vpn-gw: init
This commit is contained in:
parent
d59415fdc5
commit
bdca123b99
|
|
@ -69,6 +69,7 @@
|
|||
upstream3 = "172.20.72.11";
|
||||
upstream4 = "172.20.72.12";
|
||||
yggdrasil = "172.20.72.62";
|
||||
vpn-gw = "172.20.72.69";
|
||||
};
|
||||
hosts6 = {
|
||||
dn42 = {
|
||||
|
|
@ -130,6 +131,7 @@
|
|||
upstream3 = "fd23:42:c3d2:581::b:2";
|
||||
upstream4 = "fd23:42:c3d2:581::b:3";
|
||||
yggdrasil = "fd23:42:c3d2:581:9000::1";
|
||||
vpn-gw = "fd23:42:c3d2:581:9001::1";
|
||||
};
|
||||
up4 = {
|
||||
anon1 = "2a00:8180:2c00:281::9:1";
|
||||
|
|
@ -188,6 +190,7 @@
|
|||
upstream1 = "2a00:8180:2c00:281::b:0";
|
||||
upstream4 = "2a00:8180:2c00:281::b:1";
|
||||
yggdrasil = "2a00:8180:2c00:281:9000::1";
|
||||
vpn-gw = "2a00:8180:2c00:281:9001::1";
|
||||
};
|
||||
};
|
||||
subnet4 = "172.20.72.0/25";
|
||||
|
|
|
|||
|
|
@ -393,6 +393,12 @@ in
|
|||
reflect = true;
|
||||
sourcePort = 1337;
|
||||
}
|
||||
{
|
||||
destination = config.site.net.core.hosts4.vpn-gw;
|
||||
proto = "udp";
|
||||
reflect = true;
|
||||
sourcePort = config.site.vpn.wireguard.port;
|
||||
}
|
||||
];
|
||||
interfaces = {
|
||||
core = {
|
||||
|
|
|
|||
|
|
@ -0,0 +1,39 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
site.net.vpn = {
|
||||
vlan = null;
|
||||
domainName = "core.zentralwerk.org";
|
||||
hosts4 = {
|
||||
vpn-gw = "172.20.76.225";
|
||||
};
|
||||
hosts6 = {
|
||||
dn42 = {
|
||||
vpn-gw = "fd23:42:c3d2:585::1";
|
||||
};
|
||||
up4 = {
|
||||
vpn-gw = "2a00:8180:2c00:285::1";
|
||||
};
|
||||
};
|
||||
subnet4 = "172.20.76.224/28";
|
||||
subnets6 = {
|
||||
dn42 = "fd23:42:c3d2:585::/64";
|
||||
up4 = "2a00:8180:2c00:285::/64";
|
||||
};
|
||||
};
|
||||
|
||||
site.hosts.vpn-gw = {
|
||||
role = "container";
|
||||
interfaces = {
|
||||
core = {
|
||||
hwaddr = "0A:14:42:01:26:01";
|
||||
type = "veth";
|
||||
};
|
||||
vpn = {
|
||||
type = "wireguard";
|
||||
};
|
||||
};
|
||||
ospf = {
|
||||
allowedUpstreams = [ "upstream4" ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -1,62 +1,66 @@
