Testing rpi4-01 instead lf -3 with the wg forwarder

This commit is contained in:
iFargle 2023-10-07 19:33:05 +09:00
parent 6b3f1bccb0
commit 8ccba671c2
7 changed files with 44 additions and 33 deletions

View file

@ -12,6 +12,5 @@
mandatoryFeatures = [ ];
}
];
nix.distributedBuilds = true;
nix.extraOptions = ''builders-use-substitutes = true'';
}

View file

@ -6,6 +6,8 @@
(modulesPath + "/installer/scan/not-detected.nix")
];
# Enable distributed Builds
nix.distributedBuilds = true;
#####################################################################################
# BEGIN hardware config
#####################################################################################
@ -50,34 +52,4 @@
# Temporary
# networking.firewall.allowedTCPPorts = [ 22 ];
# Set up the secrets file:
sops.secrets."wireguard_keys/osaka-vultr-01" = {
owner = "root";
sopsFile = ../../../secrets/wireguard.yaml;
};
sops.secrets."wireguard_keys/preshared_key" = {
owner = "root";
sopsFile = ../../../secrets/wireguard.yaml;
};
# Wireguard Forwarder
networking.wireguard = {
enable = true;
interfaces = {
"wireguard0" = {
privateKeyFile = "/run/secrets/wireguard_keys/nixos-rpi4-01";
# Testing
peers = [
{ # osaka-vultr-01
publicKey = "yPZ3EmmIqCkReXf1DRTxzVaKQ2k+ifGmYJHji5nnMmE=";
persistentKeepalive = 5;
allowedIPs = [ "0.0.0.0/0" ];
endpoint = "64.176.54.57:51820";
presharedKeyFile = "/run/secrets/wireguard_keys/preshared_key";
}
];
};
};
};
}

View file

@ -5,6 +5,8 @@
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
# Enable distributed Builds
nix.distributedBuilds = true;
#####################################################################################
# BEGIN hardware config
#####################################################################################

View file

@ -6,6 +6,8 @@
(modulesPath + "/installer/scan/not-detected.nix")
];
# Enable distributed Builds
nix.distributedBuilds = true;
#####################################################################################
# BEGIN hardware config
#####################################################################################
@ -50,4 +52,34 @@
# Temporary
# networking.firewall.allowedTCPPorts = [ 22 ];
# Set up the secrets file:
sops.secrets."wireguard_keys/osaka-vultr-03" = {
owner = "root";
sopsFile = ../../../secrets/wireguard.yaml;
};
sops.secrets."wireguard_keys/preshared_key" = {
owner = "root";
sopsFile = ../../../secrets/wireguard.yaml;
};
# Wireguard Forwarder
networking.wireguard = {
enable = true;
interfaces = {
"wireguard0" = {
privateKeyFile = "/run/secrets/wireguard_keys/nixos-rpi4-03";
# Testing
peers = [
{ # osaka-vultr-01
publicKey = "yPZ3EmmIqCkReXf1DRTxzVaKQ2k+ifGmYJHji5nnMmE=";
persistentKeepalive = 5;
allowedIPs = [ "0.0.0.0/0" ];
endpoint = "64.176.54.57:51820";
presharedKeyFile = "/run/secrets/wireguard_keys/preshared_key";
}
];
};
};
};
}

View file

@ -2,6 +2,9 @@
imports = [
./disks.nix
];
# Enable distributed Builds
nix.distributedBuilds = true;
nixpkgs.config.allowUnfree = false;
boot.initrd.availableKernelModules = [ "ata_piix" "ohci_pci" "virtio_pci" "virtio_blk" "sr_mod" ];
@ -41,7 +44,7 @@
privateKeyFile = "/run/secrets/wireguard_keys/osaka-vultr-01";
# Testing
peers = [
{ # nixos-rpi4-01
{ # nixos-rpi4-03
publicKey = "trHvfNtQ7HKMiJjxEXo2Iubq5G6egjx7gHiBlDmJ5Ek=";
allowedIPs = [ "10.100.0.2/32" ];
persistentKeepalive = 5;

View file

@ -6,6 +6,9 @@
# Services
./common/services/openssh.nix
./common/services/fail2ban.nix
./common/services/tailscale.nix
./common/services/promtail.nix
./common/services/telegraf.nix
# NixOS Modules
./common/modules/networking.nix # Initial Networking configs

View file

@ -1,6 +1,6 @@
wireguard_keys:
preshared_key: ENC[AES256_GCM,data:yt61mO1KEyZbElTu8an1oWcapY6ufz64NQvSYKk7GdLVQCh63kpSGRfrqXc=,iv:hJt2oanEYp9uD57qK3l86hHSdAaW4UPpaeosMnlOUKE=,tag:iix3Zd6ivNy6qh7lqhtsOQ==,type:str]
nixos-rpi4-01: ENC[AES256_GCM,data:82xdm0quC/VGrWU6GZGXGplrKn4Wu0yTzgHWfpgjke4C3KlsqhSrX4DqXfw=,iv:qTMuBUr8XLlG5J+Koh7G4vArrYmj/FcNs3TFqX68sRc=,tag:EsSPYkoSU1w7OmLmh51Kow==,type:str]
nixos-rpi4-03: ENC[AES256_GCM,data:82xdm0quC/VGrWU6GZGXGplrKn4Wu0yTzgHWfpgjke4C3KlsqhSrX4DqXfw=,iv:qTMuBUr8XLlG5J+Koh7G4vArrYmj/FcNs3TFqX68sRc=,tag:EsSPYkoSU1w7OmLmh51Kow==,type:str]
osaka-vultr-01: ENC[AES256_GCM,data:GsUCoViT/fDUXwzwuEUEd98aZJSfwwOVpY3iiopZPUfEpOTOOAwy05zRlfE=,iv:gzQq62HYNrnc32MggfupZ6uX4qfismpha7Nc+ySyvdU=,tag:K04ePrcP2z4sIoLvHNMSpg==,type:str]
sops:
kms: []