about summary refs log tree commit diff
path: root/nixos/kanata/configuration.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/kanata/configuration.nix')
-rw-r--r--nixos/kanata/configuration.nix66
1 files changed, 35 insertions, 31 deletions
diff --git a/nixos/kanata/configuration.nix b/nixos/kanata/configuration.nix
index 323f6ac..8a4d46c 100644
--- a/nixos/kanata/configuration.nix
+++ b/nixos/kanata/configuration.nix
@@ -96,9 +96,8 @@ in
   sops.secrets.grafana-admin-pass = { owner = "grafana"; };
   sops.secrets.cf-kusanari-kanata-credentials = { owner = "cloudflared"; };
   sops.secrets.nitter-account-jsonl = { };
-  sops.secrets.interlink-password = { };
-  sops.secrets.interlink-ovpn = { };
-  sops.secrets.interlink-ovpn-creds = { };
+  # sops.secrets.interlink-private-key = { };
+  sops.secrets.interlink-wg-config = { };
   sops.secrets.proton-private-key = { };
   sops.secrets.attic-credentials = { };
   # TODO: insecure?
@@ -294,9 +293,8 @@ in
     privateNetwork = true;
     hostAddress = "172.16.1.1";
     localAddress = "172.16.1.2";
-    bindMounts."/run/secrets/interlink-password".hostPath = config.sops.secrets.interlink-password.path;
-    # bindMounts."/run/secrets/interlink-ovpn".hostPath = config.sops.secrets.interlink-ovpn.path;
-    # bindMounts."/run/secrets/interlink-ovpn-creds".hostPath = config.sops.secrets.interlink-ovpn-creds.path;
+    # bindMounts."/run/secrets/interlink-private-key".hostPath = config.sops.secrets.interlink-private-key.path;
+    bindMounts."/run/secrets/interlink-wg-config".hostPath = config.sops.secrets.interlink-wg-config.path;
     config = { config, pkgs, lib, ... }: {
       services.tailscale = {
         enable = true;
@@ -306,35 +304,41 @@ in
         ];
       };
 
-      networking.openconnect.interfaces.openconnect0 = {
-        autoStart = true;
+      networking.firewall.allowedUDPPorts = [ 51820 ];
 
-        gateway = "133.242.23.15"; # JP#11
-        # gateway = "133.242.17.239"; # JP#1
-        protocol = "anyconnect";
-        user = "sk146241";
-        passwordFile = "/run/secrets/interlink-password";
+      networking.wg-quick.interfaces.wg0 = {
+        autostart = true;
 
-        extraOptions = {
-          servercert = "pin-sha256:42cxGem/A2lRRPLefN3tSlPHFD1mK0BLh7tbUJeXvhE="; # JP#11
-          # servercert = "pin-sha256:OvJIFf7gPPbnR7tdG0Uj10GET5eynt+o5pfKBIEA+ws="; # JP#1
-        };
-      };
-      systemd.services.openconnect-openconnect0  = {
-        serviceConfig = {
-          # XXX: On initial startup, the service would fail with
-          # 'No route to host'.
-          Restart = "on-failure";
-          RestartSec = "5s";
-        };
+        configFile = "/run/secrets/interlink-wg-config";
+
+        # address = [ "***.***.***.***/32" ];
+        # listenPort = 51820;
+        #
+        # mtu = 1350;
+        #
+        # privateKeyFile = "/run/secrets/interlink-private-key";
+        #
+        # peers = [{
+        #   publicKey = "*******************************************";
+        #   # Exclude 100.64.0.0/10
+        #   allowedIPs = [
+        #     "0.0.0.0/0"
+        #     # "0.0.0.0/2"
+        #     # "64.0.0.0/3"
+        #     # "96.0.0.0/6"
+        #     # "100.0.0.0/10"
+        #     # "100.128.0.0/9"
+        #     # "101.0.0.0/8"
+        #     # "102.0.0.0/7"
+        #     # "104.0.0.0/5"
+        #     # "112.0.0.0/4"
+        #     # "128.0.0.0/1"
+        #   ];
+        #   persistentKeepalive = 120;
+        #   endpoint = "***.***.***.***:51840";
+        # }];
       };
 
-      # services.openvpn.servers.interlink-sekai = {
-      #   autoStart = true;
-      #   config = "config /run/secrets/interlink-ovpn";
-      #   up = "echo nameserver $nameserver |  ${pkgs.openresolv}/sbin/resolvconf -m 0 -a $dev";
-      #   down = "${pkgs.openresolv}/sbin/resolvconf -d $dev";
-      # };
 
       system.stateVersion = "24.05";
     };
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-09-17 18:35:01 +0000