|
|||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMA2PKcvDMvlKLAQf/V2MD1fBh0U1etre+SS2b9+moT5iWamjcaXNVBUt5nqJ2
|
||||
yGtbK3k1yJ1S4RDOUen+Boiqs8ew31QlKXm1FVV4g5C0GWyBKbEES2HJSMd1wWF0
|
||||
sdPMnjTxspZk137qrIjknhzBi95zhPXwTT8/p9CKcADy+Fv+Lco8AYsh4hu6K7ZS
|
||||
jzy/znR0AMDfGQ1zm4BYbo+0srC3jMsM9DWbsM3npKJd0rfSPqkC2Vsuu0ilNJts
|
||||
X7i8716XVGmzQBgdXAhOxNerXSjTZvelMYMVwOaWGQlLMdZpy92IY9iUcPXRM3uf
|
||||
k2emytYJAJC2LC5X+L8PVFByy8blYOBWpriBrI3JENLrAZhEW7Pvf8UK4ii9speC
|
||||
UbysdIzVTYXGJRi/DBxHSm0iJzbSTEDi69VBucySMhOdS2M1VPHxca9zzqyUfCSp
|
||||
0Wp5K6NyvB2UArVmJNYP1HbMntrs7G2Y3+6xU9+7s2z+Lz4a2L1ym895+jgknmT5
|
||||
doEQTgpZcv2+olATfETDpVkrIvfz/7WyCp+oU5HVStxqfIMLvR6chFxGiCL8pGS2
|
||||
Jy+71Uu77FsqT9Hr9LnYQW1G/sPkXpN81Qgo36RUV6sCknVGS3ftIGKp4EwFSLOJ
|
||||
qNIeTDHzdxvutTd2z8e3Kogx04eYBipHgAj2IhRujjGGDusb7spZSFm68U7X6xbJ
|
||||
KEPC7ts7aVbOIKT8C/4CATYKqFT/Heq2pMqJow/6QN3+4dqNfbwibrN73xQQV53/
|
||||
InvPr3lZMtQwwvGRgKrqZRaBbL7ErBGbitjB+q2Xg5Mppd+17qZ2bCXEQxn10HTy
|
||||
HA6Yc+QBL4Zjq+bYmV2qKoYNvG05o3OY/0dQaHz5KjZU+S9bYUBy3rqRte4+cWf9
|
||||
9Yq7YSXnfcAKHZSiWrS2mOjJ0rDl1/1kekav7eKxKuy1psnghMbJt4oqVQ7z3h3G
|
||||
WATXmTR4N1SH4ZECqVI+I4m88yOyv+0Io138BW3pmg94NKgFDUytTWUUPY8OQAYE
|
||||
XTB7TNALK6Mv8fVkedufZnmVuPIIBUT06D8k0jwmb9aWQ2O627uwaslqWJ8RVw8c
|
||||
fEd7/ZXfFqHPcdjJg/UfTrazGHaUwAty3mLaCB/WnCo7JPtGb1HTeH++kLPbTMzk
|
||||
qjbAee4fjw19+3mv3GKXhwwiTuUZBhVtot1jH9GCaZqeymL47At8dID6pHiLQui+
|
||||
umGdGjx0fNdBmxZY/XrUCkwqUOdT5gsMIwzMG9VKwTNLWYQ710QNUvKyGVFV+tOo
|
||||
6NYhV8IchDQQDjy1+xZmGCZzeq609PMpLjXlcvNMWEGAYPEGDXiDxydVCx1J8vuy
|
||||
F1YBZkCVFSbEculwWHeShAA3G3fp0ZeTvxnUz25cLpLPoo9saDPtZ4alvTKCLFzA
|
||||
wyth7VmGXiWvB3DJ4B2YkJesQCwFAE8VOoUhnTWf4OyKKDl7bSMT8yTRvFZSCvDo
|
||||
GzKZTfxU8uqZhyEkGe+qmI9LpzlqRsVj4P9J0nXetSxX1ZPCZK1sOUX9CxDMGBav
|
||||
y/kClWsHhBGhSih0GSqFMYNqbibAUthecUs2/ErnrWuQMJ/qiYk8hmqkb5hb5ylO
|
||||
jIwCL/MYstsPWrgRQSxmpj3ouWiTqLHheHAhkNBTyldUkI63LIRI9eqOHAXamV1b
|
||||
rb9hbV4co5WEz1q0Ayh7+swju+h1T4R2fpZuVSBFUJMiQdUxOJwx91uoLOEwOaYS
|
||||
