simon/nixos-config
simon/nixos-config
1
1
Fork 0
Code Issues 8 Pull requests Actions Projects Activity

shinobu/router: Make wg-mullvad vendor neutral

Browse source
This commit is contained in:
Simon Bruder 2023-08-08 11:44:45 +02:00
parent 751e9d51b9
commit ba1f9262fb
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC
2 changed files with 10 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
machines/shinobu/secrets.yaml
View file

@ -1,5 +1,5 @@
wg-home-private-key: ENC[AES256_GCM,data:gm4INfmp226u4wp+LuKgf5m2nTFFw4S24w4PRPcW/A7CU713c9NtQ+kPDKg=,iv:JAir9z5/Db6+Oroq+0vXPZLZLA2gjY2Be6hRAmgV5AE=,tag:fxL9nK3v5xERfcoBbCUsXg==,type:str] wg-home-private-key: ENC[AES256_GCM,data:gm4INfmp226u4wp+LuKgf5m2nTFFw4S24w4PRPcW/A7CU713c9NtQ+kPDKg=,iv:JAir9z5/Db6+Oroq+0vXPZLZLA2gjY2Be6hRAmgV5AE=,tag:fxL9nK3v5xERfcoBbCUsXg==,type:str]
wg-mullvad-private-key: ENC[AES256_GCM,data:yJ3+/rc3EQPhCMlHQ5BNA/NmPZiinjgV4A34UkmZgABvYLWzQMEQH5S8K9Q=,iv:YsGvRIaLbsYkbYCoD+szTIFPgBeyq/hoO4ljFSvp9f8=,tag:oil95breVKac7CdH/pA8FA==,type:str] wg-upstream-private-key: ENC[AES256_GCM,data:CO50H7QsLQ2x0QQXnB7c0leG8NdV66gWrdWBWOR9z4ukSN7qj/qqe83t82k=,iv:2as2HfTfRje3TEap8QpPfzz4saNDgjo6Ty1DTF23JVE=,tag:ZYe+59wrpX7mV1HcDllMdg==,type:str]
hostapd-config: ENC[AES256_GCM,data:a0ESrrsquLq6VRJM588C5A+FmVxJwJSzwRuv2o//LL5OybcDS8jkVUajosXEs0qmQ6Xfc1gFDcevCYUwJ24eZ+ynKLWwoNx8RXXwbpllO7FkI68vcauUij1CtUgVb8aHheKfrFuyW7WU1wE3NTtOt2gij1+nM3iKS3vFXtX2n9L2fuy2b3EhOUBiakxAeQmyVmclSVBDYt12i4h4tW7GpPr8AjoIiZgz0Hyx5zA5f/JTPzz/P200eM0tCttNPbMNPBGztJfw7raRIX+v6xw7QNPMgf03TOae17mt6uggTNKJfEPeanzcEMA3xR6xoFUqJL6Hvowyl4MrSFc+E5Rvft+qhp8m6tAqQln9Z3MzaDtxSBWnWdvWEcyeK1aDBQ57/aIwo8kVs47Iblqbi5+jM/n4DoeQtqTM1kS7sZ3XDQ26suW5KCw+VIeqEEqdu6g5ZXMO2SipSOzP5jPjX+5ubX3SXcyoAIo41Efa6YGdWtl3,iv:oLk5tatZEY5AI/PlTBJHShGCKiyvve9rPhGARAtMMj4=,tag:Bkan2Hff8L8ZcC67r+fWjg==,type:str] hostapd-config: ENC[AES256_GCM,data:a0ESrrsquLq6VRJM588C5A+FmVxJwJSzwRuv2o//LL5OybcDS8jkVUajosXEs0qmQ6Xfc1gFDcevCYUwJ24eZ+ynKLWwoNx8RXXwbpllO7FkI68vcauUij1CtUgVb8aHheKfrFuyW7WU1wE3NTtOt2gij1+nM3iKS3vFXtX2n9L2fuy2b3EhOUBiakxAeQmyVmclSVBDYt12i4h4tW7GpPr8AjoIiZgz0Hyx5zA5f/JTPzz/P200eM0tCttNPbMNPBGztJfw7raRIX+v6xw7QNPMgf03TOae17mt6uggTNKJfEPeanzcEMA3xR6xoFUqJL6Hvowyl4MrSFc+E5Rvft+qhp8m6tAqQln9Z3MzaDtxSBWnWdvWEcyeK1aDBQ57/aIwo8kVs47Iblqbi5+jM/n4DoeQtqTM1kS7sZ3XDQ26suW5KCw+VIeqEEqdu6g5ZXMO2SipSOzP5jPjX+5ubX3SXcyoAIo41Efa6YGdWtl3,iv:oLk5tatZEY5AI/PlTBJHShGCKiyvve9rPhGARAtMMj4=,tag:Bkan2Hff8L8ZcC67r+fWjg==,type:str]
sops: sops:
kms: [] kms: []
@ -7,8 +7,8 @@ sops:
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: [] age: []
lastmodified: "2023-06-29T17:51:22Z" lastmodified: "2023-08-08T09:43:37Z"
mac: ENC[AES256_GCM,data:1mkrR2swPTwV5VzClUSfp+VdYXOXRD3hxITS1r3y3kmc7c4XDPJPiNuYXzgvLr6LN4xoAteVgYY+McVT3/JKykENtgpoiMVeWBvJvLPjFPt8FufnhqqCmlsVM17C5dlxdTvdtZtAPrebNqgxvVOdBfUcNugMx52ngmMNv9E7r1o=,iv:h8z5XO0r2zCA/gZSuLgFCupHizc4OMZeiBP+oHiXEBo=,tag:BzgBhgQIikNHSmYgNfPppA==,type:str] mac: ENC[AES256_GCM,data:lxoKzGyPwdfeI5Dlmgx9K9SBhfRIaokvum+dJWABUoGtIMtrhp4K4ZRF1Rjja8oTi4w3b+s9aUBpxt8TLu9vJZFsUkhY2gqW5bX3Ub/3xMAR9YSG3LtijRSMuKkdVlAkdjB6Guz9aHNVBG3fTZ+SfTlyOQdImW6bK4tydbGHKgY=,iv:6kVR4zZfHnqhcOT3N2tClGST8h7FLjIseXDu2xS2DEY=,tag:rd/f7cHSoxLT3O7HluVWLA==,type:str]
pgp: pgp:
- created_at: "2023-06-29T16:44:16Z" - created_at: "2023-06-29T16:44:16Z"
enc: |- enc: |-

