freifunk: add vpn6 freifunk dresden backbone wireguard tunnel
This commit is contained in:
parent
1c3f457850
commit
9eaeced6f1
|
@ -344,11 +344,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1645815118,
|
"lastModified": 1647968696,
|
||||||
"narHash": "sha256-y2gArx6byPdlE/ON7mit3oq9fYg/Aw8tNd7MmOJvS+A=",
|
"narHash": "sha256-5C93Xzq4Ux97tTHMET0mJXjdGdYyyKmIa8oUG1hGsXc=",
|
||||||
"ref": "master",
|
"ref": "master",
|
||||||
"rev": "eb0ae3249b44e54b6e6ad400f7ebdb56c38258e4",
|
"rev": "ad8b39dd71795ee9aecb6ce8cbd62f7e41f2669d",
|
||||||
"revCount": 123,
|
"revCount": 124,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "ssh://gitea@gitea.c3d2.de/c3d2-admins/secrets.git"
|
"url": "ssh://gitea@gitea.c3d2.de/c3d2-admins/secrets.git"
|
||||||
},
|
},
|
||||||
|
|
|
@ -245,6 +245,7 @@
|
||||||
nixpkgs.overlays = with secrets.overlays; [
|
nixpkgs.overlays = with secrets.overlays; [
|
||||||
freifunk ospf
|
freifunk ospf
|
||||||
];
|
];
|
||||||
|
sops.defaultSopsFile = "${secrets}/hosts/freifunk/secrets.yaml";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
|
@ -73,9 +73,13 @@ in {
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
# Required for krops: ssh git
|
environment.systemPackages = with pkgs; [ tcpdump bmon wireguard-tools ];
|
||||||
services.openssh.enable = true;
|
|
||||||
environment.systemPackages = with pkgs; [ tcpdump ];
|
sops.secrets."wireguard/vpn6/privateKey" = {
|
||||||
|
group = "systemd-network";
|
||||||
|
mode = "0440";
|
||||||
|
};
|
||||||
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
|
|
||||||
systemd.network = {
|
systemd.network = {
|
||||||
netdevs = {
|
netdevs = {
|
||||||
|
@ -87,6 +91,27 @@ in {
|
||||||
Name = meshLoopback;
|
Name = meshLoopback;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
# Freifunk Dresden Backbone
|
||||||
|
vpn6 = {
|
||||||
|
enable = true;
|
||||||
|
netdevConfig = {
|
||||||
|
Name = "vpn6";
|
||||||
|
Kind = "wireguard";
|
||||||
|
};
|
||||||
|
wireguardConfig = {
|
||||||
|
PrivateKeyFile = config.sops.secrets."wireguard/vpn6/privateKey".path;
|
||||||
|
ListenPort = 5007;
|
||||||
|
# Mark for routing with the upstream routing table
|
||||||
|
FirewallMark = upstreamMark;
|
||||||
|
};
|
||||||
|
wireguardPeers = [ {
|
||||||
|
wireguardPeerConfig = {
|
||||||
|
Endpoint = "vpn4.freifunk-dresden.de:5007";
|
||||||
|
PublicKey = "7R3K3rGtCZprgqz5/iWql4yLg9BrsaNiv5XQwJ7csn4=";
|
||||||
|
AllowedIPs = "0.0.0.0/0";
|
||||||
|
};
|
||||||
|
} ];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
networks = {
|
networks = {
|
||||||
# Wired mesh interface
|
# Wired mesh interface
|
||||||
|
|
Loading…
Reference in New Issue