y69HV0Ww/42IWYekZL4UsEcfADLFjCvrTeBjXKcWo+OI8iJRJ+LVdSFUwH9ww9Pg
|
||||
qY3L2N/is2xX6KA8x+WZsCBmBtq2E31LLJj6DRxYFqH9YQHl+lVkJmphpk6G0ynW
|
||||
GAJFcEcBLj0hH1PsQMYsP3Vbxny0rfscQ+3vwApUvIhwipfyuKlMJZxaA+mvHByD
|
||||
htpQOGQt/yUW81JyN0atnK5scmiSJA9ZIY7/6yIANFY+LSyQGRi33OaSg0t8r9ja
|
||||
06rkvz77EkNbkDJoR9/uqnbw91qzHQeaMAzcyPkGG6BduMMXdxwTgx16ocozkX4V
|
||||
zgFTwQoI063M//xs1JEINe/H1D/gTNrPx8MgXADWkPYrafgDzyA9bmmLx7/vjOGj
|
||||
BkNYq7CouXUTJxCiqyw4a56xxp81EZU80ay0y3oRRajbwZ0C1+P8MoRQ3aPKvBNw
|
||||
G7X8JS42Ye7QaMrumfSw4fD3X84lCgWDxGTDAz7OM1PQo/7XtxAGHRDvIdlaYrD8
|
||||
F07ScKv0OxA2CWQOxJph1d5zlKbkYA61fw9N27lYke1rHooWVvjO1IU8Sk+B0obN
|
||||
+M4iLf7S4KeTh2AiOGTkZxC/SYXbzDmTo9r3IpRNdYsqCPL6hPTT/QwS5Ph1KH5T
|
||||
5k3VnN/KVu/yrZW1zkHorJ5OZ2DdkVSuDbdTBw/tDmDAjlp01+4FA80xWfed+f/c
|
||||
zH+Wg+2GMYJrcNp+8iUkh4oDOqHzSabF2hjlfIChyCPjXWU/9KPxTLF+7aQePaCj
|
||||
m6NQYWq8ERfyQxN5vVLjYBpmU/7VE5Uw6Rr7+tkFa5BvjwTkweMo1afrGmQBIblY
|
||||
P1xMb78r4DCHPmDoopTX/xute17MpLYHQx49z4AX7RYozs66VoQnhtXl7CbtRM68
|
||||
stubbtRPEoQsq/DwQZ60Gw89DSd6Z71TPWbj+uQ1xE2kgm1oXNzziDPTrU9ZJ8pS
|
||||
2GDDNviKTeuMqrpifA3ZONQbKn4R5vgThBfsRxa9sa65ghTcRYtIhBOYA9Ole0N2
|
||||
3oWtY3kym8pYYyhSLF7OKXZerukYQBOz8m+/D5h7f8UbPwEA6tSG8PwJm19eSpBx
|
||||
nhM0C8ak3vZsY4GO2XLqJCGLx8BDPHEfQcjOt/8MgnZvEME2cSC73vXpGmrwgjeN
|
||||
HnfIyhl8PX3Hsx4j5XqMyAx1/FdRC6pLT+be/Hs/cowgNb5E7c6jiCkIeprg++q6
|
||||
2baySeOnIj9V+LKC5g2ybTq76wkdB14bv93SefNmbebWW/lRsKJu0jk00DDj7LKb
|
||||
/psnMocx/J5EUez/u8GUPXxpFKEgcZO8ouzBgDWv+cjnn7jH7KUQGJa4pGNAfz15
|
||||
ngysEcRueWruU48rbdpCSdHA+wSkMVXtA8B6MFIsNVK0ohbQjbKRbOmMdJdMrNh7
|
||||
GxiF84oUezI+J6XY5hRDasiqe4Gh+w2dHvkokioVwCCKTJJkMbra5WOdCRTXtVsQ
|
||||
ABKVqAh7jiIz+Rqu/NyEOhF68liSp3VCrjNMRqvsKD8ruYG3FkHpOp9qq8ScM6uy
|
||||
xO0JFnRZbxJmhnY5oeBktYqQOm8I+ofZkAUeLH0qRNR8TLeg998n9e+4Ok3QsA2y
|
||||
PyxRhRIcsohAKu6gyNIbK9WKasDO2+HDKSqIaJygOWkALnxehJCGUo4lpikZBWQG
|
||||
sciksKyKDGggoE2gm9nyP/Tl88qQg7Cn/raiVwvt/0bJWMGFR/TjIK7HLHzp2SO0
|
||||
89U0kpOe2pp2Waz4HpKIGYKYG1wJaem2dgL9jDypM378dNVt9Mkj1c5Cok9TIRQ0
|
||||
