move to networkd
This commit is contained in:
parent
b4975a3263
commit
2f381d950b
|
@ -64,7 +64,7 @@
|
|||
specialArgs = inputs;
|
||||
modules = [
|
||||
# box-specific config
|
||||
./hosts/traffic-stop-box/${toString id}.nix
|
||||
./hosts/traffic-stop-box/${toString id}
|
||||
|
||||
# default modules
|
||||
sops-nix.nixosModules.sops
|
||||
|
@ -141,7 +141,7 @@
|
|||
specialArgs = inputs;
|
||||
modules = [
|
||||
microvm.nixosModules.microvm
|
||||
./hosts/data-hoarder/configuration.nix
|
||||
./hosts/data-hoarder
|
||||
] ++ data-hoarder-modules;
|
||||
};
|
||||
|
||||
|
@ -149,7 +149,7 @@
|
|||
system = "x86_64-linux";
|
||||
specialArgs = inputs;
|
||||
modules = [
|
||||
./hosts/staging/configuration.nix
|
||||
./hosts/staging-data-hoarder
|
||||
microvm.nixosModules.microvm
|
||||
] ++ data-hoarder-modules;
|
||||
};
|
||||
|
|
|
@ -1,13 +1,23 @@
|
|||
{ config, lib, ... }:
|
||||
{ config, lib, dump-dvb, ... }:
|
||||
|
||||
{
|
||||
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
|
||||
# Per-interface useDHCP will be mandatory in the future, so this generated config
|
||||
# replicates the default behaviour.
|
||||
|
||||
imports = [
|
||||
dump-dvb.nixosModules.disk-module
|
||||
];
|
||||
networking = {
|
||||
interfaces.enp1s0.useDHCP = true;
|
||||
useDHCP = true;
|
||||
interfaces.enp1s0.useDHCP = lib.mkDefault true;
|
||||
useDHCP = lib.mkDefault true;
|
||||
};
|
||||
|
||||
networking.useNetworkd = true;
|
||||
networking.wireguard.enable = true;
|
||||
|
||||
deployment-dvb.net.iface.uplink = {
|
||||
name = lib.mkDefault "enp1s0";
|
||||
useDHCP = lib.mkDefault true;
|
||||
};
|
||||
|
||||
boot.tmpOnTmpfsSize = "25%";
|
||||
|
|
|
@ -12,6 +12,11 @@
|
|||
networking.useDHCP = lib.mkDefault true;
|
||||
networking.interfaces.eth0.useDHCP = lib.mkDefault true;
|
||||
|
||||
deployment-dvb.net.iface.uplink = {
|
||||
name = lib.mkDefault "eth0";
|
||||
useDHCP = lib.mkDefault true;
|
||||
};
|
||||
|
||||
sdImage = lib.mkForce {
|
||||
populateFirmwareCommands =
|
||||
let
|
||||
|
|
|
@ -38,18 +38,21 @@
|
|||
|
||||
# Set your time zone.
|
||||
time.timeZone = "Europe/Berlin";
|
||||
networking.interfaces.eth0 = {
|
||||
useDHCP = false;
|
||||
ipv4.addresses = [
|
||||
|
||||
deployment-dvb.net.iface.uplink = {
|
||||
name = "eth0";
|
||||
addr4 = "172.20.73.69/25";
|
||||
dns = [ "172.20.73.8" "9.9.9.9" ];
|
||||
routes = [
|
||||
{
|
||||
address = "172.20.73.69";
|
||||
prefixLength = 25;
|
||||
routeConfig = {
|
||||
Gateway = "172.20.73.1";
|
||||
Destination = "0.0.0.0/0";
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
networking.defaultGateway = "172.20.73.1";
|
||||
networking.nameservers = [ "172.20.73.8" "9.9.9.9" ];
|
||||
|
||||
sops.defaultSopsFile = self + /secrets/data-hoarder/secrets.yaml;
|
||||
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
{
|
||||
imports = [
|
||||
./configuration.nix
|
||||
./wireguard_server.nix
|
||||
];
|
