diff --git a/hosts/architect/bazarr.nix b/hosts/architect/bazarr.nix index 07d36fc..b2b305e 100644 --- a/hosts/architect/bazarr.nix +++ b/hosts/architect/bazarr.nix @@ -10,13 +10,12 @@ in }; architect.vhost.${domain} = with config.architect.networks; { - dnsInterfaces = [ "wireguard" "tailscale" ]; + dnsInterfaces = [ "tailscale" ]; locations."/" = { allowLan = true; port = 6767; allow = [ - wireguard.net tailscale.net ]; }; diff --git a/hosts/architect/calibre.nix b/hosts/architect/calibre.nix index 362a4f0..bd5fdd5 100644 --- a/hosts/architect/calibre.nix +++ b/hosts/architect/calibre.nix @@ -3,7 +3,7 @@ let domain = "books.giugl.io"; auth_block = (import ./openid.nix { inherit lib; }).openresty_oidc_block; - + utilities = import ./utilities.nix { inherit lib config; }; inherit (utilities) architectInterfaceAddress; in @@ -32,7 +32,6 @@ in networking.extraHosts = '' ${architectInterfaceAddress "lan"} ${domain} - ${architectInterfaceAddress "wireguard"} ${domain} ${architectInterfaceAddress "tailscale"} ${domain} ''; diff --git a/hosts/architect/default.nix b/hosts/architect/default.nix index 399ee7e..0d2cef1 100644 --- a/hosts/architect/default.nix +++ b/hosts/architect/default.nix @@ -22,7 +22,6 @@ in ./bazarr.nix ./nzbget.nix ./nextcloud.nix - ./wireguard.nix ./minio.nix ./matrix.nix ./fail2ban.nix diff --git a/hosts/architect/deluge.nix b/hosts/architect/deluge.nix index 8f2fcd3..04af420 100644 --- a/hosts/architect/deluge.nix +++ b/hosts/architect/deluge.nix @@ -39,14 +39,13 @@ in }; architect.vhost.${domain} = with config.architect.networks; { - dnsInterfaces = [ "lan" "wireguard" "tailscale" ]; + dnsInterfaces = [ "lan" "tailscale" ]; locations = { "/" = { allowLan = true; port = 8112; allow = [ - wireguard.net tailscale.net ]; }; diff --git a/hosts/architect/dns.nix b/hosts/architect/dns.nix index b1e4004..53d0e02 100644 --- a/hosts/architect/dns.nix +++ b/hosts/architect/dns.nix @@ -8,7 +8,7 @@ in firewall.openUDPVPN = [ 53 ]; vhost.${domain} = { - dnsInterfaces = [ "lan" "tailscale" "wireguard" ]; + dnsInterfaces = [ "lan" "tailscale" ]; locations."/" = with config; { port = services.adguardhome.settings.bind_port; diff --git a/hosts/architect/firewall.nix b/hosts/architect/firewall.nix index 255f46f..fbb0465 100644 --- a/hosts/architect/firewall.nix +++ b/hosts/architect/firewall.nix @@ -16,23 +16,6 @@ let (deviceAddress "tailscale" "kmerr") (deviceAddress "tailscale" "chuck") ]; - - wireguardToWAN = [ - (deviceAddress "wireguard" "shield") - (deviceAddress "wireguard" "parina") - (deviceAddress "wireguard" "parina-ipad") - (deviceAddress "wireguard" "germano") - ]; - - frameccaDevices = [ - (deviceAddress "wireguard" "framecca") - (deviceAddress "wireguard" "framecca_one") - (deviceAddress "wireguard" "framecca_two") - (deviceAddress "wireguard" "framecca_three") - (deviceAddress "wireguard" "framecca_four") - ]; - - clientToClientWireguard = frameccaDevices; in { networking = { @@ -71,9 +54,6 @@ in chain POSTROUTING { type nat hook postrouting priority srcnat; policy accept; - oifname ${lan.interface} ip saddr {${ - lib.concatStringsSep "," wireguardToWAN - }} masquerade oifname ${lan.interface} ip saddr ${docker.net} masquerade oifname ${lan.interface} ip saddr ${tailscale.net} masquerade } @@ -85,10 +65,8 @@ in ct state invalid,untracked