improve wireguard config

This commit is contained in:
Charlotte 🦝 Delenk 2022-04-07 14:30:09 +01:00
parent 070789fad5
commit d8ad59f9d0
Signed by: darkkirb
GPG key ID: AB2BD8DAF2E37122
3 changed files with 44 additions and 54 deletions

View file

@ -193,6 +193,27 @@
"10.0.0.1/32"
];
}
# nutty-noon
{
publicKey = "YYQmSJwipRkZJUsPV5DxhfyRBMdj/O1XzN+cGYtUi1s=";
allowedIPs = [
"fd0d:a262:1fa6:e621:47e6:24d4:2acb:9437/128"
];
}
# thinkrac
{
publicKey = "iKW9nomLyLY2f90UY66POzY8CfDhQrqOLqchERlR3TY=";
allowedIPs = [
"fd0d:a262:1fa6:e621:f45a:db9f:eb7c:1a3f/128"
];
}
# Old infra: nas
{
publicKey = "X6IOz4q4zfPy34bRhAjsureLc6lLFOSwvyGDfxgp8n4=";
allowedIPs = [
"fd00:e621:e621:2::2/128"
];
}
];
};
boot.kernel.sysctl = {

View file

@ -26,7 +26,7 @@
services.zfs.trim.enable = true;
services.zfs.autoScrub.enable = true;
services.zfs.autoScrub.pools = ["ssd" "hdd"];
services.zfs.autoScrub.pools = [ "ssd" "hdd" ];
boot.initrd.luks.devices = {
ssd = {
@ -41,67 +41,67 @@
fileSystems."/" = {
device = "ssd/nixos";
fsType = "zfs";
options = ["zfsutil"];
options = [ "zfsutil" ];
};
fileSystems."/nix" = {
device = "ssd/nixos/nix";
fsType = "zfs";
options = ["zfsutil"];
options = [ "zfsutil" ];
};
fileSystems."/etc" = {
device = "ssd/nixos/etc";
fsType = "zfs";
options = ["zfsutil"];
options = [ "zfsutil" ];
};
fileSystems."/var" = {
device = "ssd/nixos/var";
fsType = "zfs";
options = ["zfsutil"];
options = [ "zfsutil" ];
};
fileSystems."/var/lib" = {
device = "ssd/nixos/var/lib";
fsType = "zfs";
options = ["zfsutil"];
options = [ "zfsutil" ];
};
fileSystems."/var/log" = {
device = "ssd/nixos/var/log";
fsType = "zfs";
options = ["zfsutil"];
options = [ "zfsutil" ];
};
fileSystems."/var/spool" = {
device = "ssd/nixos/var/spool";
fsType = "zfs";
options = ["zfsutil"];
options = [ "zfsutil" ];
};
fileSystems."/home" = {
device = "ssd/userdata/home";
fsType = "zfs";
options = ["zfsutil"];
options = [ "zfsutil" ];
};
fileSystems."/root" = {
device = "ssd/userdata/root";
fsType = "zfs";
options = ["zfsutil"];
options = [ "zfsutil" ];
};
fileSystems."/home/darkkirb" = {
device = "ssd/userdata/home/darkkirb";
fsType = "zfs";
options = ["zfsutil"];
options = [ "zfsutil" ];
};
fileSystems."/build" = {
device = "hdd/build";
fsType = "zfs";
options = ["zfsutil"];
options = [ "zfsutil" ];
};
fileSystems."/boot" = {
@ -193,4 +193,14 @@
];
nix.daemonCPUSchedPolicy = "idle";
nix.daemonIOSchedClass = "idle";
networking.wireguard.interfaces.wg0.peers = [
# Old infra: nas
{
publicKey = "X6IOz4q4zfPy34bRhAjsureLc6lLFOSwvyGDfxgp8n4=";
allowedIPs = [
"fd00:e621:e621:2::2/128"
];
endpoint = "192.168.2.1:51820";
}
];
}

View file

@ -6,6 +6,7 @@
listenPort = 51820;
privateKeyFile = "/run/secrets/network/wireguard/privkey";
peers = [
# nixos-8gb-fsn1-1
{
publicKey = "zQY9cAzbRO/FgV92pda7yk0NJFSXzHfi6+tgRq3g/SY=";
allowedIPs = [
@ -14,48 +15,6 @@
endpoint = "138.201.155.128:51820";
persistentKeepalive = 25;
}
{
publicKey = "YYQmSJwipRkZJUsPV5DxhfyRBMdj/O1XzN+cGYtUi1s=";
allowedIPs = [
"fd0d:a262:1fa6:e621:47e6:24d4:2acb:9437/128"
];
}
{
publicKey = "iKW9nomLyLY2f90UY66POzY8CfDhQrqOLqchERlR3TY=";
allowedIPs = [
"fd0d:a262:1fa6:e621:f45a:db9f:eb7c:1a3f/128"
];
}
{
publicKey = "exj1pQz8tTHtZH/ouf8PNYMHqFEdUnmQKUKQ79Pd+1Y=";
allowedIPs = [
"fd0d:a262:1fa6:e621:6ec2:1e4e:ce7f:d2af/64"
];
}
{
publicKey = "o9ltq7E/TRMS9d1TXs7dJTNBm8grsSQBqppr2nW4ngw=";
allowedIPs = [
"fd0d:a262:1fa6:e621:6a74:93b8:e164:cd7c/64"
];
}
# Old infra: ubuntu-4gb-fsn1-1
{
publicKey = "ZtU2iWwVYeGyXC1ak+wFdTuisQNq7gMthYQZaw6InDU=";
endpoint = "23.88.44.119:51820";
allowedIPs = [
"fd00:e621:e621::/64"
"fd00:e621:e621:1::/64"
"fd00:e621:e621:2::3/128"
];
persistentKeepalive = 25;
}
# Old infra: nas
{
publicKey = "X6IOz4q4zfPy34bRhAjsureLc6lLFOSwvyGDfxgp8n4=";
allowedIPs = [
"fd00:e621:e621:2::2/128"
];
}
];
};
};