||||
}
|
|
@ -7,71 +7,23 @@ in
|
|||
|
||||
networking.firewall.allowedUDPPorts = [ port ];
|
||||
|
||||
networking.wg-quick.interfaces = {
|
||||
wg-dvb = {
|
||||
address = [ "10.13.37.1/32" ];
|
||||
deployment-dvb.net.wg = {
|
||||
ownEndpoint.host = "endpoint.dvb.solutions";
|
||||
ownEndpoint.port = port;
|
||||
addr4 = "10.13.37.1";
|
||||
prefix4 = 24;
|
||||
privateKeyFile = config.sops.secrets.wg-seckey.path;
|
||||
listenPort = port;
|
||||
peers = [
|
||||
publicKey = "WDvCObJ0WgCCZ0ORV2q4sdXblBd8pOPZBmeWr97yphY=";
|
||||
extraPeers = [
|
||||
{
|
||||
# Tassilo
|
||||
publicKey = "vgo3le9xrFsIbbDZsAhQZpIlX+TuWjfEyUcwkoqUl2Y=";
|
||||
allowedIPs = [ "10.13.37.2/32" ];
|
||||
persistentKeepalive = 25;
|
||||
addr4 = "10.13.37.2";
|
||||
}
|
||||
{
|
||||
# oxa
|
||||
publicKey = "QbaQaGqudRXIh03IbBNATfBZfpMLmwihlwLs6W9+P1c=";
|
||||
allowedIPs = [ "10.13.37.3/32" ];
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
{
|
||||
# data hoarder staging
|
||||
publicKey = "48hc7DVnUh2DHYhrxrNtNzj05MRecJO52j2niPImvkU=";
|
||||
allowedIPs = [ "10.13.37.5/32" ];
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
{
|
||||
# traffic-stop-box-0
|
||||
publicKey = "qyStvzZdoqcjJJQckw4ZwvsQUa+8TBWtnsRxURqanno=";
|
||||
allowedIPs = [ "10.13.37.100/32" ];
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
{
|
||||
# traffic-stop-box-1
|
||||
publicKey = "dOPobdvfphx0EHmU7dd5ihslFzZi17XgRDQLMIUYa1w=";
|
||||
allowedIPs = [ "10.13.37.101/32" ];
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
{
|
||||
# traffic-stop-box-2
|
||||
publicKey = "4TUQCToGNhjsCgV9elYE/91Vd/RvMgvMXtF/1Dzlvxo=";
|
||||
allowedIPs = [ "10.13.37.102/32" ];
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
{
|
||||
# traffic-stop-box-3
|
||||
publicKey = "w3AT3EahW1sCK8ZsR7sDTcQj1McXYeWx7fnfQFA7i3o=";
|
||||
allowedIPs = [ "10.13.37.103/32" ];
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
{
|
||||
# traffic-stop-box-4
|
||||
publicKey = "B0wPH0jUxaatRncHMkgDEQ+DzvlbTBrVJY4etxqQgG8=";
|
||||
allowedIPs = [ "10.13.37.104/32" ];
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
{
|
||||
# traffic-stop-box-5
|
||||
publicKey = "bGMO3+BuMbNMnqgt+1lEKAwCVi3BrtpcZlVf9ULcmkw=";
|
||||
allowedIPs = [ "10.13.37.105/32" ];
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
{
|
||||
# traffic-stop-box-6
|
||||
publicKey = "NuLDNmxuHHzDXJSIOPSoihEhLWjARRtavuQvWirNR2I=";
|
||||
allowedIPs = [ "10.13.37.106/32" ];
|
||||
persistentKeepalive = 25;
|
||||
addr4 = "10.13.37.3";
|
||||
}
|
||||
{
|
||||
# traffic-stop-box-7
|
||||
|
@ -82,10 +34,8 @@ in
|
|||
{
|
||||
# marenz
|
||||
publicKey = "XJddbPj6Zdtn4roi6UWGuR2EA81juMmlaUOuMSLi2FM=";
|
||||
allowedIPs = [ "10.13.37.4/32" ];
|
||||
persistentKeepalive = 25;
|
||||
addr4 = "10.13.37.4";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -40,39 +40,41 @@
|
|||
}];
|
||||
};
|
||||
|
||||
networking.hostName = "staging-data-hoarder"; # Define your hostname.
