Add new peers
This commit is contained in:
parent
71e55e9fb4
commit
1e5e3256e1
SSH Key Fingerprint:
SHA256:UD/wIBTyCGmuqRq6a1PsiwTehUPikHbuClpnk0U1mdo
|
|
@ -9,8 +9,10 @@ in {
|
|||
sops.secrets."svc-wireguard-key" = {};
|
||||
sops.secrets."svc-wireguard-psk-0-2" = {};
|
||||
sops.secrets."svc-wireguard-psk-1-1" = {};
|
||||
sops.secrets."svc-wireguard-psk-1-2" = {};
|
||||
sops.secrets."svc-wireguard-psk-2-1" = {};
|
||||
sops.secrets."svc-wireguard-psk-3-1" = {};
|
||||
sops.secrets."svc-wireguard-psk-4-1" = {};
|
||||
|
||||
boot.kernel.sysctl."net.ipv4.ip_forward" = true;
|
||||
|
||||
|
|
@ -31,12 +33,14 @@ in {
|
|||
postSetup = ''
|
||||
${iptables} -A FORWARD -i ${interface} -o ${interface} -d 10.193.0.2 -p tcp -m multiport --dports 139,445 -j ACCEPT
|
||||
${iptables} -A FORWARD -i ${interface} -o ${interface} -d 10.193.0.2 -p udp -m multiport --dports 139,445 -j ACCEPT
|
||||
${iptables} -A FORWARD -i ${interface} -o ${interface} -d 10.193.4.1 -p tcp -m multiport --dports 49022 -j ACCEPT
|
||||
${iptables} -A FORWARD -i ${interface} -o ${interface} -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
|
||||
${iptables} -A FORWARD -i ${interface} -o ${interface} -j DROP
|
||||
'';
|
||||
preShutdown = ''
|
||||
${iptables} -D FORWARD -i ${interface} -o ${interface} -d 10.193.0.2 -p tcp -m multiport --dports 139,445 -j ACCEPT
|
||||
${iptables} -D FORWARD -i ${interface} -o ${interface} -d 10.193.0.2 -p udp -m multiport --dports 139,445 -j ACCEPT
|
||||
${iptables} -D FORWARD -i ${interface} -o ${interface} -d 10.193.0.2 -p tcp -m multiport --dports 139,445 -j ACCEPT
|
||||
${iptables} -D FORWARD -i ${interface} -o ${interface} -d 10.193.4.1 -p tcp -m multiport --dports 49022 -j ACCEPT
|
||||
${iptables} -D FORWARD -i ${interface} -o ${interface} -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
|
||||
${iptables} -D FORWARD -i ${interface} -o ${interface} -j DROP
|
||||
'';
|
||||
|
|
@ -52,6 +56,11 @@ in {
|
|||
allowedIPs = ["10.193.1.1/32"];
|
||||
presharedKeyFile = config.sops.secrets."svc-wireguard-psk-1-1".path;
|
||||
}
|
||||
{
|
||||
publicKey = "acLrMesy/gPvmUQKSJY42X9+WlMW9nwc8dYcreivtDo=";
|
||||
allowedIPs = ["10.193.1.2/32"];
|
||||
presharedKeyFile = config.sops.secrets."svc-wireguard-psk-1-2".path;
|
||||
}
|
||||
{
|
||||
publicKey = "E+cApvpWOfwehlwDxA8paR/fWZq8iozSofTSRA7dBx0=";
|
||||
allowedIPs = ["10.193.2.1/32"];
|
||||
|
|
@ -62,6 +71,11 @@ in {
|
|||
allowedIPs = ["10.193.3.1/32"];
|
||||
presharedKeyFile = config.sops.secrets."svc-wireguard-psk-3-1".path;
|
||||
}
|
||||
{
|
||||
publicKey = "mMLd7efRu2BCdv+X+jzRtz1U1EnCU5hzGb7G0x3N7jY=";
|
||||
allowedIPs = ["10.193.4.1/32"];
