From e33f18e990e2fff9b6d2e624b0de05183cd9640d Mon Sep 17 00:00:00 2001 From: Felix Schulze Date: Thu, 26 Jun 2025 10:05:01 +0200 Subject: [PATCH] VPN updates vpn interface names vpn config fix --- hosts/hurricane/vpn.nix | 41 +++++++++++++++++++++++++++++++++++++++- hosts/wildfire/vpn.nix | 42 +++++++++++++++++++++++++++++++++++++++-- 2 files changed, 80 insertions(+), 3 deletions(-) diff --git a/hosts/hurricane/vpn.nix b/hosts/hurricane/vpn.nix index cc18f55..6aa5df3 100644 --- a/hosts/hurricane/vpn.nix +++ b/hosts/hurricane/vpn.nix @@ -1,6 +1,6 @@ { networking.wg-quick.interfaces = { - wg-hurricane = { + wg-felix = { address = ["10.8.0.4/24"]; dns = ["192.168.0.128"]; privateKeyFile = "/home/schulze/Nextcloud/secrets/wireguard/Felix-Hurricane-pk"; @@ -15,5 +15,44 @@ } ]; }; + + wg-csb = { + address = ["192.168.108.17/22" "2a02:9a0:102:108::17/64"]; + privateKeyFile = "/home/schulze/Nextcloud/secrets/wireguard/CSB-Hurricane-pk"; + peers = [ + { + publicKey = "mTORKHkPcp9+c7VXqVfVseIOQZuJftoUYA0pBe87bDQ="; + allowedIPs = ["172.18.0.0/16" "192.168.3.0/24" "192.168.108.0/22" "2a02:9a0:102:108::/64" "2a02:9a0:ffff::/48"]; + endpoint = "prod-net-vpn1.infra.brainmill.com:51819"; + persistentKeepalive = 25; + } + ]; + }; + + wg-fg = { + address = ["10.255.11.11/24" "2a02:9a0:300:fff0:11::11/64"]; + privateKeyFile = "/home/schulze/Nextcloud/secrets/wireguard/FG-Hurricane-pk"; + peers = [ + { + publicKey = "h/BUyzXy0Xo4KJKS/U5V4C9rDJT3fWjjiZoy0I7P+H4="; + allowedIPs = ["10.0.0.0/8" "192.168.10.0/24" "2a02:9a0:300:fff0::/48"]; + endpoint = "gw1.net.chsfg.se:51831"; + persistentKeepalive = 25; + } + ]; + }; + + wg-neanet = { + address = ["192.168.108.25/32" "2a09:2681:204:1::27/64"]; + privateKeyFile = "/home/schulze/Nextcloud/secrets/wireguard/Neanet-Hurricane-pk"; + peers = [ + { + publicKey = "nz1m0crkdarW7y+/p6hKCGncMVHlVhbz0URA6Z71RmM="; + allowedIPs = ["2a09:2681:204:1::/64" "2a09:2681:ffff:13::/64" "2a09:2681:ffff:14::/64" "2a09:2681:ffff:15::/64" "2a09:2681:ffff:16::/64" "172.18.255.0/24"]; + endpoint = "prod-jump-got1.infra.brainmill.com:51820"; + persistentKeepalive = 25; + } + ]; + }; }; } diff --git a/hosts/wildfire/vpn.nix b/hosts/wildfire/vpn.nix index 4a8708d..b7873ad 100644 --- a/hosts/wildfire/vpn.nix +++ b/hosts/wildfire/vpn.nix @@ -1,10 +1,9 @@ { networking.wg-quick.interfaces = { - wg-wildfire = { + wg-felix = { address = ["10.8.0.5/24"]; dns = ["192.168.0.128"]; privateKeyFile = "/home/schulze/Nextcloud/secrets/wireguard/Felix-Wildfire-pk"; - peers = [ { publicKey = "a35ZSWhBNzPFkf1RCkg4E7cNnUdGGOr4CsA0EM65H0g="; @@ -15,5 +14,44 @@ } ]; }; + + wg-csb = { + address = ["192.168.108.27/22" "2a02:9a0:102:108::b/64"]; + privateKeyFile = "/home/schulze/Nextcloud/secrets/wireguard/CSB-Wildfire-pk"; + peers = [ + { + publicKey = "mTORKHkPcp9+c7VXqVfVseIOQZuJftoUYA0pBe87bDQ="; + allowedIPs = ["172.18.0.0/16" "192.168.3.0/24" "192.168.108.0/22" "2a02:9a0:102:108::/64" "2a02:9a0:ffff::/48"]; + endpoint = "prod-net-vpn1.infra.brainmill.com:51819"; + persistentKeepalive = 25; + } + ]; + }; + + # wg-fg = { + # address = ["10.255.11.11/24" "2a02:9a0:300:fff0:11::11/64"]; + # privateKeyFile = "/home/schulze/Nextcloud/secrets/wireguard/FG-Wildfire-pk"; + # peers = [ + # { + # publicKey = "h/BUyzXy0Xo4KJKS/U5V4C9rDJT3fWjjiZoy0I7P+H4="; + # allowedIPs = ["10.0.0.0/8" "192.168.10.0/24" "2a02:9a0:300:fff0::/48"]; + # endpoint = "gw1.net.chsfg.se:51831"; + # persistentKeepalive = 25; + # } + # ]; + # }; + # + # wg-neanet = { + # address = ["192.168.108.25/32" "2a09:2681:204:1::27/64"]; + # privateKeyFile = "/home/schulze/Nextcloud/secrets/wireguard/Neanet-Wildfire-pk"; + # peers = [ + # { + # publicKey = "nz1m0crkdarW7y+/p6hKCGncMVHlVhbz0URA6Z71RmM="; + # allowedIPs = ["2a09:2681:204:1::/64" "2a09:2681:ffff:13::/64" "2a09:2681:ffff:14::/64" "2a09:2681:ffff:15::/64" "2a09:2681:ffff:16::/64" "172.18.255.0/24"]; + # endpoint = "prod-jump-got1.infra.brainmill.com:51820"; + # persistentKeepalive = 25; + # } + # ]; + # }; }; }