wireguard: Removed unused if. Renamed personal devices

tailscale: Added additional DNS entries
network: Added IPs of some tailscale devices
2023-02-08 08:42:33 +01:00 · 2023-02-08 08:41:59 +01:00 · 2023-02-08 08:41:21 +01:00 · 2023-02-08 08:40:58 +01:00
4 changed files with 11 additions and 17 deletions
--- a/hosts/architect/firewall.nix
+++ b/hosts/architect/firewall.nix
@ -157,12 +157,11 @@ in {
                    ip daddr 255.255.255.255 accept comment "allow broadcast traffic"
                    ip daddr 224.0.0.0/4 accept comment "allow multicast traffic"
                    ip saddr ${lan-net} accept comment "lan > local"
+                    ip saddr ${tailscale-net} accept comment "tailscale > local"
                    ip saddr {${lib.concatStringsSep "," gdevices-wg}} accept comment "vpn > local"

                    iifname ${wan-if} tcp dport {${open_tcp_ports}} accept
                    iifname ${wan-if} udp dport {${open_udp_ports}} accept
-                    iifname ${tailscale-if} tcp dport {${open_tcp_ports_vpn}} accept
-                    iifname ${tailscale-if} udp dport {${open_udp_ports_vpn}} accept
                    iifname ${vpn-if} tcp dport {${open_tcp_ports_vpn}} accept
                    iifname ${vpn-if} udp dport {${open_udp_ports_vpn}} accept
                    iifname ${vpn-if} icmp type echo-request accept
--- a/hosts/architect/network.nix
+++ b/hosts/architect/network.nix
@ -56,7 +56,10 @@ rec {
  hotpottino-wg = "10.3.0.201";
  dodino-wg = "10.3.0.202";

+  giuliophone-ts = "100.68.68.46";
  architect-ts = "100.67.205.28";
+  giuliopc-ts = "100.124.78.64";
+  dodino-ts = "100.106.244.35";
  
  # groups
  gdevices-wg =
--- a/hosts/architect/tailscale.nix
+++ b/hosts/architect/tailscale.nix
@ -2,9 +2,9 @@

 let
  network = import ./network.nix;
-  auth_block = (import ./openid.nix { inherit lib; }).openresty_oidc_block;
+  
  ifname = "ts0";
-in rec {
+in {
  services = {
    tailscale = {
      enable = true;
@ -14,5 +14,8 @@ in rec {

  networking.extraHosts = ''
    ${network.architect-ts} architect.devs.giugl.io
+    ${network.giuliopc-ts} kmerr.devs.giugl.io
+    ${network.dodino-ts} dodino.devs.giugl.io
+    ${network.giuliophone-ts} chuck.devs.giugl.io
  '';
 }
--- a/hosts/architect/wireguard.nix
+++ b/hosts/architect/wireguard.nix
@ -2,8 +2,8 @@ with import ./network.nix; {
  networking = {
    extraHosts = ''
      ${architect-wg} architect.devs.giugl.io
-      ${giuliopc-wg}        giuliopc.devs.giugl.io
-      ${giuliophone-wg}  giuliophone.devs.giugl.io
+      ${giuliopc-wg}     kmerr.devs.giugl.io
+      ${giuliophone-wg}  chuck.devs.giugl.io
      ${manduria-wg} manduria.devs.giugl.io
      ${antonio-wg}  antonio.devs.giugl.io
      ${gbeast-wg}   gbeast.devs.giugl.io
@ -36,17 +36,6 @@ with import ./network.nix; {
    '';

    wireguard = {
-     # interfaces.${proxy-if} = {
-     #   ips = [ "10.4.0.2/32" ];
-     #   privateKeyFile = "/secrets/wireguard/proxy.key";
-     #   peers = [{
-     #     publicKey = "WmJBpXpYebcmJEF8nVTKMqQK01KyBe42vzc38K66rVs=";
-     #     allowedIPs = [ "10.4.0.1/32" ];
-     #     endpoint = "giugl.io:1195";
-     #     persistentKeepalive = 21;
-     #   }];
-     # };
-
      interfaces.${vpn-if} = {
        listenPort = 1194;
        ips = [ "10.3.0.1/24" ];
Author	SHA1	Message	Date
Giulio De Pasquale	99cf228d80	wireguard: Removed unused if. Renamed personal devices	2023-02-08 08:42:33 +01:00
Giulio De Pasquale	dc8aa8406f	tailscale: Added additional DNS entries	2023-02-08 08:41:59 +01:00
Giulio De Pasquale	b191ea3f42	network: Added IPs of some tailscale devices	2023-02-08 08:41:21 +01:00
Giulio De Pasquale	394d0d6b48	firewall: Accept all incoming connections from tailscale	2023-02-08 08:40:58 +01:00