01DqNgXw/DtE5ZWDQM+p0lN0f6tOKed6JfNgv4QU/Joq4SBMqXZyr7mG6tpPn29N
|
||||
2T7CG8rtt2eRip6n1HE8hM+KJT90wjIwI1utTN3IzuIughiX2SJ8h9pnxZuaAN+9
|
||||
7aS/P4tf4a5WuPPOlu4v0ZnZ+5xAt67tHYCvcASP
|
||||
=5NFQ
|
||||
hQEMA2PKcvDMvlKLAQf+N/pS4pF0x1+2L78gGXy9Jl+Fm5AiTHHPvOMsb6lEYUa/
|
||||
D52lxOpYJ23248iZeRv+tyXyB1gUain/1HZPLkHe+JS/p4Sl81/tRcKDoDLxf09m
|
||||
EBjKAdlPpjdFUCRY3Byc8ZowyE/6G8RMXtYIqb5k8VMqVy+X/vP28PWeKRd3UfY5
|
||||
OLK/C60fxWQLGColvONjcr1YGOu6eBZo4lskuJsSjPj9qyeAkktMiEK6aY/WmtKC
|
||||
g4jfED4OdvdX/ala3paAYPt1dopjMUby5kIkbGhjN3GDYuMaWFiFt5nE9kMi8Ozt
|
||||
iQohMRrybYd1g81+lUPNBhlkO+M+QN0/M5jG68I48dLrAXDFkIY68//26VBkCGJq
|
||||
oCdsV/qev+Ll7ig2YJ7ijIGp2uqhC/zQ4u+z6MgoyO8Pwc0EA78eYpG4UcbT2v/V
|
||||
a20fFL3E6sb9D8GBvImz01Vn42LfsXpfZWSerb3QjZ0jOgv2IPw30Ee+y4tLAoVP
|
||||
9/4ahX0q04ByGUfWYx/rIUEdoLVZylQzxfRm2KkSat0LfAoAiMWdf0nBhwGTkywy
|
||||
QF4/6xUO5WW3rJYVf3iNUVyCDp4X3Ep8TVM6/w8VGB1m1tVON2eqAczuHOIFkmiZ
|
||||
ENtqe/3BwLp4n9CEaWlJAyjBJ7uzls7riZcGRPUXb6pfBDFszScvRzYXvaOaLHRa
|
||||
eqDgXz2IeUrEHrvzIOtRYpwav+DD/vGyIuOaUbAJULc2J6TcQSfhA0f4pqo+VAw+
|
||||
geBNyd95BTA3MmfqfZ8D1YIaLeFYcANBUMI5f7offF7XsHoO7WQ4wSQmu60g0462
|
||||
KRDMlv5TEp20sh/cErjKz9L3w6MTBVo5V4M2zAfMDB1QAiRVU94KLeoMIjeYT2Yd
|
||||
94zrc869dMUS9juwNa/6jPaT+1AXbkHxcE/a2kk/BYLxuea2kg+KvNVPWtpRBQPn
|
||||
0CDLNcJbYQJ/Qj8BnPPCvPThzlGCTxCk0lLBje4iz4qWk4gZLJHGgjUdrj0YXgo1
|
||||
8WSOXnylK+AL8+w831jg8PLIYG2FDJnc4+ZKhaB/JQynigIiqq8809aYV7hdiXsr
|
||||
r7n5S+js0QRfJOLyfTTaTCiVHKAUdvJmGjUdYR9lUDW/ZVeX8wqCxVsj8AyaNs+3
|
||||
XSnDrLpAYt1Qixk6lavW6KA5Jncqh9wm8sqg7CDqaeBlUrGRTpqJhaO0KNMNzzhp
|
||||
1Sa9kT15B40zvQ77JGuxl4+MgViXk0eNIkT5oB62yShBE0URg16GDVNWTx8Ze9UD
|
||||
PiKqZJJ9D7CwOpR6AMcbkVFRZr1bihx1ISbfeJLaEft5Cs7XuQv6Z0Ljxa6Ty2wu
|
||||
N6VmLh05uDghfLmVYMNa64TixSQdedBUJPqWcz2PKubYeRQRcVG+UktzhK1E0I3t
|
||||
wkyFnHXR6MnpXWY+2wXoqaPfJGc5t+dOuUSj5itpVpmeCDomxHTGPYSljr2As/LT
|
||||
6UXyluzFYm4nvmeJMbJKWYUShIBtYvKEYK4y8QNbNutEw6gLh3KN8K3NUFTm6eYq
|
||||
KisbTWWm9ai7urYyk73SxbMM0AdW2e1SajAnBLNAgQLdaWinRKjrCYEZFvXqp3Xh
|
||||
