depot/hosts/VEGAS/services/backbone-routing/peering.nix

{ config, ... }:

{
  networking.firewall.allowedUDPPorts = [
    config.networking.wireguard.interfaces.wgautobahn.listenPort
  ];

  age.secrets.wireguard-key-wgautobahn = {
    file = ../../../../secrets/wireguard-key-wgautobahn.age;
    owner = "root";
    group = "root";
    mode = "0400";
  };
  age.secrets.wireguard-key-wgmv = {
    file = ../../../../secrets/wireguard-key-wgmv.age;
    owner = "root";
    group = "root";
    mode = "0400";
  };

  networking.wireguard = {
    enable = true;
    interfaces.wgautobahn = {
      ips = [ "10.15.0.1/30" ];
      listenPort = 51820;
      privateKeyFile = config.age.secrets.wireguard-key-wgautobahn.path;

      allowedIPsAsRoutes = true;
      peers = [
        # animus
        {
          publicKey = "CIJ8W5SDMyPnSZLN2CNplwhGaNPUGoLV0mdzoDHhxUo=";
          allowedIPs = [ "10.15.0.0/30" "10.150.0.0/16" ];
          endpoint = "116.202.226.86:53042";
        }
      ];
    };
    interfaces.wgmv-es7 = {
      ips = [ "10.66.207.76/32" ];
      privateKeyFile = config.age.secrets.wireguard-key-wgmv.path;
      allowedIPsAsRoutes = false;
      peers = [
        # es7-wireguard
        {
          publicKey = "azJb0GofbDjSh2KTPReEeVdB8QVs4QC7E57P7MC7dQg=";
          allowedIPs = [ "10.64.0.1/32" "0.0.0.0/0" ];
          endpoint = "45.134.213.207:51820";
        }
      ];
    };
  };
  networking.interfaces = {
    wgmv-es7.ipv4.routes = [
      { address = "10.64.0.1"; prefixLength = 32; }
      { address = "10.124.0.0"; prefixLength = 16; }
    ];
  };
}
VEGAS: add backbone routing, portforward and peers 2021-10-16 21:18:53 +03:00			`{ config, ... }:`

			`{`
			`networking.firewall.allowedUDPPorts = [`
			`config.networking.wireguard.interfaces.wgautobahn.listenPort`
			`];`

			`age.secrets.wireguard-key-wgautobahn = {`
			`file = ../../../../secrets/wireguard-key-wgautobahn.age;`
			`owner = "root";`
			`group = "root";`
			`mode = "0400";`
			`};`
services/backbone-routing: add Mullvad connection 2022-05-26 19:09:26 +03:00			`age.secrets.wireguard-key-wgmv = {`
			`file = ../../../../secrets/wireguard-key-wgmv.age;`
			`owner = "root";`
			`group = "root";`
			`mode = "0400";`
			`};`
VEGAS: add backbone routing, portforward and peers 2021-10-16 21:18:53 +03:00
			`networking.wireguard = {`
			`enable = true;`
			`interfaces.wgautobahn = {`
			`ips = [ "10.15.0.1/30" ];`
			`listenPort = 51820;`
			`privateKeyFile = config.age.secrets.wireguard-key-wgautobahn.path;`

			`allowedIPsAsRoutes = true;`
			`peers = [`
			`# animus`
			`{`
			`publicKey = "CIJ8W5SDMyPnSZLN2CNplwhGaNPUGoLV0mdzoDHhxUo=";`
			`allowedIPs = [ "10.15.0.0/30" "10.150.0.0/16" ];`
			`endpoint = "116.202.226.86:53042";`
			`}`
			`];`
			`};`
services/backbone-routing: add Mullvad connection 2022-05-26 19:09:26 +03:00			`interfaces.wgmv-es7 = {`
			`ips = [ "10.66.207.76/32" ];`
			`privateKeyFile = config.age.secrets.wireguard-key-wgmv.path;`
			`allowedIPsAsRoutes = false;`
			`peers = [`
			`# es7-wireguard`
			`{`
			`publicKey = "azJb0GofbDjSh2KTPReEeVdB8QVs4QC7E57P7MC7dQg=";`
			`allowedIPs = [ "10.64.0.1/32" "0.0.0.0/0" ];`
			`endpoint = "45.134.213.207:51820";`
			`}`
			`];`
			`};`
			`};`
			`networking.interfaces = {`
			`wgmv-es7.ipv4.routes = [`
			`{ address = "10.64.0.1"; prefixLength = 32; }`
			`{ address = "10.124.0.0"; prefixLength = 16; }`
			`];`
VEGAS: add backbone routing, portforward and peers 2021-10-16 21:18:53 +03:00			`};`
			`}`