Compare commits
3 Commits
e780a3d4c5
...
4ddaa002b0
Author | SHA1 | Date | |
---|---|---|---|
4ddaa002b0 | |||
dae9fcd0ff | |||
fe6490b081 |
|
@ -86,6 +86,7 @@ in {
|
||||||
networking.hostName = "freifunk";
|
networking.hostName = "freifunk";
|
||||||
networking.useNetworkd = true;
|
networking.useNetworkd = true;
|
||||||
networking.nameservers = [ "172.20.73.8" "9.9.9.9" ];
|
networking.nameservers = [ "172.20.73.8" "9.9.9.9" ];
|
||||||
|
networking.firewall.enable = false;
|
||||||
networking.nat = {
|
networking.nat = {
|
||||||
enable = true;
|
enable = true;
|
||||||
# This doesn't really work, hence the `extraCommands`
|
# This doesn't really work, hence the `extraCommands`
|
||||||
|
@ -124,6 +125,9 @@ in {
|
||||||
group = "systemd-network";
|
group = "systemd-network";
|
||||||
mode = "0440";
|
mode = "0440";
|
||||||
};
|
};
|
||||||
|
secrets."bird/ospf/auth" = {
|
||||||
|
owner = "bird2";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# unbreak wg-vpn6 ingress path
|
# unbreak wg-vpn6 ingress path
|
||||||
|
@ -317,6 +321,7 @@ in {
|
||||||
systemd.services.sysinfo-json = {
|
systemd.services.sysinfo-json = {
|
||||||
script = ''
|
script = ''
|
||||||
${sysinfo-json}/bin/bmxddump.sh
|
${sysinfo-json}/bin/bmxddump.sh
|
||||||
|
mkdir /run/nginx
|
||||||
${sysinfo-json}/bin/sysinfo-json.cgi > /run/nginx/sysinfo.json
|
${sysinfo-json}/bin/sysinfo-json.cgi > /run/nginx/sysinfo.json
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -329,6 +334,8 @@ in {
|
||||||
# Advertise Freifunk routes to ZW core
|
# Advertise Freifunk routes to ZW core
|
||||||
services.bird2 = {
|
services.bird2 = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
# nix-build cannot access /run/secrets/
|
||||||
|
checkConfig = false;
|
||||||
config = ''
|
config = ''
|
||||||
protocol kernel K4 {
|
protocol kernel K4 {
|
||||||
ipv4 {
|
ipv4 {
|
||||||
|
@ -386,8 +393,7 @@ in {
|
||||||
interface "core" {
|
interface "core" {
|
||||||
hello 10;
|
hello 10;
|
||||||
wait 20;
|
wait 20;
|
||||||
authentication cryptographic;
|
include "${config.sops.secrets."bird/ospf/auth".path}";
|
||||||
password "${pkgs.zentralwerk-ospf-message-digest-key}";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -400,8 +406,7 @@ in {
|
||||||
interface "core" instance ${toString zentralwerk.lib.config.site.hosts.freifunk.ospf.upstreamInstance} {
|
interface "core" instance ${toString zentralwerk.lib.config.site.hosts.freifunk.ospf.upstreamInstance} {
|
||||||
hello 10;
|
hello 10;
|
||||||
wait 20;
|
wait 20;
|
||||||
authentication cryptographic;
|
include "${config.sops.secrets."bird/ospf/auth".path}";
|
||||||
password "${pkgs.zentralwerk-ospf-message-digest-key}";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -414,8 +419,7 @@ in {
|
||||||
interface "core" {
|
interface "core" {
|
||||||
hello 10;
|
hello 10;
|
||||||
wait 20;
|
wait 20;
|
||||||
authentication cryptographic;
|
include "${config.sops.secrets."bird/ospf/auth".path}";
|
||||||
password "${pkgs.zentralwerk-ospf-message-digest-key}";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -434,8 +438,7 @@ in {
|
||||||
interface "core" instance ${toString zentralwerk.lib.config.site.hosts.${upstream}.ospf.upstreamInstance} {
|
interface "core" instance ${toString zentralwerk.lib.config.site.hosts.${upstream}.ospf.upstreamInstance} {
|
||||||
hello 10;
|
hello 10;
|
||||||
wait 20;
|
wait 20;
|
||||||
authentication cryptographic;
|
include "${config.sops.secrets."bird/ospf/auth".path}";
|
||||||
password "${pkgs.zentralwerk-ospf-message-digest-key}";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -454,8 +457,7 @@ in {
|
||||||
interface "core" instance ${toString zentralwerk.lib.config.site.hosts.${upstream}.ospf.upstreamInstance} {
|
interface "core" instance ${toString zentralwerk.lib.config.site.hosts.${upstream}.ospf.upstreamInstance} {
|
||||||
hello 10;
|
hello 10;
|
||||||
wait 20;
|
wait 20;
|
||||||
authentication cryptographic;
|
include "${config.sops.secrets."bird/ospf/auth".path}";
|
||||||
password "${pkgs.zentralwerk-ospf-message-digest-key}";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,6 +1,9 @@
|
||||||
wireguard:
|
wireguard:
|
||||||
vpn6:
|
vpn6:
|
||||||
privateKey: ENC[AES256_GCM,data:5xvDSbVz2r1D8MZVMgKxIeXD5oRTfXD1RfBukHaOxBz6QaDiUjK7IfZRFlw=,iv:jXZSguJofezFvOplCrRokH9vUGP67fQPkb3fea9uKYU=,tag:JXCD+ngAtAFRmf7NhP0wCQ==,type:str]
|
privateKey: ENC[AES256_GCM,data:5xvDSbVz2r1D8MZVMgKxIeXD5oRTfXD1RfBukHaOxBz6QaDiUjK7IfZRFlw=,iv:jXZSguJofezFvOplCrRokH9vUGP67fQPkb3fea9uKYU=,tag:JXCD+ngAtAFRmf7NhP0wCQ==,type:str]
|
||||||
|
bird:
|
||||||
|
ospf:
|
||||||
|
auth: ENC[AES256_GCM,data:a3lfAIOZhm8oD2bcOsb3vfIh47EqRVsyuPp8EbVYqzCbTLDADj2R0D7C9E0a/vxIXa0ibrBHdFliLG8=,iv:91lsSop8QBT/rlmxE11gcU/voKkV8HJ9ESZEco5i2DU=,tag:ytzqbP75vzt0JiHW1mvD6w==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -25,8 +28,8 @@ sops:
|
||||||
YklwNTFsUVZCU1RwZXlPeUJ6VW5iZ00KQqK0K0sizbBsKoZdfjo2QL3+syc5DQJq
|
YklwNTFsUVZCU1RwZXlPeUJ6VW5iZ00KQqK0K0sizbBsKoZdfjo2QL3+syc5DQJq
|
||||||
lL77+ChtwzssaX6d0zCwsoES28n1bNDN65n39K3gBmjTiSFSouvmtA==
|
lL77+ChtwzssaX6d0zCwsoES28n1bNDN65n39K3gBmjTiSFSouvmtA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2022-06-13T19:00:35Z"
|
lastmodified: "2023-06-26T23:30:17Z"
|
||||||
mac: ENC[AES256_GCM,data:RhGB+CNoIAGr6W1WxDpquG76FLZ0REF5OZwvD3DyfNxNai8XzqqDEsY6XneQ0Ac992kAcXdxleYDYC6keokvkOgnNmr+Buc4+rnASAReyRN19lIUWNjAB6oZWjqwEY2lrwklJc/yi+2LOuaigVsOLxOiMtpTs+QVtofRlmNpbGU=,iv:IqZGKWXKYTGP6m+9wb6j7sSVrSJZ++F/CcL/r2LaSYQ=,tag:6MLFHzcEayEGKtIxWZoljg==,type:str]
|
mac: ENC[AES256_GCM,data:XmY5EdBpYIcg917fhafs4PyNQZU8qxAiSIf8oe8KUXl4//ZEuS8O4hUd21XExRlBa9hQEP2W6J7FFRkfNZLHF6xtYWVWo0qWWe+twwZ/tt/LEygZspYu5G+AH/uoPRmL5XWXzKhO4p80BUxIZzLT9hvgwSMNIYFnliBecP9R7i4=,iv:5uRHki4OpT+BmxtdOzpbvdBwYDLEB7sX0yvi/R9W0dY=,tag:taeVkVqSoy13dNDSduKbIQ==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2022-12-26T19:09:40Z"
|
- created_at: "2022-12-26T19:09:40Z"
|
||||||
enc: |
|
enc: |
|
||||||
|
|
Loading…
Reference in New Issue
Block a user