lbailly/config-perso
1
0
Fork 0
Code Pull requests Projects Releases Packages Activity

non-netbird wireguard for watcher-manah link

Browse source
This commit is contained in:
catvayor 2024-10-02 16:11:49 +02:00
parent 6b8b8b94c0
commit d300b876f9
Signed by: lbailly
GPG key ID: CE3E645251AC63F3
4 changed files with 119 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
domain-proxies.nix
View file

@ -4,7 +4,7 @@
host = "kat-watcher";
hypervisors."manah.katvayor.net" = {
host = "kat-manah";
ip = "100.102.49.84";
ip = "10.42.0.1";
port-forward = [ 9000 9500 ];
vms = {
"degette.katvayor.net" = {

9
kat/default.nix
View file

@ -11,6 +11,9 @@ with lib;
./root.nix
];
options.kat = {
wireguardPubKey = mkOption {
type = types.str;
};
path = mkOption {
readOnly = true;
type = types.path;
@ -33,7 +36,11 @@ with lib;
};
};
boot.tmp.useTmpfs = true;
networking.nftables.enable = true;
networking = {
useNetworkd = true;
nftables.enable = true;
};
systemd.network.enable = true;
nix = {
nixPath = [
"nixpkgs=${builtins.storePath pkgs.path}"

51
machines/kat-manah/default.nix
View file

@ -2,6 +2,7 @@
config,
lib,
pkgs,
nodes,
...
}:
@ -16,6 +17,50 @@
boot.supportedFilesystems = [ "bcachefs" ];
boot.kernelPackages = pkgs.linuxPackages_latest;
kat.wireguardPubKey = "2rMQV5fyBhl7t/0j70iPOfEr/lAWQfLXQKMwtzaXxnM=";
systemd.network = {
enable = true;
networks = {
"50-wg0" = {
name = "wg0";
addresses = [
{
Address = "10.42.0.1/16";
AddPrefixRoute = false;
}
];
routes = [
{
Destination = "10.42.0.0/16";
Source = "10.42.0.1";
}
];
};
};
netdevs = {
"50-wg0" = {
netdevConfig = {
Name = "wg0";
Kind = "wireguard";
};
wireguardConfig = {
PrivateKeyFile = "/etc/wg/private.key";
};
wireguardPeers = [
{
Endpoint = "watcher.katvayor.net:1194";
AllowedIPs = [
"10.42.0.2/32"
];
PersistentKeepalive = 20;
PublicKey = nodes.kat-watcher.config.kat.wireguardPubKey;
}
];
};
};
};
time.timeZone = "Europe/Paris";
i18n.defaultLocale = "en_US.UTF-8";
@ -73,7 +118,11 @@
};
networking.firewall = {
allowedTCPPorts = [ 9000 9500 53 ];
allowedTCPPorts = [
9000
9500
53
];
allowedUDPPorts = [ 67 ];
};
system.stateVersion = "23.11";

48
machines/kat-watcher/default.nix
View file

@ -2,9 +2,9 @@
config,
lib,
pkgs,
nodes,
...
}:
{
imports = [
./hardware-configuration.nix
@ -27,9 +27,11 @@
useNetworkd = true;
useDHCP = false;
};
kat.wireguardPubKey = "BgLBrWG7DRj2Gwoyj+vHZTjiB3gPEnwVcDFEQH/BYgg=";
systemd.network = {
enable = true;
networks."10-ens3" = {
networks = {
"10-ens3" = {
name = "ens3";
address = [
"51.83.69.54/32"
@ -46,6 +48,43 @@
];
dns = [ "213.186.33.99" ];
};
"50-wg0" = {
name = "wg0";
addresses = [
{
Address = "10.42.0.2/16";
AddPrefixRoute = false;
}
];
routes = [
{
Destination = "10.42.0.0/16";
Source = "10.42.0.2";
}
];
};
};
netdevs = {
"50-wg0" = {
netdevConfig = {
Name = "wg0";
Kind = "wireguard";
};
wireguardConfig = {
ListenPort = 1194;
PrivateKeyFile = "/etc/wg/private.key";
};
wireguardPeers = [
{
AllowedIPs = [
"10.42.0.1/32"
];
PublicKey = nodes.kat-manah.config.kat.wireguardPubKey;
}
];
};
};
};
i18n.defaultLocale = "en_US.UTF-8";
@ -89,7 +128,10 @@
services.netbird.enable = true;
networking = {
nftables.enable = true;
firewall.allowedTCPPorts = [ 22 ];
firewall = {
allowedTCPPorts = [ 22 ];
allowedUDPPorts = [ 1194 ];
};
};
system.stateVersion = "23.11";