VEGAS/peering: switch to es1, rekey

2022-07-24 22:44:55 +02:00 · 2022-07-24 22:44:55 +02:00 · 06fb64bd9d
commit 06fb64bd9d
parent d905231a6a
4 changed files with 22 additions and 18 deletions
--- a/hosts/VEGAS/services/backbone-routing/peering.nix
+++ b/hosts/VEGAS/services/backbone-routing/peering.nix
@ -35,22 +35,22 @@
        }
      ];
    };
-    interfaces.wgmv-es7 = {
-      ips = [ "10.66.207.76/32" ];
+    interfaces.wgmv-es1 = {
+      ips = [ "10.65.193.152/32" ];
      privateKeyFile = config.age.secrets.wireguard-key-wgmv.path;
      allowedIPsAsRoutes = false;
      peers = [
-        # es7-wireguard
+        # es1-wireguard
        {
-          publicKey = "azJb0GofbDjSh2KTPReEeVdB8QVs4QC7E57P7MC7dQg=";
+          publicKey = "hDflDse0Nz7GsZ0q5uylWOJaJQ6woJPCGy8IvTXKjzo=";
          allowedIPs = [ "10.64.0.1/32" "0.0.0.0/0" ];
-          endpoint = "45.134.213.207:51820";
+          endpoint = "194.99.104.10:51820";
        }
      ];
    };
  };
  networking.interfaces = {
-    wgmv-es7.ipv4.routes = [
+    wgmv-es1.ipv4.routes = [
      { address = "10.64.0.1"; prefixLength = 32; }
      { address = "10.124.0.0"; prefixLength = 16; }
    ];
--- a/hosts/VEGAS/services/fbi/default.nix
+++ b/hosts/VEGAS/services/fbi/default.nix
@ -42,7 +42,7 @@ with tools.nginx;
  systemd.services.radarr.serviceConfig.Slice = "mediamanagement.slice";
  systemd.services.sonarr.serviceConfig.Slice = "mediamanagement.slice";
  systemd.services.prowlarr = {
-    after = [ "wireguard-wgmv-es7.service" "network-addresses-wgmv-es7.service" ];
+    after = [ "wireguard-wgmv-es1.service" "network-addresses-wgmv-es1.service" ];
    serviceConfig = {
      Slice = "mediamanagement.slice";
      IPAddressDeny = [ "any" ];
--- a/hosts/VEGAS/services/searxng/default.nix
+++ b/hosts/VEGAS/services/searxng/default.nix
@ -59,5 +59,5 @@ in
  services.nginx.virtualHosts."search.${tools.meta.domain}" = lib.recursiveUpdate (tools.nginx.vhosts.proxy links.searxng.url) {
    extraConfig = "access_log off;";
  };
-  systemd.services.uwsgi.after = [ "wireguard-wgmv-es7.service" "network-addresses-wgmv-es7.service" ];
+  systemd.services.uwsgi.after = [ "wireguard-wgmv-es1.service" "network-addresses-wgmv-es1.service" ];
 }
--- a/secrets/wireguard-key-wgmv.age
+++ b/secrets/wireguard-key-wgmv.age
@ -1,11 +1,15 @@
 age-encryption.org/v1
-> ssh-ed25519 NO562A eC6bEAR5fxQ1U2tBNdYVBPLBM7rDcFYDDZd1oWtb1Hw
-/Efcbzyc8I8SaJW/wh9Lzamp0ZB7jAKxJh73/X+Jy5A
-> ssh-ed25519 5/zT0w J5P8XAcREK8elnqhkfTW+rbd2NrMOT2yJBj0QyxCRDE
-jwEJkHJBUTyiailTw6+Z3BytiiGEYtb26b1R+qcnXD8
-> ssh-ed25519 d3WGuA Xc11x0GvIVePn9SsMYc/LT17/JbDGHrSz+gekxvwcgI
-1j/dFaRlYVjpdbdHKnnhrmxqUh6YjJbsYV3hZg2I50M
-> Z-grease PGM
-XPF0DZ6AXL4QrteN
--- 4MLtCMJYBipDGb9zfTUopTQThvfYP+mMv+B7UzMGx/k
-ê‡‡”²³ÕÑ×|µ7yöÀêsh÷@:03ÿV§[÷¸Q1™ßL"Ò<>fUÔs*Oº“è#8êÍ ÆÐó_\*£bX9–üÝm
+-> ssh-ed25519 NO562A Yqw6ZW3GC6My0GNy+B9iGv+8k/Y1tuH1SD/SBF1dn34
+nvsTJSRvq4QC9mTe+s8d3PVB+Uf/nlPyJGsrJfPdYkc
+-> ssh-ed25519 5/zT0w aS4ksOjxZxG4N2jWyR70AfATJ+PlYWW46pCWn81ISiY
+AVDPZMF6bIBfXdxNU36txdgXv1P0X9M1Uy3IUQW2Oec
+-> ssh-ed25519 d3WGuA tLF+tJTDhIhFCz4xm/RivYLcjdXtwH3Wuqjh4SQjsHo
+cUgcWcY5ZRPDYW2x1LabxaMew2Givuv43vDZ9jjZBfk
+-> $5-grease Jibnk^e) wgC ~5`3e.> -."P+F
+b8pXmgk6nKXc62bo60f09nMgIAkoQuuwl1Jp8ophR+1WAeWpxcn9fdaKcbKd438F
+n3qkOV3jNaiIFixhCoZDYFRm09YlJ0zLTQ1EJ2+g
+--- NECYPH6Qgsg//ur8pAp+DeCGmBG7Rh9Mv/VkQdnhxOo
+^¤Ç¤?– èìN¢ß%·”tU‡zm‡¾°‡VO<56>–B»8|Fù%´=
+ˆÏÊ°-+”#ký¾œ#!¢ÕBØI
+	£Ì
+F`äóÁñK