|
||||
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
||||
networking.hostName = "staging-data-hoarder";
|
||||
|
||||
# Set your time zone.
|
||||
time.timeZone = "Europe/Berlin";
|
||||
networking.interfaces.eth0 = {
|
||||
useDHCP = false;
|
||||
ipv4.addresses = [{
|
||||
address = "172.20.73.64";
|
||||
prefixLength = 25;
|
||||
}];
|
||||
};
|
||||
|
||||
networking.defaultGateway = "172.20.73.1";
|
||||
networking.nameservers = [ "172.20.73.8" "9.9.9.9" ];
|
||||
networking.useNetworkd = true;
|
||||
|
||||
|
||||
sops.defaultSopsFile = self + /secrets/data-hoarder-staging/secrets.yaml;
|
||||
deployment-dvb.net = {
|
||||
iface.uplink = {
|
||||
name = "eth0";
|
||||
useDHCP = false;
|
||||
addr4 = "172.20.73.69/25";
|
||||
dns = [ "172.20.73.8" "9.9.9.9" ];
|
||||
routes = [
|
||||
{
|
||||
routeConfig = {
|
||||
Gateway = "172.20.73.1";
|
||||
Destination = "0.0.0.0/0";
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
wg = {
|
||||
addr4 = "10.13.37.5";
|
||||
prefix4 = 24;
|
||||
privateKeyFile = config.sops.secrets.wg-seckey.path;
|
||||
publicKey = "48hc7DVnUh2DHYhrxrNtNzj05MRecJO52j2niPImvkU=";
|
||||
};
|
||||
|
||||
networking.wg-quick.interfaces.wg-dvb = {
|
||||
address = [ "10.13.37.5/32" ];
|
||||
privateKeyFile = config.sops.secrets.wg-seckey.path;
|
||||
postUp = '' ${pkgs.iputils}/bin/ping -c 10 10.13.37.1 || true '';
|
||||
peers = [
|
||||
{
|
||||
publicKey = "WDvCObJ0WgCCZ0ORV2q4sdXblBd8pOPZBmeWr97yphY=";
|
||||
allowedIPs = [ "10.13.37.0/24" ];
|
||||
endpoint = "academicstrokes.com:51820";
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
deployment-dvb.domain = "staging.dvb.solutions";
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
|
@ -1,5 +0,0 @@
|
|||
{ self, ... }: {
|
||||
imports = [
|
||||
"${self}/hardware/dell-wyse-3040.nix"
|
||||
];
|
||||
}
|
|
@ -0,0 +1,7 @@
|
|||
{ self, ... }: {
|
||||
imports = [
|
||||
"${self}/hardware/dell-wyse-3040.nix"
|
||||
];
|
||||
|
||||
deployment-dvb.net.wg.publicKey = "qyStvzZdoqcjJJQckw4ZwvsQUa+8TBWtnsRxURqanno=";
|
||||
}
|
|
@ -1,5 +0,0 @@
|
|||
{ self, ... }: {
|
||||
imports = [
|
||||
"${self}/hardware/dell-wyse-3040.nix"
|
||||
];
|
||||
}
|
|
@ -0,0 +1,7 @@
|
|||
{ self, ... }: {
|
||||
imports = [
|
||||
"${self}/hardware/dell-wyse-3040.nix"
|
||||
];
|
||||
|
||||
deployment-dvb.net.wg.publicKey = "dOPobdvfphx0EHmU7dd5ihslFzZi17XgRDQLMIUYa1w=";
|
||||
}
|
|
@ -1,5 +0,0 @@
|
|||
{ self, ... }: {
|
||||
imports = [
|
||||
"${self}/hardware/dell-wyse-3040.nix"
|
||||
];
|
||||
}
|
|
@ -0,0 +1,7 @@
|
|||
{ self, ... }: {
|
||||
imports = [
|
||||
"${self}/hardware/dell-wyse-3040.nix"
|
||||
];
|
||||
|
||||
deployment-dvb.net.wg.publicKey = "4TUQCToGNhjsCgV9elYE/91Vd/RvMgvMXtF/1Dzlvxo=";
|
||||
}
|
|
@ -1,5 +0,0 @@
|
|||
{ self, ... }: {
|
||||
imports = [
|
||||
"${self}/hardware/rpi-3b-4b.nix"
|
||||
];
|
||||
}
|
|
@ -0,0 +1,7 @@
|
|||
{ self, ... }: {
|
||||
imports = [
|
||||
"${self}/hardware/rpi-3b-4b.nix"
|
||||
];
|
||||
|
||||
deployment-dvb.net.wg.publicKey = "w3AT3EahW1sCK8ZsR7sDTcQj1McXYeWx7fnfQFA7i3o=";
|
||||
}
|
|
@ -1,21 +0,0 @@
|
|||
{ self, ... }: {
|
||||
imports = [
|
||||
"${self}/hardware/dell-wyse-3040.nix"
|
||||
];
|
||||
|
||||
networking = nixpkgs.lib.mkForce {
|
||||
useDHCP = false;
|
||||
defaultGateway = "141.30.30.129";
|
||||