14
machines/shinobu/services/router.nix
View file

@ -28,7 +28,7 @@ let
domain = "home.sbruder.de"; domain = "home.sbruder.de";
in in
{ {
sops.secrets.wg-mullvad-private-key = { sops.secrets.wg-upstream-private-key = {
owner = config.users.users.systemd-network.name; owner = config.users.users.systemd-network.name;
sopsFile = ../secrets.yaml; sopsFile = ../secrets.yaml;
}; };
@ -47,7 +47,7 @@ in
nat = { nat = {
enable = true; enable = true;
enableIPv6 = true; enableIPv6 = true;
externalInterface = "wg-mullvad"; externalInterface = "wg-upstream";
internalInterfaces = [ "br-lan" ]; internalInterfaces = [ "br-lan" ];
internalIPv6s = [ "fd00:80:1::/64" ]; internalIPv6s = [ "fd00:80:1::/64" ];
}; };
@ -64,13 +64,13 @@ in
Kind = "bridge"; Kind = "bridge";
}; };
}; };
wg-mullvad = { wg-upstream = {
netdevConfig = { netdevConfig = {
Kind = "wireguard"; Kind = "wireguard";
Name = "wg-mullvad"; Name = "wg-upstream";
}; };
wireguardConfig = { wireguardConfig = {
PrivateKeyFile = config.sops.secrets.wg-mullvad-private-key.path; PrivateKeyFile = config.sops.secrets.wg-upstream-private-key.path;
FirewallMark = 51820; FirewallMark = 51820;
}; };
wireguardPeers = lib.singleton { wireguardPeers = lib.singleton {
@ -114,8 +114,8 @@ in
domains = [ domain ]; domains = [ domain ];
address = [ "10.80.1.1/24" "fd00:80:1::1/64" ]; address = [ "10.80.1.1/24" "fd00:80:1::1/64" ];
}; };
wg-mullvad = { wg-upstream = {
name = "wg-mullvad"; name = "wg-upstream";
address = [ "10.66.208.88/32" "fc00:bbbb:bbbb:bb01::3:d057/128" ]; address = [ "10.66.208.88/32" "fc00:bbbb:bbbb:bb01::3:d057/128" ];
dns = [ "10.64.0.1" ]; dns = [ "10.64.0.1" ];
routingPolicyRules = [ routingPolicyRules = [