|
||||
presharedKeyFile = config.sops.secrets."svc-wireguard-psk-4-1".path;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -11,8 +11,10 @@ svc-nebula-key: ENC[AES256_GCM,data:utJO5t4mq4tmAkAv9A2tcClM3nxLxMSWiz/bUoq8Pkbn
|
|||
svc-wireguard-key: ENC[AES256_GCM,data:dmxJ07UnQAtet4RtlVXEMFLVKxOU44XQcUW7h7UPbLG9chiQeXGkZkkTihs=,iv:bEA9+DYDBLo1dgrCSrIpa1ig9JJEtXeJF5ZmtdsAO3s=,tag:tyLB5Dd9uolalSzddC608A==,type:str]
|
||||
svc-wireguard-psk-0-2: ENC[AES256_GCM,data:0sTGYa3HUe70hYJZnPy9w0iG37aRDTplmdvGdc5C8KN8Dg5XbVc2CmVS1r4=,iv:9Dnr3BYhzKKOZ7S565HY4CkhgPv1JEd3Zk7662/cd9s=,tag:Dd0BLrIjfX0F2lBan59jUg==,type:str]
|
||||
svc-wireguard-psk-1-1: ENC[AES256_GCM,data:YbxjRleUWTr1+rZyzZ+5vB9Po/V0T1mYhH+H8igjascGV/Oo4lPn1xoYqLg=,iv:+fcWdpRqR7GU5UXug+6GCX9Be5DoE944T5PIm0csgEU=,tag:3mGEL3KYjfSJ9uM+i6Wirg==,type:str]
|
||||
svc-wireguard-psk-1-2: ENC[AES256_GCM,data:K7tml5C3DEFkyJCf/U/CqNIcYIm4xDTmUQJTNw1AOgnxjWQhcfXDAU9xfME=,iv:h3xL81wHb4itBKo4+wUPbxxlzZNpbM7yfjIryBc+nfg=,tag:+5aXxvMi8j9fH9ZcrUVAUQ==,type:str]
|
||||
svc-wireguard-psk-2-1: ENC[AES256_GCM,data:+80iLdsHE0rtM1rVb4xUfzOwpMSOqgxtuKWg4d7Kj7kDuvrCrHPX83NruNo=,iv:HDfGq2o41qTyUU3PwfUvJJcb88JIcbW3yrfqRY8lBxY=,tag:+jWwRf5vqSriCOKdOu3Qag==,type:str]
|
||||
svc-wireguard-psk-3-1: ENC[AES256_GCM,data:USX+fQeT+f+ZU8R7pgIXYPBd4f+8BGrFpuJwxCLprkhhxEY2U8kz85zg8Tw=,iv:QxzQyJEIqoT7szXBgE6M2qd0MeO8Y2e4wLRY9PH0x9M=,tag:kWLwR18SVfj52xkN4tJM7g==,type:str]
|
||||
svc-wireguard-psk-4-1: ENC[AES256_GCM,data:gQmzz0CP3b6aLLe1ucGTHmSpTP9RHDAhpnqkQci8RLdm2gQNIxfU5ASmSW8=,iv:Klq6y+81EqjQXZNDpnmPKhq8+gCtWklq09bzlKwm9Ys=,tag:H0GoCLLcVMC8FtzFx9HyPA==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1yubikey1qg5k0y844v5e79uwax3r00u7zdljwnjlrmwvdr3st9m5a3ra5098qy0sjdj
|
||||
|
|
@ -43,7 +45,7 @@ sops:
|
|||
NVREcHJGWWIvY0Z1OGt4cGN6am1RaXMKAnlb8FOJ1wO5qtcmej57s7rhWjv5wqIn
|
||||
nCUJX0R7s0/KH3aj98bX/4hQg2ZAw1l+xViOOIfwfRnzLWeyaAnk5A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-05-27T20:27:04Z"
|
||||
mac: ENC[AES256_GCM,data:fUiMamMjX8LeSlBfAFMNfKct47gWeSdUOKhLHiIfQ+9WqjoypELkJUrgvfS6KzBFf/Hs5vb9hfHP3CNhrFspQvUJ2GbcK1OoaFQG5nN98k9LWmU3EY46YKQkIpHX0408B5EAubtVka7S2Tc3LxYiJqDn8nqKNkNZiaeuk5n4scY=,iv:/Od64mA8S3I1d665Uxs8mxjKqThdm/IaBWZPTtV2lUQ=,tag:ko7tTXbc58vVsfVcYGIp1g==,type:str]
|
||||
lastmodified: "2025-05-31T00:25:25Z"
|
||||
mac: ENC[AES256_GCM,data:dpaVHzh3xF1A3UgjbtYEmKVk4VQSX5r2e+IMVPruJLgMTmGMByMsWwY+n46XcGUJWem4W60upcU/NL9WCFKwoSBk9lPsbm/w34G0xquAfI9m0m9CoddRRuZfhI4Q/J0jcVAH2JebryVrQXJNUuB2tQ9MkIjXjYIONiMF831O2D0=,iv:ex3+hDvkbW+tWjZqhaOf+WXEvhJTzuGxXffFxUahiiM=,tag:h72Zq8H6gOC6Cl4jJoyBrw==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
|
|
|
|||
Loading…
Reference in New Issue