Testing rpi4-01 instead lf -3 with the wg forwarder
This commit is contained in:
parent
6b3f1bccb0
commit
8ccba671c2
7 changed files with 44 additions and 33 deletions
|
@ -12,6 +12,5 @@
|
||||||
mandatoryFeatures = [ ];
|
mandatoryFeatures = [ ];
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
nix.distributedBuilds = true;
|
|
||||||
nix.extraOptions = ''builders-use-substitutes = true'';
|
nix.extraOptions = ''builders-use-substitutes = true'';
|
||||||
}
|
}
|
|
@ -6,6 +6,8 @@
|
||||||
(modulesPath + "/installer/scan/not-detected.nix")
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
|
||||||
];
|
];
|
||||||
|
# Enable distributed Builds
|
||||||
|
nix.distributedBuilds = true;
|
||||||
#####################################################################################
|
#####################################################################################
|
||||||
# BEGIN hardware config
|
# BEGIN hardware config
|
||||||
#####################################################################################
|
#####################################################################################
|
||||||
|
@ -50,34 +52,4 @@
|
||||||
|
|
||||||
# Temporary
|
# Temporary
|
||||||
# networking.firewall.allowedTCPPorts = [ 22 ];
|
# networking.firewall.allowedTCPPorts = [ 22 ];
|
||||||
|
|
||||||
# Set up the secrets file:
|
|
||||||
sops.secrets."wireguard_keys/osaka-vultr-01" = {
|
|
||||||
owner = "root";
|
|
||||||
sopsFile = ../../../secrets/wireguard.yaml;
|
|
||||||
};
|
|
||||||
sops.secrets."wireguard_keys/preshared_key" = {
|
|
||||||
owner = "root";
|
|
||||||
sopsFile = ../../../secrets/wireguard.yaml;
|
|
||||||
};
|
|
||||||
|
|
||||||
# Wireguard Forwarder
|
|
||||||
networking.wireguard = {
|
|
||||||
enable = true;
|
|
||||||
interfaces = {
|
|
||||||
"wireguard0" = {
|
|
||||||
privateKeyFile = "/run/secrets/wireguard_keys/nixos-rpi4-01";
|
|
||||||
# Testing
|
|
||||||
peers = [
|
|
||||||
{ # osaka-vultr-01
|
|
||||||
publicKey = "yPZ3EmmIqCkReXf1DRTxzVaKQ2k+ifGmYJHji5nnMmE=";
|
|
||||||
persistentKeepalive = 5;
|
|
||||||
allowedIPs = [ "0.0.0.0/0" ];
|
|
||||||
endpoint = "64.176.54.57:51820";
|
|
||||||
presharedKeyFile = "/run/secrets/wireguard_keys/preshared_key";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
}
|
|
@ -5,6 +5,8 @@
|
||||||
imports = [
|
imports = [
|
||||||
(modulesPath + "/installer/scan/not-detected.nix")
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
];
|
];
|
||||||
|
# Enable distributed Builds
|
||||||
|
nix.distributedBuilds = true;
|
||||||
#####################################################################################
|
#####################################################################################
|
||||||
# BEGIN hardware config
|
# BEGIN hardware config
|
||||||
#####################################################################################
|
#####################################################################################
|
||||||
|
|
|
@ -6,6 +6,8 @@
|
||||||
(modulesPath + "/installer/scan/not-detected.nix")
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
|
||||||
];
|
];
|
||||||
|
# Enable distributed Builds
|
||||||
|
nix.distributedBuilds = true;
|
||||||
#####################################################################################
|
#####################################################################################
|
||||||
# BEGIN hardware config
|
# BEGIN hardware config
|
||||||
#####################################################################################
|
#####################################################################################
|
||||||
|
@ -50,4 +52,34 @@
|
||||||
|
|
||||||
# Temporary
|
# Temporary
|
||||||
# networking.firewall.allowedTCPPorts = [ 22 ];
|
# networking.firewall.allowedTCPPorts = [ 22 ];
|
||||||
|
|
||||||
