Merge remote-tracking branch 'prism/master'

1 files changed, 24 insertions, 2 deletions

diff --git a/makefu/1systems/vbob/config.nix b/makefu/1systems/vbob/config.nix
index f318c0e61..ffd9deaee 100644
--- a/makefu/1systems/vbob/config.nix
+++ b/makefu/1systems/vbob/config.nix
@@ -7,7 +7,8 @@
       <stockholm/makefu>
       {
         imports = [<stockholm/makefu/2configs/fs/single-partition-ext4.nix> ];
-        boot.loader.grub.device = "/dev/vda";
+        boot.loader.grub.device = "/dev/sda";
+        virtualisation.virtualbox.guest.enable = true;
       }
       # {
       #   imports = [
@@ -49,6 +50,27 @@
 
       # environment
       <stockholm/makefu/2configs/tinc/retiolum.nix>
+      (let
+        gum-ip = config.krebs.hosts.gum.nets.internet.ip4.addr;
+        gateway = "10.0.2.2";
+      in {
+        # make sure the route to gum gets added after the network is online
+        systemd.services.wireguard-wg0.after = [ "network-online.target" ];
+        networking.wireguard.interfaces.wg0 = {
+          ips = [ "10.244.0.3/24" ];
+          privateKeyFile = (toString <secrets>) + "/wireguard.key";
+          # explicit route via eth0 to gum
+          preSetup = ["${pkgs.iproute}/bin/ip route add ${gum-ip} via ${gateway}"];
+          peers = [
+          { # gum
+            endpoint = "${gum-ip}:51820";
+            allowedIPs = [ "0.0.0.0/0" "10.244.0.0/24" ];
+            publicKey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo=";
+            persistentKeepalive = 25;
+          }
+          ];
+        };
+      })
 
     ];
   networking.extraHosts = import (toString <secrets/extra-hosts.nix>);
@@ -90,5 +112,5 @@
     8010
   ];
 
-
+  systemd.services."serial-getty@ttyS0".enable = true;
 }