nix-config/hosts/data-hoarder/wireguard_server.nix

{ config, ... }:
let
  port = 51820;
in
{
  boot.kernel.sysctl."net.ipv4.ip_forward" = 1;

  networking.firewall.allowedUDPPorts = [ port ];

    deployment-TLMS.net.wg = {
      ownEndpoint.host = "endpoint.dvb.solutions";
      ownEndpoint.port = port;
      addr4 = "10.13.37.1";
      prefix4 = 24;
      privateKeyFile = config.sops.secrets.wg-seckey.path;
      publicKey = "WDvCObJ0WgCCZ0ORV2q4sdXblBd8pOPZBmeWr97yphY=";
      extraPeers = [
        {
          # Tassilo
          publicKey = "vgo3le9xrFsIbbDZsAhQZpIlX+TuWjfEyUcwkoqUl2Y=";
          addr4 = "10.13.37.2";
        }
        {
          # oxa
          publicKey = "QbaQaGqudRXIh03IbBNATfBZfpMLmwihlwLs6W9+P1c=";
          addr4 = "10.13.37.3";
        }
        {
          # marenz
          publicKey = "XJddbPj6Zdtn4roi6UWGuR2EA81juMmlaUOuMSLi2FM=";
          addr4 = "10.13.37.4";
        }
      ];
    };
}
integration of production testing changes(tm) 2022-04-25 16:27:57 +02:00			`{ config, ... }:`
refactored and more restrictive firewall 2022-09-26 17:50:17 +02:00			`let`
			`port = 51820;`
			`in`
integration of production testing changes(tm) 2022-04-25 16:27:57 +02:00			`{`
			`boot.kernel.sysctl."net.ipv4.ip_forward" = 1;`

refactored and more restrictive firewall 2022-09-26 17:50:17 +02:00			`networking.firewall.allowedUDPPorts = [ port ];`

REBRANDING. Shit is broken 2022-12-30 18:29:13 +01:00			`deployment-TLMS.net.wg = {`
move to networkd 2022-10-02 21:39:37 +02:00			`ownEndpoint.host = "endpoint.dvb.solutions";`
			`ownEndpoint.port = port;`
			`addr4 = "10.13.37.1";`
			`prefix4 = 24;`
Secret Management via Sops (#6) * sops: init * add my gpg keys * sops: add @revol-xut key * add gpg pub key * update gpg keys * .sops.yaml: add marenz * sops: add secrets for traffix-stop-box-3 and 4 * build sops-install-secrets on hydra * sops: add keys for traffic-stop-box-{3,4} Co-authored-by: revol-xut <revol-xut@protonmail.com> Co-authored-by: Markus Schmidl <markus.schmidl@mailbox.tu-dresden.de> 2022-05-31 18:56:43 +02:00			`privateKeyFile = config.sops.secrets.wg-seckey.path;`
move to networkd 2022-10-02 21:39:37 +02:00			`publicKey = "WDvCObJ0WgCCZ0ORV2q4sdXblBd8pOPZBmeWr97yphY=";`
			`extraPeers = [`
add more files for rpi4b 2022-04-30 23:41:24 +02:00			`{`
			`# Tassilo`
integration of production testing changes(tm) 2022-04-25 16:27:57 +02:00			`publicKey = "vgo3le9xrFsIbbDZsAhQZpIlX+TuWjfEyUcwkoqUl2Y=";`
move to networkd 2022-10-02 21:39:37 +02:00			`addr4 = "10.13.37.2";`
integration of production testing changes(tm) 2022-04-25 16:27:57 +02:00			`}`
add more files for rpi4b 2022-04-30 23:41:24 +02:00			`{`
			`# oxa`
integration of production testing changes(tm) 2022-04-25 16:27:57 +02:00			`publicKey = "QbaQaGqudRXIh03IbBNATfBZfpMLmwihlwLs6W9+P1c=";`
move to networkd 2022-10-02 21:39:37 +02:00			`addr4 = "10.13.37.3";`
wireguard for new box 2022-09-25 21:59:17 +02:00			`}`
data-hoarder: add wireguard-client marenz 2022-07-09 17:34:57 +02:00			`{`
			`# marenz`
			`publicKey = "XJddbPj6Zdtn4roi6UWGuR2EA81juMmlaUOuMSLi2FM=";`
move to networkd 2022-10-02 21:39:37 +02:00			`addr4 = "10.13.37.4";`
data-hoarder: add wireguard-client marenz 2022-07-09 17:34:57 +02:00			`}`
integration of production testing changes(tm) 2022-04-25 16:27:57 +02:00			`];`
			`};`
			`}`