|
# Set up the secrets file:
|
||||||
|
sops.secrets."wireguard_keys/osaka-vultr-03" = {
|
||||||
|
owner = "root";
|
||||||
|
sopsFile = ../../../secrets/wireguard.yaml;
|
||||||
|
};
|
||||||
|
sops.secrets."wireguard_keys/preshared_key" = {
|
||||||
|
owner = "root";
|
||||||
|
sopsFile = ../../../secrets/wireguard.yaml;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Wireguard Forwarder
|
||||||
|
networking.wireguard = {
|
||||||
|
enable = true;
|
||||||
|
interfaces = {
|
||||||
|
"wireguard0" = {
|
||||||
|
privateKeyFile = "/run/secrets/wireguard_keys/nixos-rpi4-03";
|
||||||
|
# Testing
|
||||||
|
peers = [
|
||||||
|
{ # osaka-vultr-01
|
||||||
|
publicKey = "yPZ3EmmIqCkReXf1DRTxzVaKQ2k+ifGmYJHji5nnMmE=";
|
||||||
|
persistentKeepalive = 5;
|
||||||
|
allowedIPs = [ "0.0.0.0/0" ];
|
||||||
|
endpoint = "64.176.54.57:51820";
|
||||||
|
presharedKeyFile = "/run/secrets/wireguard_keys/preshared_key";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
|
@ -2,6 +2,9 @@
|
||||||
imports = [
|
imports = [
|
||||||
./disks.nix
|
./disks.nix
|
||||||
];
|
];
|
||||||
|
# Enable distributed Builds
|
||||||
|
nix.distributedBuilds = true;
|
||||||
|
|
||||||
nixpkgs.config.allowUnfree = false;
|
nixpkgs.config.allowUnfree = false;
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "ata_piix" "ohci_pci" "virtio_pci" "virtio_blk" "sr_mod" ];
|
boot.initrd.availableKernelModules = [ "ata_piix" "ohci_pci" "virtio_pci" "virtio_blk" "sr_mod" ];
|
||||||
|
@ -41,7 +44,7 @@
|
||||||
privateKeyFile = "/run/secrets/wireguard_keys/osaka-vultr-01";
|
privateKeyFile = "/run/secrets/wireguard_keys/osaka-vultr-01";
|
||||||
# Testing
|
# Testing
|
||||||
peers = [
|
peers = [
|
||||||
{ # nixos-rpi4-01
|
{ # nixos-rpi4-03
|
||||||
publicKey = "trHvfNtQ7HKMiJjxEXo2Iubq5G6egjx7gHiBlDmJ5Ek=";
|
publicKey = "trHvfNtQ7HKMiJjxEXo2Iubq5G6egjx7gHiBlDmJ5Ek=";
|
||||||
allowedIPs = [ "10.100.0.2/32" ];
|
allowedIPs = [ "10.100.0.2/32" ];
|
||||||
persistentKeepalive = 5;
|
persistentKeepalive = 5;
|
||||||
|
|
|
@ -6,6 +6,9 @@
|
||||||
# Services
|
# Services
|
||||||
./common/services/openssh.nix
|
./common/services/openssh.nix
|
||||||
./common/services/fail2ban.nix
|
./common/services/fail2ban.nix
|
||||||
|
./common/services/tailscale.nix
|
||||||
|
./common/services/promtail.nix
|
||||||
|
./common/services/telegraf.nix
|
||||||
|
|
||||||
# NixOS Modules
|
# NixOS Modules
|
||||||
./common/modules/networking.nix # Initial Networking configs
|
./common/modules/networking.nix # Initial Networking configs
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
wireguard_keys:
|
wireguard_keys:
|
||||||
preshared_key: ENC[AES256_GCM,data:yt61mO1KEyZbElTu8an1oWcapY6ufz64NQvSYKk7GdLVQCh63kpSGRfrqXc=,iv:hJt2oanEYp9uD57qK3l86hHSdAaW4UPpaeosMnlOUKE=,tag:iix3Zd6ivNy6qh7lqhtsOQ==,type:str]
|
preshared_key: ENC[AES256_GCM,data:yt61mO1KEyZbElTu8an1oWcapY6ufz64NQvSYKk7GdLVQCh63kpSGRfrqXc=,iv:hJt2oanEYp9uD57qK3l86hHSdAaW4UPpaeosMnlOUKE=,tag:iix3Zd6ivNy6qh7lqhtsOQ==,type:str]
|
||||||
nixos-rpi4-01: ENC[AES256_GCM,data:82xdm0quC/VGrWU6GZGXGplrKn4Wu0yTzgHWfpgjke4C3KlsqhSrX4DqXfw=,iv:qTMuBUr8XLlG5J+Koh7G4vArrYmj/FcNs3TFqX68sRc=,tag:EsSPYkoSU1w7OmLmh51Kow==,type:str]
|
nixos-rpi4-03: ENC[AES256_GCM,data:82xdm0quC/VGrWU6GZGXGplrKn4Wu0yTzgHWfpgjke4C3KlsqhSrX4DqXfw=,iv:qTMuBUr8XLlG5J+Koh7G4vArrYmj/FcNs3TFqX68sRc=,tag:EsSPYkoSU1w7OmLmh51Kow==,type:str]
|
||||||
osaka-vultr-01: ENC[AES256_GCM,data:GsUCoViT/fDUXwzwuEUEd98aZJSfwwOVpY3iiopZPUfEpOTOOAwy05zRlfE=,iv:gzQq62HYNrnc32MggfupZ6uX4qfismpha7Nc+ySyvdU=,tag:K04ePrcP2z4sIoLvHNMSpg==,type:str]
|
osaka-vultr-01: ENC[AES256_GCM,data:GsUCoViT/fDUXwzwuEUEd98aZJSfwwOVpY3iiopZPUfEpOTOOAwy05zRlfE=,iv:gzQq62HYNrnc32MggfupZ6uX4qfismpha7Nc+ySyvdU=,tag:K04ePrcP2z4sIoLvHNMSpg==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
|
|
Loading…
Reference in a new issue