drop comment "drop invalid" ip daddr 255.255.255.255 accept comment "allow broadcast traffic" ip daddr 224.0.0.0/4 accept comment "allow multicast traffic" - iifname ${lan.interface} ip saddr ${wireguard.net} drop comment "bind any ip to intf ${lan.interface}" iifname ${lan.interface} ip saddr 127.0.0.0/8 drop comment "bind any ip to intf ${lan.interface}" iifname ${lan.interface} accept comment "bind any ip to intf ${lan.interface}" - iifname ${wireguard.interface} ip saddr ${wireguard.net} accept comment "bind ip ${wireguard.net} to intf ${wireguard.interface}" iifname ${docker.interface} ip saddr ${docker.net} accept comment "bind ip ${docker.net} to intf ${docker.interface}" iifname ${tailscale.interface} ip saddr ${tailscale.net} accept iifname ${tailscale.interface} ip saddr 100.100.100.100/32 accept @@ -151,10 +129,6 @@ in iifname ${lan.interface} tcp dport {${openTCP}} accept iifname ${lan.interface} udp dport {${openUDP}} accept - iifname ${wireguard.interface} tcp dport {${openTCPVPN}} accept - iifname ${wireguard.interface} udp dport {${openUDPVPN}} accept - - iifname ${wireguard.interface} icmp type echo-request accept jump filter_drop } @@ -162,16 +136,6 @@ in type filter hook forward priority filter; policy drop; ct state established,related accept - # client to client - ip saddr {${lib.concatStringsSep "," clientToClientWireguard}} ip daddr {${ - lib.concatStringsSep "," clientToClientWireguard - }} accept - - # nat to wan - oifname ${lan.interface} ip saddr {${ - lib.concatStringsSep "," wireguardToWAN - }} accept - oifname ${lan.interface} ip saddr ${docker.net} accept oifname ${lan.interface} ip saddr ${tailscale.net} accept diff --git a/hosts/architect/gitea.nix b/hosts/architect/gitea.nix index 62eb732..aada4fd 100644 --- a/hosts/architect/gitea.nix +++ b/hosts/architect/gitea.nix @@ -7,7 +7,7 @@ in architect = { firewall.openTCP = [ config.services.gitea.settings.server.SSH_PORT ]; vhost.${domain} = { - dnsInterfaces = [ "lan" "tailscale" "wireguard" ]; + dnsInterfaces = [ "lan" "tailscale" ]; locations."/".port = config.services.gitea.settings.server.HTTP_PORT; }; }; diff --git a/hosts/architect/invidious.nix b/hosts/architect/invidious.nix index 6703ce1..fcab208 100644 --- a/hosts/architect/invidious.nix +++ b/hosts/architect/invidious.nix @@ -11,9 +11,9 @@ in hmac_key = "a2a91eca269d26de1221285e8981879834045bff"; }; }; - + architect.vhost.${domain} = { - dnsInterfaces = [ "lan" "tailscale" "wireguard" ]; + dnsInterfaces = [ "lan" "tailscale" ]; locations."/".port = config.services.invidious.port; }; } diff --git a/hosts/architect/jellyfin.nix b/hosts/architect/jellyfin.nix index 5d319e3..efef091 100644 --- a/hosts/architect/jellyfin.nix +++ b/hosts/architect/jellyfin.nix @@ -10,13 +10,12 @@ in systemd.services.jellyfin.serviceConfig.StateDirectory = lib.mkForce ""; architect.vhost.