cluster/services/wireguard: add external etcd node to mesh net
This commit is contained in:
parent
d433173616
commit
f5d5c3e538
1 changed files with 8 additions and 1 deletions
|
@ -11,6 +11,13 @@ let
|
||||||
allowedIPs = [ "${peerLink.extra.meshIp}/32" ] ++ peerLink.extra.extraRoutes;
|
allowedIPs = [ "${peerLink.extra.meshIp}/32" ] ++ peerLink.extra.extraRoutes;
|
||||||
endpoint = peerLink.tuple;
|
endpoint = peerLink.tuple;
|
||||||
};
|
};
|
||||||
|
extraPeers = [
|
||||||
|
{
|
||||||
|
publicKey = "Veol/Yw5Nf3eZVSGynLZIuR2kvnyGynexzQ8GhdDQWo=";
|
||||||
|
allowedIPs = [ "10.1.1.151/32" ];
|
||||||
|
endpoint = "pve-etcd-node-fb2465761cf3ce658e6b410bbcf1f2db.fly.dev:51280";
|
||||||
|
}
|
||||||
|
];
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
age.secrets.wireguard-key-core = {
|
age.secrets.wireguard-key-core = {
|
||||||
|
@ -30,7 +37,7 @@ in
|
||||||
ips = [ "${link.extra.meshIp}/24" ];
|
ips = [ "${link.extra.meshIp}/24" ];
|
||||||
listenPort = link.port;
|
listenPort = link.port;
|
||||||
privateKeyFile = config.age.secrets.wireguard-key-core.path;
|
privateKeyFile = config.age.secrets.wireguard-key-core.path;
|
||||||
peers = map mkPeer cluster.config.services.wireguard.otherNodes.mesh;
|
peers = map mkPeer cluster.config.services.wireguard.otherNodes.mesh ++ extraPeers;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue