revert(vault01/tests): remove wg of testing

2025-03-11 15:29:28 +01:00 · 2025-03-11 15:29:28 +01:00 · c3d1a8426e
commit c3d1a8426e
parent 870fb640ea
3 changed files with 2 additions and 87 deletions
--- a/machines/nixos/vault01/networking/default.nix
+++ b/machines/nixos/vault01/networking/default.nix
@ -7,7 +7,6 @@
  lib,
  meta,
  name,
-  config,
  ...
 }:

@ -190,32 +189,6 @@ in
          "10-enp67s0f0np0" = {
            name = "enp67s0f0np0";
            linkConfig.Promiscuous = true;
-            networkConfig = {
-              Bridge = "br0";
-
-              LinkLocalAddressing = false;
-              LLDP = false;
-              EmitLLDP = false;
-              IPv6AcceptRA = false;
-              IPv6SendRA = false;
-            };
-            linkConfig.MTUBytes = 1504;
-          };
-          "50-gretap1" = {
-            name = "gretap1";
-            networkConfig = {
-              Bridge = "br0";
-
-              LinkLocalAddressing = false;
-              LLDP = false;
-              EmitLLDP = false;
-              IPv6AcceptRA = false;
-              IPv6SendRA = false;
-            };
-            linkConfig.MTUBytes = 1504;
-          };
-          "50-br0" = {
-            name = "br0";
            networkConfig = {
              VLAN = builtins.attrNames vlans;

@ -227,54 +200,9 @@ in
            };
            linkConfig.MTUBytes = 1504;
          };
-          "50-wg0" = {
-            name = "wg0";
-            address = [ "10.10.17.1/30" ];
-            networkConfig.Tunnel = "gretap1";
-          };
        } // (mapAttrs' mkNetwork vlans);

-        netdevs = {
-          "50-gretap1" = {
-            netdevConfig = {
-              Name = "gretap1";
-              Kind = "gretap";
-            };
-            tunnelConfig = {
-              Local = "10.10.17.1";
-              Remote = "10.10.17.2";
-            };
-          };
-          "50-br0" = {
-            netdevConfig = {
-              Name = "br0";
-              Kind = "bridge";
-            };
-            bridgeConfig = {
-              VLANFiltering = false;
-              STP = false;
-            };
-          };
-          "50-wg0" = {
-            netdevConfig = {
-              Name = "wg0";
-              Kind = "wireguard";
-            };
-            wireguardConfig = {
-              ListenPort = 1194;
-              PrivateKeyFile = config.age.secrets."wg-key".path;
-            };
-
-            wireguardPeers = [
-              {
-                AllowedIPs = [
-                  "10.10.17.0/30"
-                ];
-                PublicKey = "g6S3gBx1Hf2iX41tokD+m8WfzJJTTcsKifOkn+Wcd00=";
-              }
-            ];
-          };
-        } // mapAttrs' mkNetdev vlans;
+        netdevs = mapAttrs' mkNetdev vlans;
      };

      services = {
@ -392,20 +320,8 @@ in
          };
        };
      };
-      firewall = {
-        allowedUDPPorts = [
-          67
-          1194
-        ];
-        # FIXME: I dont't remember why it's here, and it doesn't seems right
-        # comes from https://git.dgnum.eu/DGNum/infrastructure/commit/411795c664374549e5e831722a80180b51fbf0d5
-        # checkReversePath = false;
-      };
+      firewall.allowedUDPPorts = [ 67 ];
    };
-
-    age.secrets."wg-key".owner = "systemd-network";
-    users.users."systemd-network".extraGroups = [ "keys" ];
-
    boot.kernel.sysctl."net.ipv4.ip_forward" = true;
  };
 }
--- a/machines/nixos/vault01/secrets/secrets.nix
+++ b/machines/nixos/vault01/secrets/secrets.nix
@ -14,5 +14,4 @@
    "radius-private_key_password_file"
    "eatonmon-password_file"
    "radius-ap-radius-secret_file"
-    "wg-key"
  ]
--- a/machines/nixos/vault01/secrets/wg-key
+++ b/machines/nixos/vault01/secrets/wg-key