${domain} = with config.architect.networks; { - dnsInterfaces = [ "lan" "wireguard" "tailscale" ]; + dnsInterfaces = [ "lan" "tailscale" ]; locations = { "/" = { inherit port allowLan; allow = [ - wireguard.net tailscale.net ]; }; @@ -26,7 +25,6 @@ in proxyWebsockets = true; allow = [ - wireguard.net tailscale.net ]; }; diff --git a/hosts/architect/keycloak.nix b/hosts/architect/keycloak.nix index c8e7aa6..ad15fdb 100644 --- a/hosts/architect/keycloak.nix +++ b/hosts/architect/keycloak.nix @@ -76,7 +76,6 @@ in networking.extraHosts = '' ${architectInterfaceAddress "lan"} ${domain} - ${architectInterfaceAddress "wireguard"} ${domain} ${architectInterfaceAddress "tailscale"} ${domain} ''; } diff --git a/hosts/architect/libreddit.nix b/hosts/architect/libreddit.nix index c8313d3..55b28f6 100644 --- a/hosts/architect/libreddit.nix +++ b/hosts/architect/libreddit.nix @@ -8,9 +8,9 @@ in enable = true; port = 9090; }; - + architect.vhost.${domain} = { - dnsInterfaces = [ "lan" "tailscale" "wireguard" ]; + dnsInterfaces = [ "lan" "tailscale" ]; locations."/".port = config.services.libreddit.port; }; } diff --git a/hosts/architect/lidarr.nix b/hosts/architect/lidarr.nix index c07bc97..7dcd4ef 100644 --- a/hosts/architect/lidarr.nix +++ b/hosts/architect/lidarr.nix @@ -28,7 +28,6 @@ in networking.extraHosts = '' ${architectInterfaceAddress "lan"} ${domain} - ${architectInterfaceAddress "wireguard"} ${domain} ${architectInterfaceAddress "tailscale"} ${domain} ''; diff --git a/hosts/architect/matrix.nix b/hosts/architect/matrix.nix index b0753da..fe6ea6c 100644 --- a/hosts/architect/matrix.nix +++ b/hosts/architect/matrix.nix @@ -111,7 +111,6 @@ in networking.extraHosts = '' ${architectInterfaceAddress "lan"} ${domain} - ${architectInterfaceAddress "wireguard"} ${domain} ${architectInterfaceAddress "tailscale"} ${domain} ''; } diff --git a/hosts/architect/minecraft.nix b/hosts/architect/minecraft.nix index f2a4f24..0799a52 100644 --- a/hosts/architect/minecraft.nix +++ b/hosts/architect/minecraft.nix @@ -19,7 +19,6 @@ in networking.extraHosts = '' ${architectInterfaceAddress "lan"} ${domain} - ${architectInterfaceAddress "wireguard"} ${domain} ${architectInterfaceAddress "tailscale"} ${domain} ''; } diff --git a/hosts/architect/minio.nix b/hosts/architect/minio.nix index c8d0c7b..5573a9b 100644 --- a/hosts/architect/minio.nix +++ b/hosts/architect/minio.nix @@ -30,7 +30,6 @@ in networking.extraHosts = '' ${architectInterfaceAddress "lan"} ${domain} - ${architectInterfaceAddress "wireguard"} ${domain} ${architectInterfaceAddress "tailscale"} ${domain} ''; } diff --git a/hosts/architect/navidrome.nix b/hosts/architect/navidrome.nix index 753f059..b446da7 100644 --- a/hosts/architect/navidrome.nix +++ b/hosts/architect/navidrome.nix @@ -22,7 +22,7 @@ in }; architect.vhost.${domain} = { - dnsInterfaces = [ "lan" "tailscale" "wireguard" ]; + dnsInterfaces = [ "lan" "tailscale" ]; locations."/" = { port = 4533; allowLan = true; diff --git a/hosts/architect/nextcloud.nix b/hosts/architect/nextcloud.nix index 6c26f5c..ebfc176 100644 --- a/hosts/architect/nextcloud.nix +++ b/hosts/architect/nextcloud.nix @@ -78,7 +78,6 @@ in networking.extraHosts = '' ${architectInterfaceAddress "lan"} ${domain} - ${architectInterfaceAddress "wireguard"} ${domain} ${architectInterfaceAddress "tailscale"} ${domain} ''; diff --git a/hosts/architect/nzbget.nix b/hosts/architect/nzbget.nix index 180915e..7c90a8d 100644 --- a/hosts/architect/nzbget.nix +++ b/hosts/architect/nzbget.nix @@ -10,7 +10,7 @@ in }; architect.vhost.${domain} = { - dnsInterfaces = [ "tailscale" "wireguard" "lan" ]; + dnsInterfaces = [ "tailscale" "lan" ]; locations."/" = { port = 6789; diff --git a/hosts/architect/plex.nix b/hosts/architect/plex.nix index ea0c9df..9b25521 100644 --- a/hosts/architect/plex.nix +++ b/hosts/architect/plex.nix @@ -17,7 +17,7 @@ in }; architect.vhost.${domain} = with config.architect.networks; { - dnsInterfaces = [ "lan" "wireguard" "tailscale" ]; + dnsInterfaces = [ "lan" "tailscale" ]; locations = { "/" = { inherit port; @@ -25,7 +25,6 @@ in proxyWebsockets = true; # allowLan = true; # allow = [ - # wireguard.net # tailscale.net # ]; extraConfig = '' diff --git a/hosts/architect/prosody.nix b/hosts/architect/prosody.nix index d5c8302..ce6068a 100644 --- a/hosts/architect/prosody.nix +++ b/hosts/architect/prosody.nix @@ -45,7 +45,6 @@ in networking.extraHosts = '' ${architectInterfaceAddress "lan"} ${domain} - ${architectInterfaceAddress "wireguard"} ${domain} ${architectInterfaceAddress "tailscale"} ${domain} ''; diff --git a/hosts/architect/prowlarr.nix b/hosts/architect/prowlarr.nix index 2fff070..16c040a 100644 --- a/hosts/architect/prowlarr.nix +++ b/hosts/architect/prowlarr.nix @@ -7,7 +7,7 @@ in services.prowlarr.enable = true; architect.vhost.${domain} = { - dnsInterfaces = [ "tailscale" "wireguard" ]; + dnsInterfaces = [ "tailscale" ]; locations."/" = { port = 9696; diff --git a/hosts/architect/radarr.nix b/hosts/architect/radarr.nix index 46491cd..e056c44 100644 --- a/hosts/architect/radarr.nix +++ b/hosts/architect/radarr.nix @@ -10,13 +10,12 @@ in }; architect.vhost.${domain} = with config.architect.networks; { - dnsInterfaces = [ "wireguard" "tailscale" ]; + dnsInterfaces = [ "tailscale" ]; locations."/" = { port = 7878; allowLan = true; allow = [ - wireguard.net tailscale.net ]; }; diff --git a/hosts/architect/runas.nix b/hosts/architect/runas.nix index 2bcc112..4070ec4 100644 --- a/hosts/architect/runas.nix +++ b/hosts/architect/runas.nix @@ -43,7 +43,6 @@ in networking.extraHosts = '' ${architectInterfaceAddress "lan"} ${domain} - ${architectInterfaceAddress "wireguard"} ${domain} ${architectInterfaceAddress "tailscale"} ${domain} ''; } diff --git a/hosts/architect/sonarr.nix b/hosts/architect/sonarr.nix index acebe43..e730cc2 100644 --- a/hosts/architect/sonarr.nix +++ b/hosts/architect/sonarr.nix @@ -8,15 +8,15 @@ in enable = true; group = "media"; }; - + architect.vhost.${domain} = { - dnsInterfaces = [ "tailscale" "wireguard" ]; + dnsInterfaces = [ "tailscale" ]; locations."/" = { port = 6969; allowLan = true; }; }; - + users.groups.media.members = [ "sonarr" ]; } diff --git a/hosts/architect/tailscale.nix b/hosts/architect/tailscale.nix index de3dc13..5856cd0 100644 --- a/hosts/architect/tailscale.nix +++ b/hosts/architect/tailscale.nix @@ -19,7 +19,8 @@ in dodino = { address = "100.64.0.5"; hostname = "dodino.${domain}"; }; manduria = { address = "100.64.0.6"; hostname = "manduria.${domain}"; }; tommy = { address = "100.64.0.7"; hostname = "tommy.${domain}"; }; - ucsb-workstation = { address = "100.64.0.8"; hostname = "ucsb-workstation.${domain}"; }; + # ucsb-workstation = { address = "100.64.0.8"; hostname = "ucsb-workstation.${domain}"; }; + ucsb-workstation = { address = "100.64.0.10"; hostname = "ucsb-workstation.${domain}"; }; alfredo = { address = "100.64.0.9"; hostname = "alfredo.${domain}"; }; parallels = { address = "100.64.0.3"; hostname = "parallels.