freifunk: add vpn6 freifunk dresden backbone wireguard tunnel
This commit is contained in:
parent
1c3f457850
commit
9eaeced6f1
|
@ -344,11 +344,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1645815118,
|
||||
"narHash": "sha256-y2gArx6byPdlE/ON7mit3oq9fYg/Aw8tNd7MmOJvS+A=",
|
||||
"lastModified": 1647968696,
|
||||
"narHash": "sha256-5C93Xzq4Ux97tTHMET0mJXjdGdYyyKmIa8oUG1hGsXc=",
|
||||
"ref": "master",
|
||||
"rev": "eb0ae3249b44e54b6e6ad400f7ebdb56c38258e4",
|
||||
"revCount": 123,
|
||||
"rev": "ad8b39dd71795ee9aecb6ce8cbd62f7e41f2669d",
|
||||
"revCount": 124,
|
||||
"type": "git",
|
||||
"url": "ssh://gitea@gitea.c3d2.de/c3d2-admins/secrets.git"
|
||||
},
|
||||
|
|
|
@ -245,6 +245,7 @@
|
|||
nixpkgs.overlays = with secrets.overlays; [
|
||||
freifunk ospf
|
||||
];
|
||||
sops.defaultSopsFile = "${secrets}/hosts/freifunk/secrets.yaml";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
|
|
@ -73,9 +73,13 @@ in {
|
|||
'';
|
||||
};
|
||||
|
||||
# Required for krops: ssh git
|
||||
services.openssh.enable = true;
|
||||
environment.systemPackages = with pkgs; [ tcpdump ];
|
||||
environment.systemPackages = with pkgs; [ tcpdump bmon wireguard-tools ];
|
||||
|
||||
sops.secrets."wireguard/vpn6/privateKey" = {
|
||||
group = "systemd-network";
|
||||
mode = "0440";
|
||||
};
|
||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
|
||||
systemd.network = {
|
||||
netdevs = {
|
||||
|
@ -87,6 +91,27 @@ in {
|
|||
Name = meshLoopback;
|
||||
};
|
||||
};
|
||||
# Freifunk Dresden Backbone
|
||||
vpn6 = {
|
||||
enable = true;
|
||||
netdevConfig = {
|
||||
Name = "vpn6";
|
||||
Kind = "wireguard";
|
||||
};
|
||||
wireguardConfig = {
|
||||
PrivateKeyFile = config.sops.secrets."wireguard/vpn6/privateKey".path;
|
||||
ListenPort = 5007;
|
||||
# Mark for routing with the upstream routing table
|
||||
FirewallMark = upstreamMark;
|
||||
};
|
||||
wireguardPeers = [ {
|
||||
wireguardPeerConfig = {
|
||||
Endpoint = "vpn4.freifunk-dresden.de:5007";
|
||||
PublicKey = "7R3K3rGtCZprgqz5/iWql4yLg9BrsaNiv5XQwJ7csn4=";
|
||||
AllowedIPs = "0.0.0.0/0";
|
||||
};
|
||||
} ];
|
||||
};
|
||||
};
|
||||
networks = {
|
||||
# Wired mesh interface
|
||||
|
|
Loading…
Reference in New Issue