diff options
author | makefu <github@syntax-fehler.de> | 2018-01-06 20:53:33 +0100 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2018-01-06 20:53:33 +0100 |
commit | de01eae264ee72f1bddb42ae0a33defc66486f4f (patch) | |
tree | 6357886b9c2d8c37efe0b3a6ea157c0eba61e0aa /makefu | |
parent | 9cf88110a69b7f3902d29e9f252a0b40d2bc5f9f (diff) |
ma vbob.r: add default routing through wireguard
Diffstat (limited to 'makefu')
-rw-r--r-- | makefu/1systems/vbob/config.nix | 32 |
1 files changed, 30 insertions, 2 deletions
diff --git a/makefu/1systems/vbob/config.nix b/makefu/1systems/vbob/config.nix index f318c0e61..7552c6982 100644 --- a/makefu/1systems/vbob/config.nix +++ b/makefu/1systems/vbob/config.nix @@ -7,7 +7,8 @@ <stockholm/makefu> { imports = [<stockholm/makefu/2configs/fs/single-partition-ext4.nix> ]; - boot.loader.grub.device = "/dev/vda"; + boot.loader.grub.device = "/dev/sda"; + virtualisation.virtualbox.guest.enable = true; } # { # imports = [ @@ -49,6 +50,33 @@ # environment <stockholm/makefu/2configs/tinc/retiolum.nix> + (let + gum-ip = config.krebs.hosts.gum.nets.internet.ip4.addr; + Gateway = "10.0.2.2"; + in { + networking.localCommands = '' + ip route add ${gum-ip} via ${Gateway} + ''; + systemd.network.networks.enp0s3.routes = [{ + inherit Gateway; # TODO + Destination = gum-ip; + }]; + networking.wireguard.interfaces.wg0 = { + ips = [ "10.244.0.3/24" ]; + privateKeyFile = (toString <secrets>) + "/wireguard.key"; + allowedIPsAsRoutes = true; + # explicit route via eth0 to gum + peers = [ + { + # gum + endpoint = "${gum-ip}:51820"; + # allowedIPs = [ "10.244.0.0/24" ]; + allowedIPs = [ "0.0.0.0/0" ]; + publicKey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo="; + } + ]; + }; + }) ]; networking.extraHosts = import (toString <secrets/extra-hosts.nix>); @@ -90,5 +118,5 @@ 8010 ]; - + systemd.services."serial-getty@ttyS0".enable = true; } |