${domain}"; }; }; diff --git a/hosts/architect/wireguard.nix b/hosts/architect/wireguard.nix deleted file mode 100644 index d793151..0000000 --- a/hosts/architect/wireguard.nix +++ /dev/null @@ -1,218 +0,0 @@ -{ config, lib, ... }: - -let - listenPort = 1194; - domain = "devs.giugl.io"; - interface = "wireguard"; - - utilities = import ./utilities.nix { inherit lib config; }; - inherit (utilities) generateDeviceStrings getDeviceAddress; - - getWireguardDeviceAddress = getDeviceAddress "wireguard"; -in -{ - architect = { - firewall = { - openUDP = lib.singleton listenPort; - openUDPVPN = lib.singleton listenPort; - }; - - networks.${interface} = { - interface = "wg0"; - net = "10.3.0.0/24"; - devices = { - architect = { address = "10.3.0.1"; hostname = "architect.${domain}"; }; - antonio = { address = "10.3.0.6"; hostname = "antonio.${domain}"; }; - gbeast = { address = "10.3.0.7"; hostname = "gbeast.${domain}"; }; - shield = { address = "10.3.0.12"; hostname = "shield.${domain}"; }; - salvatore = { address = "10.3.0.16"; hostname = "salvatore.${domain}"; }; - papa = { address = "10.3.0.17"; hostname = "papa.${domain}"; }; - defy = { address = "10.3.0.18"; hostname = "defy.${domain}"; }; - germano = { address = "10.3.0.19"; hostname = "germano.${domain}"; }; - flavio = { address = "10.3.0.20"; hostname = "flavio.${domain}"; }; - alain = { address = "10.3.0.22"; hostname = "alain.${domain}"; }; - dima = { address = "10.3.0.23"; hostname = "dima.${domain}"; }; - mikey = { address = "10.3.0.24"; hostname = "mikey.${domain}"; }; - andrew = { address = "10.3.0.25"; hostname = "andrew.${domain}"; }; - mikeylaptop = { address = "10.3.0.26"; hostname = "mikeylaptop.${domain}"; }; - andrewdesktop = { address = "10.3.0.27"; hostname = "andrewdesktop.${domain}"; }; - jacopo = { address = "10.3.0.28"; hostname = "jacopo.${domain}"; }; - frznn = { address = "10.3.0.29"; hostname = "frznn.${domain}"; }; - ludo = { address = "10.3.0.30"; hostname = "ludo.${domain}"; }; - parina = { address = "10.3.0.31"; hostname = "parina.${domain}"; }; - nilo = { address = "10.3.0.32"; hostname = "nilo.${domain}"; }; - parina-ipad = { address = "10.3.0.33"; hostname = "parina-ipad.${domain}"; }; - kclvm = { address = "10.3.0.34"; hostname = "kclvm.${domain}"; }; - framecca = { address = "10.3.0.35"; hostname = "framecca.${domain}"; }; - framecca_one = { address = "10.3.0.36"; hostname = "framecca_one.${domain}"; }; - framecca_two = { address = "10.3.0.37"; hostname = "framecca_two.${domain}"; }; - framecca_three = { address = "10.3.0.38"; hostname = "framecca_three.${domain}"; }; - framecca_four = { address = "10.3.0.39"; hostname = "framecca_four.${domain}"; }; - }; - }; - }; - - networking = { - extraHosts = generateDeviceStrings config.architect.networks.wireguard.devices; - - wireguard = { - interfaces.${config.architect.networks.wireguard.interface} = { - inherit listenPort; - - ips = [ "${config.architect.networks.wireguard.devices.architect.address}/24" ]; - privateKeyFile = "/secrets/wireguard/server.key"; - - peers = [ - { - # Antonio - allowedIPs = [ (getWireguardDeviceAddress "antonio") ]; - publicKey = "SPndCvEzuLHtGAQV8u/4dfLlFHoPcXS3L98oFOwTljc="; - } - - { - # GBEAST - allowedIPs = [ (getWireguardDeviceAddress "gbeast") ]; - publicKey = "XiK+wk+DErz0RmCWRxuaJN1cvdj+3DoiU6tcR+uZfAI="; - } - - { - # shield - allowedIPs = [ (getWireguardDeviceAddress "shield") ]; - publicKey = "1GaV/M48sHqQTrBVRQ+jrFU2pUMmv2xkguncVcwPCFs="; - } - - { - # salvatore - allowedIPs = [ (getWireguardDeviceAddress "salvatore") ]; - publicKey = "fhlnBHeMyHZKLUCTSA9kmkKoM5x/qzz/rnCJrUh3Gzs="; - } - - { - # papa - allowedIPs = [ (getWireguardDeviceAddress "papa") ]; - publicKey = "oGHygt02Oni3IFbScKD0NVEfHKCp6bpw68aq5g4RrAA="; - } - - { - # defy - allowedIPs = [ (getWireguardDeviceAddress "defy") ]; - publicKey = "Cvi/eto7E6Ef+aiL81ou7x12fJCeuXrf/go9fxEqXG4="; - } - - { - # germano - allowedIPs = [ (getWireguardDeviceAddress "germano") ]; - publicKey = "LJ0DHY1sFVLQb3ngUGGH0HxbDOPb9KCUPSaYcjr5Uiw="; - } - - { - # flavio - allowedIPs = [ (getWireguardDeviceAddress "flavio") ]; - publicKey = "Yg0P+yHi/9SZHyoel8jT9fmmu+irLYmT8yMp/CZoaSg="; - } - - { - # alain - allowedIPs = [ (getWireguardDeviceAddress "alain") ]; - publicKey = "/o2msFJoUL4yovcIQJTU8c1faFtekrjSBBWJABouWno="; - } - - { - # dima - allowedIPs = [ (getWireguardDeviceAddress "dima") ]; - publicKey = "svzWYIZ6v+cLCp/emGG7mx2YpBJqw2fqjVuHZy7b6H0="; - } - - { - # mikey - allowedIPs = [ (getWireguardDeviceAddress "mikey") ]; - publicKey = "ewbDdX3z7nxG2aPIf9TogXkhxPlGipLFcy6XfyDC6gI="; - } - - { - # andrew - allowedIPs = [ (getWireguardDeviceAddress "andrew") ]; - publicKey = "LP/FgST9fmBQSoKQFq9sFGvjRFOtRooMcuEcjuqaoWM="; - } - - { - # mikey laptop - allowedIPs = [ (getWireguardDeviceAddress "mikeylaptop") ]; - publicKey = "kz/pY/PgV+dwF1JZ2It4r5B5QfRSQM7HkbFCdvd5Yxk="; - } - - { - # andrew desktop - allowedIPs = [ (getWireguardDeviceAddress "andrewdesktop") ]; - publicKey = "rpYr3JNLIzxpxzFuQuaHFEl/XvPEPfwLbDETBP8KYXI="; - } - - { - # laptop desktop - allowedIPs = [ (getWireguardDeviceAddress "jacopo") ]; - publicKey = "W/taWI79bPIKOolVVu5xZfiJnPw9K91Xn1zhcM0+4g0="; - } - - { - # frznn - allowedIPs = [ (getWireguardDeviceAddress "frznn") ]; - publicKey = "dXcrdME6VnnE5PBYwvUmayf7cn2wpcExeCR9gIXOO0o="; - } - - { - # ludo - allowedIPs = [ (getWireguardDeviceAddress "ludo") ]; - publicKey = "ecrxdzx7tQZwMPxZOjHUvxZT2xY79B6XEDIW+fhEtEM="; - } - - { - # parina - allowedIPs = [ (getWireguardDeviceAddress "parina") ]; - publicKey = "7nubNnfGsg4/7KemMDn9r99mNK8RFU9uOFFqaYv6rUA="; - } - - { - # nilo - allowedIPs = [ (getWireguardDeviceAddress "nilo") ]; - publicKey = "lhTEDJ9WnizvEHTd5kN21fTHF27HNk+fPLQnB1B3LW0="; - } - - { - # parina ipad - allowedIPs = [ (getWireguardDeviceAddress "parina-ipad") ]; - publicKey = "ezkCzl2qC7Hd7rFKfqMa0JXDKRhVqy79H52rA06x7mU="; - } - - { - # kcl vm - allowedIPs = [ (getWireguardDeviceAddress "kclvm") ]; - publicKey = "jVBaY8AhgAA7myVjU/PJPDUCOjsCi23LT+pGZUoNEkE="; - } - - { - allowedIPs = [ (getWireguardDeviceAddress "framecca") ]; - publicKey = "w0XPu5GcDA2vpNk3KCFRdWNVVQHRtAPApEsK1h3Ovyk="; - } - - { - allowedIPs = [ (getWireguardDeviceAddress "framecca_one") ]; - publicKey = "5PnmExv78fU3SS8liUWY/oBCcJ48wzmz/70O0U7K/xs="; - } - - { - allowedIPs = [ (getWireguardDeviceAddress "framecca_two") ]; - publicKey = "FbWfh2rL3OYLTDIte+MgctqL/bphn38eqpNy/chc3wM="; - } - { - allowedIPs = [ (getWireguardDeviceAddress "framecca_three") ]; - publicKey = "Z3LRFs6CO0kUh4J3pf+HcPsWch3hUAwJBG8/b0Kqnxs="; - } - { - allowedIPs = [ (getWireguardDeviceAddress "framecca_four") ]; - publicKey = "g/Ta12igzxSlCxy7KP865qf+l3+r1LjOo6UXjulmPBc="; - } - ]; - }; - }; - }; -}