edge01: deploy kkc wireguard tunnel (never used)
Change-Id: I5f61f00029ac9e86cd4fdcc390d16ec7fa081f51
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1157
Reviewed-by: q3k <q3k@hackerspace.pl>
diff --git a/bgpwtf/machines/edge01.waw.bgp.wtf.nix b/bgpwtf/machines/edge01.waw.bgp.wtf.nix
index d26f219..e9d88e5 100644
--- a/bgpwtf/machines/edge01.waw.bgp.wtf.nix
+++ b/bgpwtf/machines/edge01.waw.bgp.wtf.nix
@@ -58,6 +58,44 @@
out = "/var/lib/unbound/rsh.conf";
};
+ networking.wireguard.interfaces = {
+ wg-camp = {
+ ips = [
+ "185.236.240.68/31"
+ "2a0d:eb00:2137:1::e/127"
+ ];
+ allowedIPsAsRoutes = false;
+ listenPort = 51820;
+ generatePrivateKeyFile = true;
+ privateKeyFile = "/root/camp-wg";
+ peers = [
+ {
+ publicKey = "TbXDHeHwT4/xQ1+l4HH9EzbYUUCU4Pk/r0nsGSw+qUc=";
+ allowedIPs = [
+ "185.236.240.69/32"
+ "185.236.241.0/24"
+ "2a0d:eb00:8007::/48"
+ "2a0d:eb00:2137:1::f/128"
+ ];
+ }
+ ];
+ };
+ };
+
+ hscloud.routing.static.v6.camp = {
+ table = "aggregate";
+ address = "2a0d:eb00:8007::";
+ prefixLength = 48;
+ via = "2a0d:eb00:2137:1::f";
+ };
+ hscloud.routing.static.v4.camp = {
+ table = "aggregate";
+ address = "185.236.241.0";
+ prefixLength = 24;
+ via = "185.236.240.69";
+ };
+
+
hscloud.renameInterfaces = {
# Link to Nitronet CPE.
e1-nnet.mac = "ac:1f:6b:1c:d7:ae";
@@ -172,7 +210,7 @@
'';
hscloud.routing.originate = {
# WAW prefixes, exposed into internet BGP table.
- v4.waw = { table = "internet"; address = "185.236.240.0"; prefixLength = 24; };
+ v4.waw = { table = "internet"; address = "185.236.240.0"; prefixLength = 23; };
v6.waw = { table = "internet"; address = "2a0d:eb00::"; prefixLength = 32; };
# Default gateway via us, exposed into aggregated table.