Am1WvFCR/QGoSgNFUDmKSgoBQHAM+UWUbUoCKuC6seJd/thiB0DJNhO1k85l8c5N
|
||||
pXir8twpnqe9kr+QabCL4v8cQxi8Bsq+ITQp+bbwuZTDNFJIOfmzpdSzGDDrRZ1P
|
||||
6BakQVL7oOWjfulTd9Lk7q4AOpjxECqxlu53/71pzy2Ztx4OyOzMzMPDl4T5RK6G
|
||||
GZ8NqrNpwOcF8UZHkygQtiZ4fLkF81czrwOEPvsSxsfyCaUl+Ei2KK4JBoKI9lZI
|
||||
HUROck8DtvM7C9P5PUb+vhf+qDiEDJLlSGDkAc4wsBu5JHSvaZdJvTEQ0wCg1NUl
|
||||
QbToxhJ2qdpDERoR4ChbM5XYjMDFYxNLD5GZoBx229g6ag4y0p+Q/35x7C4y2PXf
|
||||
wSmcmKqVKQn3z8OsdoY4KyGvESEudlTWLFVtWvItRc2xZKSlS/hrzweA7FgR23Cm
|
||||
5CUisyzY/U6psLBnv7d3iMVWIQID7EJp80KXGPuc+Y2Ulhqe4FJ9I8VuSi3BEhKK
|
||||
hIf+I8GjB7OisFpKKmZiNhg2h6SlORvn+0NmU5nII344e2doxz5gJhkLA7ApHuOI
|
||||
QEBqSV3CANGyiXk9l5EK0qK8U7hF02Gy3NQdRWn/CTuVbtjU7tHlOS6WgfKLgq04
|
||||
/gQG3T9yboLK/ipVvWhswN/vEWxHSE5hQxltM0TcrwByNswQEfFxbhUhupOGxTzO
|
||||
EuxcmNCctUSpnDZHoCjUheZkzvhtGKnrcSDT26kJiis8WmALjIxacQ4d3XaUmnPD
|
||||
vl+o5rX2v66kUw8mYjs/0u/EcVA4VdAlA+5FBRnwDgoxy9QBMLTIqlqEympSvEuN
|
||||
cLY8LVuh9EfYgDIYXzWhGlTcSNY7ezR/IMOkDfCwsPHkf1WnZB1RuQxQO7MP6N20
|
||||
l5vk0095Swps7BhVVZ43KTYH/EL7QdKLXXbc/9npuFZYWcaPoxIpNZpO/d6g/K5A
|
||||
0TSmMNM8VT/1f87jyETBVV+RCfF++OtjpRW1UtO9PNCp0BJ8Vlb0pq854rrB/5y0
|
||||
EqOc1VXgZYDzHmqzvt0acsX4IjoQzb9EMKSRlCyD8XVY7Biv9xsN3SLmRZp9WKqJ
|
||||
GDNeT/FxJADMwx/KXnMKLq0wgh/xjmD/f/lyzPOnLUwjzt4ycuSh44JG43UZgsSS
|
||||
vQ+c7B5mloPLzW4t1AcgT3UyXLJYeZ8AFmEJ/o0v11buRA3PN2k7FPuY/+rEqJVB
|
||||
TfAkVt49/IYEQcgfbXjT2tFnHihpAzPL2Q7+trtL57Vw/C94kxOaMHzWjoYqBHmB
|
||||
Lm8PI8I39hzrDNzDrv7dAzZmYrXTtPoV+4/OcvBF3ZrYxPUK3It/g8YDRmYyuhge
|
||||
zPD566puc/+fxlYjebYnrhsY4OFPoyEz9Yg9+C1V3IhQ318SifeJPGpeJcX30Ti7
|
||||
QmzlZWGQCOwRSXXb7qDkN//EJmx40xPANbpUZn2QOu3mNGUsKaCow7yDpCKr62cV
|
||||
PQ6CIee7Luom8vYPSATIeRLpqz76gz4E8iV3K4lnPYD8nRsMcMx3Ra9YCEkCxQxg
|
||||
p59kXBBWt32X8UbmfVA9cw2JZoi0pnjQfdxyZpGYPEiL9bZWtMFPqm79EB4dasvj
|
||||
fu4Ie8PXDkBVfa9dlh4VCAMJuUbycytuIIU5gSEYAm9ZHaHLHGRih6o97lB1tIoM
|
||||
O4apciEedqaonRA0HHqa21d50K5APjhcg0x2m4yBh6uEtaZK1iqP9VRP74EQ8xrn
|
||||
J9Qp9iKwgDRC2yOuVxC00U5Fd3bX8c84DBh24EXzxH8+rmwES8aCGw1E0AgjLEQN
|
||||
ssrFi/ic7CNMQnvvSwUd8PLdGcDRsJp6FcbJ/717u/gn06zolxsoSOBpRrwvVd8R