nameservers = [ "141.30.1.1" ];
|
||||
interfaces.enp1s0 = {
|
||||
useDHCP = false;
|
||||
ipv4.addresses = [
|
||||
{
|
||||
address = "141.30.30.149";
|
||||
prefixLength = 25;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
}
|
|
@ -0,0 +1,28 @@
|
|||
{ self, lib, ... }:
|
||||
let eth = "enp1s0"; in
|
||||
{
|
||||
imports = [
|
||||
"${self}/hardware/dell-wyse-3040.nix"
|
||||
];
|
||||
|
||||
networking.useDHCP = false;
|
||||
networking.interfaces."${eth}".useDHCP = false;
|
||||
|
||||
deployment-dvb.net.iface.uplink = {
|
||||
name = eth;
|
||||
useDHCP = false;
|
||||
addr4 = "141.30.30.149/25";
|
||||
dns = [ "141.30.1.1" "9.9.9.9" ];
|
||||
routes = [
|
||||
{
|
||||
routeConfig = {
|
||||
Gateway = "141.30.30.129";
|
||||
Destination = "0.0.0.0/0";
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
deployment-dvb.net.wg.publicKey = "B0wPH0jUxaatRncHMkgDEQ+DzvlbTBrVJY4etxqQgG8=";
|
||||
|
||||
}
|
|
@ -10,4 +10,6 @@
|
|||
"sk-ssh-ed25519@openssh.com aaaagnnrlxnzac1lzdi1nte5qg9wzw5zc2guy29taaaaili3ylty7fwvohtwx8511v+gbtlzzmuv505fi1pj53v6aaaabhnzado="
|
||||
"sk-ssh-ed25519@openssh.com aaaagnnrlxnzac1lzdi1nte5qg9wzw5zc2guy29taaaaipzbd00cbfpxzuc8eb6sljaafnf1hgs6vci1rzcncyocaaaabhnzado="
|
||||
];
|
||||
|
||||
deployment-dvb.net.wg.publicKey = "NuLDNmxuHHzDXJSIOPSoihEhLWjARRtavuQvWirNR2I=";
|
||||
}
|
|
@ -19,7 +19,9 @@ in
|
|||
};
|
||||
|
||||
sops.secrets = {
|
||||
wg-seckey = { };
|
||||
wg-seckey = {
|
||||
owner = config.users.users.systemd-network.name;
|
||||
};
|
||||
postgres_password_hash_salt = {
|
||||
owner = clicky-bunty-user;
|
||||
};
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ lib, config, ... }:
|
||||
{ lib, config, checks, utils, ... }:
|
||||
let
|
||||
cfg = config.deployment-dvb.net;
|
||||
in
|
||||
|
@ -6,16 +6,16 @@ in
|
|||
options.deployment-dvb.net = with lib; {
|
||||
iface.uplink = {
|
||||
name = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
};
|
||||
useDHCP = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
};
|
||||
addr4 = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = "address with prefix in CIDR notation";
|
||||
};
|
||||
routes =
|
||||
|
@ -23,7 +23,8 @@ in
|
|||
with utils.systemdUtils.lib;
|
||||
with lib;
|
||||
mkOption {
|
||||
type = with types; listOf (submodule routeOptions);
|
||||
#type = with types; listOf (submodule routeOptions);
|
||||
type = types.listOf (types.attrsOf unitOption);
|
||||
default = [ ];
|
||||
description = "default gateway";
|
||||
};
|
||||
|
@ -34,27 +35,24 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
|
||||
config = let
|
||||
upname = "30-${cfg.iface.uplink.name}";
|
||||
upconf = if cfg.iface.uplink.useDHCP == false then {
|
||||
MatchConfig = { Name = "${cfg.iface.uplink.name}"; };
|
||||
matchConfig = { Name = "${cfg.iface.uplink.name}"; };
|
||||
networkConfig = {
|
||||
DHCP = "no";
|
||||
Address = cfg.iface.uplink.addr4;
|
||||
DNS = cfg.iface.uplink.DNS;
|
||||
DNS = cfg.iface.uplink.dns;
|
||||
};
|
||||
routes = cfg.iface.uplink.routes;
|
||||
} else {
|
||||
MatchConfig = { Name = "${cfg.iface.uplink.name}"; };
|
||||
matchConfig = { Name = "${cfg.iface.uplink.name}"; };
|
||||
networkConfig = {
|
||||
DHCP = "yes";
|
||||
};
|
||||
};
|
||||
|
||||
in
|
||||
{
|
||||
networking.useSystemd = true;
|
||||
systemd.networks.
