, lib, ... }: { + + # Allow these hosts to directly communicate with their hostnames + netweorking.extraHosts = '' + 10.100.0.1 osaka-linode-01 + 10.100.0.2 framework-server + ''; + networking.firewall.allowedUDPPorts = [ 51820 ]; networking.firewall.interfaces.wireguard0.allowedTCPPorts = [ 22 ];