|
||||
6WSRj3wy8n7fU3gRoE59jTWJc1PplY7WsMTY9puJXpz1NvLHI88CsD4WKTV7M9QD
|
||||
e++EqdiTbJiz7zBkF0MlZzM+nj4Hr8izF0wpAMRpRS6oEG69hSXM2az884NJ8Xtl
|
||||
p4qoD2O88rZuNKQ1GJUKvDemFnT225QMkgOKmBDw+lC5OO+E7DxMJYCmmB+6N9ih
|
||||
N45QUszb2m8JMonYUnT/va/7gQrfncHU3t+wjY7sdEoaPkm25lRi6dcZFB8yrfjj
|
||||
km3qEJhzD4AlRzgj9+qQfHFQmkGxrKVdYQvozYNbuLKhkQClROEdxdRHZ4VwqVaF
|
||||
3uRxDSLDCopVHpoHRkawI6smFo/IIUE8EX1hXVSu5KrxobEWkqolqkBZg23AcssC
|
||||
PsdYCNQu6DMJs71YGzhLiQGOYbdxKrnfDFjSGCipE3z+hCnYBvQwQ+5xSEGkTOV/
|
||||
T3StIhb2a4ZcUlK3KIrYEpr01hQ=
|
||||
=zbiO
|
||||
-----END PGP MESSAGE-----
|
||||
|
|
|
|||
|
|
@ -252,4 +252,17 @@
|
|||
};
|
||||
|
||||
site.dyndnsKey = "SECRET";
|
||||
|
||||
site.vpn.wireguard = {
|
||||
privateKey = "wPNXY4ED3Jz3Kz0KOmvfQOou6/wHrgqSsykaMYrtb28=";
|
||||
peers = [ {
|
||||
# privateKey: GOdfeizQZjPmyYnh3LMI3LrYeEtqYMyOvK8KASVgI1Q=
|
||||
publicKey = "4aTjdm/APMTERczvtnLXRFYjSWYsmwPFTumjyno4nx4=";
|
||||
allowedIPs = [
|
||||
"172.20.76.226"
|
||||
"fd23:42:c3d2:585::/64"
|
||||
"2a00:8180:2c00:285::/64"
|
||||
];
|
||||
} ];
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -529,6 +529,30 @@ let
|
|||
};
|
||||
};
|
||||
};
|
||||
|
||||
vpnOpts = {
|
||||
privateKey = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
default = 1337;
|
||||
};
|
||||
|
||||
peers = mkOption {
|
||||
type = with types; listOf (submodule {
|
||||
options = {
|
||||
publicKey = mkOption {
|
||||
type = str;
|
||||
};
|
||||
allowedIPs = mkOption {
|
||||
type = listOf str;
|
||||
};
|
||||
};
|
||||
});
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
options.site = {
|
||||
|
|
@ -551,6 +575,8 @@ in
|
|||
dyndnsKey = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
vpn.wireguard = vpnOpts;
|
||||
};
|
||||
|
||||
config.warnings =
|
||||
|
|
@ -585,7 +611,7 @@ in
|
|||
else []
|
||||
) (builtins.attrNames config.site.hosts);
|
||||
in
|
||||
(reportCollisions "VLAN tag" (x: [x.vlan]) config.site.net) ++
|
||||