|
||||
systemd.network.networks."${upname}" = upconf;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,41 +1,122 @@
|
|||
{ lib, config, ... }:
|
||||
{ lib, config, self, ... }:
|
||||
let
|
||||
cfg = config.deployment-dvb.net.wg;
|
||||
in
|
||||
{
|
||||
options.deployment-dvb.net.wg = {
|
||||
_enable = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
};
|
||||
in {
|
||||
options.deployment-dvb.net.wg = with lib; {
|
||||
|
||||
ownEndpoint.host = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
};
|
||||
ownEndpoint.port = mkOption {
|
||||
type = types.port;
|
||||
default = 51820;
|
||||
};
|
||||
ownPubkey = mkOption {
|
||||
|
||||
publicKey = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = "own public key";
|
||||
};
|
||||
privateKeyFile = mkOption {
|
||||
type = types.either types.str types.path;
|
||||
};
|
||||
addr4 = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = "address with prefix in CIDR notation";
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
};
|
||||
|
||||
prefix4 = mkOption {
|
||||
type = types.int;
|
||||
default = 24;
|
||||
description = "network prefix";
|
||||
};
|
||||
|
||||
extraPeers = mkOption {
|
||||
description = "extra peers that are not part of the deployment";
|
||||
type = types.listOf (types.submodule {
|
||||
options.addr4 = mkOption {
|
||||
type = types.str;
|
||||
description = "ip _without_ a network prefix";
|
||||
};
|
||||
options.publicKey = mkOption {
|
||||
type = types.str;
|
||||
description = "public key";
|
||||
};
|
||||
});
|
||||
};
|
||||
};
|
||||
|
||||
config = let
|
||||
in {
|
||||
netoworking.useNetworkd = true;
|
||||
# move out as options?
|
||||
dvbwg-name = "wg-ddvb";
|
||||
keepalive = 25;
|
||||
|
||||
systemd.network.netdev.wg-dvb = {
|
||||
type = "wireguard";
|
||||
|
||||
# helpers
|
||||
peer-systems = (lib.filter (x: (x.config.deployment-dvb.net.wg.addr4 != cfg.addr4) && (!isNull x.config.deployment-dvb.net.wg.addr4))
|
||||
(lib.attrValues self.nixosConfigurations));
|
||||
|
||||
endpoint =
|
||||
let
|
||||
ep = (lib.filter (x:
|
||||
x.config.deployment-dvb.net.wg.addr4 != cfg.addr4
|
||||
&& (!isNull x.config.deployment-dvb.net.wg.ownEndpoint.host))
|
||||
(lib.attrValues self.nixosConfigurations));
|
||||
in
|
||||
assert lib.assertMsg (lib.length ep == 1) "there should be exactly one endpoint"; ep;
|
||||
|
||||
peers = map (x: {
|
||||
wireguardPeerConfig = {
|
||||
PublicKey = x.config.deployment-dvb.net.wg.publicKey;
|
||||
AllowedIPs = [ "${x.config.deployment-dvb.net.wg.addr4}/32" ];
|
||||
PersistentKeepalive = keepalive;
|
||||
};
|
||||
}) peer-systems;
|
||||
|
||||
ep = [ {
|
||||
wireguardPeerConfig =
|
||||
let x = lib.elemAt endpoint 0; in {
|
||||
PublicKey = x.config.deployment-dvb.net.wg.publicKey;
|
||||
AllowedIPs = [ "${x.config.deployment-dvb.net.wg.addr4}/${toString cfg.prefix4}" ];
|
||||
Endpoint = with x.config.deployment-dvb.net.wg.ownEndpoint; "${host}:${toString port}";
|
||||
PersistentKeepalive = keepalive;
|
||||
};
|
||||
} ];
|
||||
|
||||
# stuff proper
|
||||
dvbwg-netdev = {
|
||||
Kind = "wireguard";
