Testing rpi4-01 instead lf -3 with the wg forwarder
This commit is contained in:
parent
6b3f1bccb0
commit
8ccba671c2
7 changed files with 44 additions and 33 deletions
|
@ -12,6 +12,5 @@
|
|||
mandatoryFeatures = [ ];
|
||||
}
|
||||
];
|
||||
nix.distributedBuilds = true;
|
||||
nix.extraOptions = ''builders-use-substitutes = true'';
|
||||
}
|
|
@ -6,6 +6,8 @@
|
|||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
|
||||
];
|
||||
# Enable distributed Builds
|
||||
nix.distributedBuilds = true;
|
||||
#####################################################################################
|
||||
# BEGIN hardware config
|
||||
#####################################################################################
|
||||
|
@ -50,34 +52,4 @@
|
|||
|
||||
# Temporary
|
||||
# networking.firewall.allowedTCPPorts = [ 22 ];
|
||||
|
||||
# Set up the secrets file:
|
||||
sops.secrets."wireguard_keys/osaka-vultr-01" = {
|
||||
owner = "root";
|
||||
sopsFile = ../../../secrets/wireguard.yaml;
|
||||
};
|
||||
sops.secrets."wireguard_keys/preshared_key" = {
|
||||
owner = "root";
|
||||
sopsFile = ../../../secrets/wireguard.yaml;
|
||||
};
|
||||
|
||||
# Wireguard Forwarder
|
||||
networking.wireguard = {
|
||||
enable = true;
|
||||
interfaces = {
|
||||
"wireguard0" = {
|
||||
privateKeyFile = "/run/secrets/wireguard_keys/nixos-rpi4-01";
|
||||
# Testing
|
||||
peers = [
|
||||
{ # osaka-vultr-01
|
||||
publicKey = "yPZ3EmmIqCkReXf1DRTxzVaKQ2k+ifGmYJHji5nnMmE=";
|
||||
persistentKeepalive = 5;
|
||||
allowedIPs = [ "0.0.0.0/0" ];
|
||||
endpoint = "64.176.54.57:51820";
|
||||
presharedKeyFile = "/run/secrets/wireguard_keys/preshared_key";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -5,6 +5,8 @@
|
|||
imports = [
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
# Enable distributed Builds
|
||||
nix.distributedBuilds = true;
|
||||
#####################################################################################
|
||||
# BEGIN hardware config
|
||||
#####################################################################################
|
||||
|
|
|
@ -6,6 +6,8 @@
|
|||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
|
||||
];
|
||||
# Enable distributed Builds
|
||||
nix.distributedBuilds = true;
|
||||
#####################################################################################
|
||||
# BEGIN hardware config
|
||||
#####################################################################################
|
||||
|
@ -50,4 +52,34 @@
|
|||
|
||||
# Temporary
|
||||
# networking.firewall.allowedTCPPorts = [ 22 ];
|
||||
|
||||
# Set up the secrets file:
|
||||
sops.secrets."wireguard_keys/osaka-vultr-03" = {
|
||||
owner = "root";
|
||||
sopsFile = ../../../secrets/wireguard.yaml;
|
||||
};
|
||||
sops.secrets."wireguard_keys/preshared_key" = {
|
||||
owner = "root";
|
||||
sopsFile = ../../../secrets/wireguard.yaml;
|
||||
};
|
||||
|
||||
# Wireguard Forwarder
|
||||
networking.wireguard = {
|
||||
enable = true;
|
||||
interfaces = {
|
||||
"wireguard0" = {
|
||||
privateKeyFile = "/run/secrets/wireguard_keys/nixos-rpi4-03";
|
||||
# Testing
|
||||
peers = [
|
||||
{ # osaka-vultr-01
|
||||
publicKey = "yPZ3EmmIqCkReXf1DRTxzVaKQ2k+ifGmYJHji5nnMmE=";
|
||||
persistentKeepalive = 5;
|
||||
allowedIPs = [ "0.0.0.0/0" ];
|
||||
endpoint = "64.176.54.57:51820";
|
||||
presharedKeyFile = "/run/secrets/wireguard_keys/preshared_key";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -2,6 +2,9 @@
|
|||
imports = [
|
||||
./disks.nix
|
||||
];
|
||||
# Enable distributed Builds
|
||||
nix.distributedBuilds = true;
|
||||
|
||||
nixpkgs.config.allowUnfree = false;
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ata_piix" "ohci_pci" "virtio_pci" "virtio_blk" "sr_mod" ];
|
||||
|
@ -41,7 +44,7 @@
|
|||
privateKeyFile = "/run/secrets/wireguard_keys/osaka-vultr-01";
|
||||
# Testing
|
||||
peers = [
|
||||
{ # nixos-rpi4-01
|
||||
{ # nixos-rpi4-03
|
||||
publicKey = "trHvfNtQ7HKMiJjxEXo2Iubq5G6egjx7gHiBlDmJ5Ek=";
|
||||
allowedIPs = [ "10.100.0.2/32" ];
|
||||
persistentKeepalive = 5;
|
||||
|
|
|
@ -6,6 +6,9 @@
|
|||
# Services
|
||||
./common/services/openssh.nix
|
||||
./common/services/fail2ban.nix
|
||||
./common/services/tailscale.nix
|
||||
./common/services/promtail.nix
|
||||
./common/services/telegraf.nix
|
||||
|
||||
# NixOS Modules
|
||||
./common/modules/networking.nix # Initial Networking configs
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
wireguard_keys:
|
||||
preshared_key: ENC[AES256_GCM,data:yt61mO1KEyZbElTu8an1oWcapY6ufz64NQvSYKk7GdLVQCh63kpSGRfrqXc=,iv:hJt2oanEYp9uD57qK3l86hHSdAaW4UPpaeosMnlOUKE=,tag:iix3Zd6ivNy6qh7lqhtsOQ==,type:str]
|
||||
nixos-rpi4-01: ENC[AES256_GCM,data:82xdm0quC/VGrWU6GZGXGplrKn4Wu0yTzgHWfpgjke4C3KlsqhSrX4DqXfw=,iv:qTMuBUr8XLlG5J+Koh7G4vArrYmj/FcNs3TFqX68sRc=,tag:EsSPYkoSU1w7OmLmh51Kow==,type:str]
|
||||
nixos-rpi4-03: ENC[AES256_GCM,data:82xdm0quC/VGrWU6GZGXGplrKn4Wu0yTzgHWfpgjke4C3KlsqhSrX4DqXfw=,iv:qTMuBUr8XLlG5J+Koh7G4vArrYmj/FcNs3TFqX68sRc=,tag:EsSPYkoSU1w7OmLmh51Kow==,type:str]
|
||||
osaka-vultr-01: ENC[AES256_GCM,data:GsUCoViT/fDUXwzwuEUEd98aZJSfwwOVpY3iiopZPUfEpOTOOAwy05zRlfE=,iv:gzQq62HYNrnc32MggfupZ6uX4qfismpha7Nc+ySyvdU=,tag:K04ePrcP2z4sIoLvHNMSpg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
|
|
Loading…
Reference in a new issue