(reportCollisions "VLAN tag" (x: lib.optional (x.vlan != null) x.vlan) config.site.net) ++
|
||||
(reportCollisions "IPv4 subnet" (x: if x.subnet4 == null then [] else [x.subnet4]) config.site.net) ++
|
||||
(reportCollisions "IPv6 subnet" (x: builtins.attrValues x.subnets6) config.site.net) ++
|
||||
ospfUpstreamXorGw;
|
||||
|
|
|
|||
|
|
@ -0,0 +1,51 @@
|
|||
{ hostName, config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
privateKeyFile = ifName:
|
||||
"/run/wireguard-keys/${ifName}.key";
|
||||
ifName = "vpn";
|
||||
in
|
||||
{
|
||||
systemd.services = {
|
||||
"wireguard-key-${ifName}" = {
|
||||
description = "Create key file for wireguard interface '${ifName}'";
|
||||
requiredBy = [ "systemd-networkd.service" ];
|
||||
before = [ "systemd-networkd.service" ];
|
||||
serviceConfig.Type = "oneshot";
|
||||
script = ''
|
||||
#! ${pkgs.runtimeShell} -e
|
||||
|
||||
F=${privateKeyFile ifName}
|
||||
mkdir -p -m 0700 $(dirname $F)
|
||||
chown systemd-network:systemd-network $(dirname $F)
|
||||
rm -f $F
|
||||
cat >$F <<EOF
|
||||
${config.site.vpn.wireguard.privateKey}
|
||||
EOF
|
||||
chmod 0400 $F
|
||||
chown systemd-network:systemd-network $F
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
systemd.network.netdevs.vpn = {
|
||||
netdevConfig = {
|
||||
Name = ifName;
|
||||
Kind = "wireguard";
|
||||
};
|
||||
wireguardConfig = {
|
||||
PrivateKeyFile = privateKeyFile ifName;
|
||||
ListenPort = config.site.vpn.wireguard.port;
|
||||
};
|
||||
wireguardPeers = map ({ publicKey, allowedIPs }: {
|
||||
wireguardPeerConfig = {
|
||||
PublicKey = publicKey;
|
||||
AllowedIPs = allowedIPs;
|
||||
};
|
||||
}) config.site.vpn.wireguard.peers;
|
||||
};
|
||||
|
||||
environment.systemPackages = [
|
||||
pkgs.wireguard-tools
|
||||
];
|
||||
}
|
||||
|
|
@ -39,5 +39,8 @@ in {
|
|||
] ++
|
||||
optionals (hostName == "netboot") [
|
||||
./container/netboot.nix
|
||||
] ++
|
||||
optionals (hostName == "vpn-gw") [
|
||||
./container/vpn.nix
|
||||
];
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue