Compare commits

..

4 Commits

Author SHA1 Message Date
Giulio De Pasquale
99cf228d80 wireguard: Removed unused if. Renamed personal devices 2023-02-08 08:42:33 +01:00
Giulio De Pasquale
dc8aa8406f tailscale: Added additional DNS entries 2023-02-08 08:41:59 +01:00
Giulio De Pasquale
b191ea3f42 network: Added IPs of some tailscale devices 2023-02-08 08:41:21 +01:00
Giulio De Pasquale
394d0d6b48 firewall: Accept all incoming connections from tailscale 2023-02-08 08:40:58 +01:00
4 changed files with 11 additions and 17 deletions

View File

@ -157,12 +157,11 @@ in {
ip daddr 255.255.255.255 accept comment "allow broadcast traffic"
ip daddr 224.0.0.0/4 accept comment "allow multicast traffic"
ip saddr ${lan-net} accept comment "lan > local"
ip saddr ${tailscale-net} accept comment "tailscale > local"
ip saddr {${lib.concatStringsSep "," gdevices-wg}} accept comment "vpn > local"
iifname ${wan-if} tcp dport {${open_tcp_ports}} accept
iifname ${wan-if} udp dport {${open_udp_ports}} accept
iifname ${tailscale-if} tcp dport {${open_tcp_ports_vpn}} accept
iifname ${tailscale-if} udp dport {${open_udp_ports_vpn}} accept
iifname ${vpn-if} tcp dport {${open_tcp_ports_vpn}} accept
iifname ${vpn-if} udp dport {${open_udp_ports_vpn}} accept
iifname ${vpn-if} icmp type echo-request accept

View File

@ -56,7 +56,10 @@ rec {
hotpottino-wg = "10.3.0.201";
dodino-wg = "10.3.0.202";
giuliophone-ts = "100.68.68.46";
architect-ts = "100.67.205.28";
giuliopc-ts = "100.124.78.64";
dodino-ts = "100.106.244.35";
# groups
gdevices-wg =

View File

@ -2,9 +2,9 @@
let
network = import ./network.nix;
auth_block = (import ./openid.nix { inherit lib; }).openresty_oidc_block;
ifname = "ts0";
in rec {
in {
services = {
tailscale = {
enable = true;
@ -14,5 +14,8 @@ in rec {
networking.extraHosts = ''
${network.architect-ts} architect.devs.giugl.io
${network.giuliopc-ts} kmerr.devs.giugl.io
${network.dodino-ts} dodino.devs.giugl.io
${network.giuliophone-ts} chuck.devs.giugl.io
'';
}

View File

@ -2,8 +2,8 @@ with import ./network.nix; {
networking = {
extraHosts = ''
${architect-wg} architect.devs.giugl.io
${giuliopc-wg} giuliopc.devs.giugl.io
${giuliophone-wg} giuliophone.devs.giugl.io
${giuliopc-wg} kmerr.devs.giugl.io
${giuliophone-wg} chuck.devs.giugl.io
${manduria-wg} manduria.devs.giugl.io
${antonio-wg} antonio.devs.giugl.io
${gbeast-wg} gbeast.devs.giugl.io
@ -36,17 +36,6 @@ with import ./network.nix; {
'';
wireguard = {
# interfaces.${proxy-if} = {
# ips = [ "10.4.0.2/32" ];
# privateKeyFile = "/secrets/wireguard/proxy.key";
# peers = [{
# publicKey = "WmJBpXpYebcmJEF8nVTKMqQK01KyBe42vzc38K66rVs=";
# allowedIPs = [ "10.4.0.1/32" ];
# endpoint = "giugl.io:1195";
# persistentKeepalive = 21;
# }];
# };
interfaces.${vpn-if} = {
listenPort = 1194;
ips = [ "10.3.0.1/24" ];