|
||||
Name = dvbwg-name;
|
||||
Description = "dump-dvb enterprise, highly available, biocomputing-neural-network maintained, converged network";
|
||||
};
|
||||
|
||||
dvbwg-wireguard = {
|
||||
PrivateKeyFile = cfg.privateKeyFile;
|
||||
};
|
||||
|
||||
expeers = map (x: {
|
||||
wireguardPeerConfig = {
|
||||
PublicKey = x.publicKey;
|
||||
AllowedIPs = [ "${x.addr4}/32" ];
|
||||
PersistentKeepalive = keepalive;
|
||||
};
|
||||
}) cfg.extraPeers;
|
||||
|
||||
peerconf = if isNull cfg.ownEndpoint.host then ep else (peers ++ expeers);
|
||||
in
|
||||
lib.mkIf (!isNull cfg.addr4) {
|
||||
networking.wireguard.enable = true;
|
||||
|
||||
systemd.network.netdevs."30-${dvbwg-name}" = {
|
||||
netdevConfig = dvbwg-netdev;
|
||||
wireguardConfig = dvbwg-wireguard;
|
||||
wireguardPeers = peerconf;
|
||||
};
|
||||
systemd.network.networks."30-${dvbwg-name}" = {
|
||||
matchConfig.Name = dvbwg-name;
|
||||
networkConfig = {
|
||||
Address = "${cfg.addr4}/${toString cfg.prefix4}";
|
||||
};
|
||||
};
|
||||
}
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{ config, lib, self, ... }:
|
||||
let
|
||||
|
||||
file = "${self}/configs/config_${toString config.deployment-dvb.systemNumber}.json";
|
||||
file = with config.deployment-dvb; "${self}/hosts/traffic-stop-box/${toString systemNumber}/config_${toString systemNumber}.json";
|
||||
receiver_configs = [
|
||||
{ frequency = 170795000; offset = 19550; device = "hackrf=0"; RF = 14; IF = 8; BB = 42; } # dresden - barkhausen
|
||||
{ frequency = 170795000; offset = 19400; device = "hackrf=0"; RF = 14; IF = 8; BB = 42; } # dresden - zentralwerk
|
||||
|
|
|
@ -3,6 +3,5 @@
|
|||
sops.defaultSopsFile = self + /secrets/traffic-stop-box-${toString config.deployment-dvb.systemNumber}/secrets.yaml;
|
||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
|
||||
sops.secrets.wg-seckey = { };
|
||||
sops.secrets.telegram-decoder-token.owner = config.users.users.telegram-decoder.name;
|
||||
}
|
||||
|
|
|
@ -1,19 +1,14 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{ config, pkgs, lib, ... }:
|
||||
# pubkey of the box goes to hosts/traffic-stop-box/${id}.nix!
|
||||
{
|
||||
networking.wg-quick.interfaces.wg-dvb = {
|
||||
address = [ "10.13.37.${toString (config.deployment-dvb.systemNumber + 100)}/32" ];
|
||||
privateKeyFile = config.sops.secrets.wg-seckey.path;
|
||||
postUp = ''
|
||||
${pkgs.iputils}/bin/ping -c 10 10.13.37.1 || true
|
||||
'';
|
||||
|
||||
peers = [{
|
||||
publicKey = "WDvCObJ0WgCCZ0ORV2q4sdXblBd8pOPZBmeWr97yphY=";
|
||||
allowedIPs = [ "10.13.37.0/24" ];
|
||||
endpoint = "81.201.149.152:51820";
|
||||
persistentKeepalive = 25;
|
||||
}];
|
||||
networking.useNetworkd = lib.mkForce true;
|
||||
|
||||
sops.secrets.wg-seckey = {
|
||||
owner = config.users.users.systemd-network.name;
|
||||
};
|
||||
deployment-dvb.net.wg = {
|
||||
addr4 = lib.mkDefault "10.13.37.${toString (config.deployment-dvb.systemNumber + 100)}";
|
||||
prefix4 = 24;
|
||||
privateKeyFile = lib.mkDefault config.sops.secrets.wg-seckey.path;
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue