forked from hswaw/hscloud
edge01: deploy kkc wireguard tunnel (never used)
Change-Id: I5f61f00029ac9e86cd4fdcc390d16ec7fa081f51 Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1157 Reviewed-by: q3k <q3k@hackerspace.pl>
This commit is contained in:
parent
848db46bc0
commit
a5b0c13228
1 changed files with 39 additions and 1 deletions
|
@ -58,6 +58,44 @@ in rec {
|
|||
out = "/var/lib/unbound/rsh.conf";
|
||||
};
|
||||
|
||||
networking.wireguard.interfaces = {
|
||||
wg-camp = {
|
||||
ips = [
|
||||
"185.236.240.68/31"
|
||||
"2a0d:eb00:2137:1::e/127"
|
||||
];
|
||||
allowedIPsAsRoutes = false;
|
||||
listenPort = 51820;
|
||||
generatePrivateKeyFile = true;
|
||||
privateKeyFile = "/root/camp-wg";
|
||||
peers = [
|
||||
{
|
||||
publicKey = "TbXDHeHwT4/xQ1+l4HH9EzbYUUCU4Pk/r0nsGSw+qUc=";
|
||||
allowedIPs = [
|
||||
"185.236.240.69/32"
|
||||
"185.236.241.0/24"
|
||||
"2a0d:eb00:8007::/48"
|
||||
"2a0d:eb00:2137:1::f/128"
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
hscloud.routing.static.v6.camp = {
|
||||
table = "aggregate";
|
||||
address = "2a0d:eb00:8007::";
|
||||
prefixLength = 48;
|
||||
via = "2a0d:eb00:2137:1::f";
|
||||
};
|
||||
hscloud.routing.static.v4.camp = {
|
||||
table = "aggregate";
|
||||
address = "185.236.241.0";
|
||||
prefixLength = 24;
|
||||
via = "185.236.240.69";
|
||||
};
|
||||
|
||||
|
||||
hscloud.renameInterfaces = {
|
||||
# Link to Nitronet CPE.
|
||||
e1-nnet.mac = "ac:1f:6b:1c:d7:ae";
|
||||
|
@ -172,7 +210,7 @@ in rec {
|
|||
'';
|
||||
hscloud.routing.originate = {
|
||||
# WAW prefixes, exposed into internet BGP table.
|
||||
v4.waw = { table = "internet"; address = "185.236.240.0"; prefixLength = 24; };
|
||||
v4.waw = { table = "internet"; address = "185.236.240.0"; prefixLength = 23; };
|
||||
v6.waw = { table = "internet"; address = "2a0d:eb00::"; prefixLength = 32; };
|
||||
|
||||
# Default gateway via us, exposed into aggregated table.
|
||||
|
|
Loading…
Reference in a new issue