From a5b0c132283bdf8db95e678846e3bcd90b93ca79 Mon Sep 17 00:00:00 2001 From: Serge Bazanski Date: Thu, 7 Oct 2021 18:47:51 +0000 Subject: [PATCH] edge01: deploy kkc wireguard tunnel (never used) Change-Id: I5f61f00029ac9e86cd4fdcc390d16ec7fa081f51 Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1157 Reviewed-by: q3k --- bgpwtf/machines/edge01.waw.bgp.wtf.nix | 40 +++++++++++++++++++++++++- 1 file changed, 39 insertions(+), 1 deletion(-) diff --git a/bgpwtf/machines/edge01.waw.bgp.wtf.nix b/bgpwtf/machines/edge01.waw.bgp.wtf.nix index d26f2191..e9d88e58 100644 --- a/bgpwtf/machines/edge01.waw.bgp.wtf.nix +++ b/bgpwtf/machines/edge01.waw.bgp.wtf.nix @@ -58,6 +58,44 @@ in rec { out = "/var/lib/unbound/rsh.conf"; }; + networking.wireguard.interfaces = { + wg-camp = { + ips = [ + "185.236.240.68/31" + "2a0d:eb00:2137:1::e/127" + ]; + allowedIPsAsRoutes = false; + listenPort = 51820; + generatePrivateKeyFile = true; + privateKeyFile = "/root/camp-wg"; + peers = [ + { + publicKey = "TbXDHeHwT4/xQ1+l4HH9EzbYUUCU4Pk/r0nsGSw+qUc="; + allowedIPs = [ + "185.236.240.69/32" + "185.236.241.0/24" + "2a0d:eb00:8007::/48" + "2a0d:eb00:2137:1::f/128" + ]; + } + ]; + }; + }; + + hscloud.routing.static.v6.camp = { + table = "aggregate"; + address = "2a0d:eb00:8007::"; + prefixLength = 48; + via = "2a0d:eb00:2137:1::f"; + }; + hscloud.routing.static.v4.camp = { + table = "aggregate"; + address = "185.236.241.0"; + prefixLength = 24; + via = "185.236.240.69"; + }; + + hscloud.renameInterfaces = { # Link to Nitronet CPE. e1-nnet.mac = "ac:1f:6b:1c:d7:ae"; @@ -172,7 +210,7 @@ in rec { ''; hscloud.routing.originate = { # WAW prefixes, exposed into internet BGP table. - v4.waw = { table = "internet"; address = "185.236.240.0"; prefixLength = 24; }; + v4.waw = { table = "internet"; address = "185.236.240.0"; prefixLength = 23; }; v6.waw = { table = "internet"; address = "2a0d:eb00::"; prefixLength = 32; }; # Default gateway via us, exposed into aggregated table.