add ddns, wireguard server
This commit is contained in:
@@ -17,6 +17,7 @@
|
||||
./modules/unbound.nix
|
||||
./modules/avahi.nix
|
||||
./modules/openconnect.nix
|
||||
./modules/wireguard.nix
|
||||
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
@@ -27,6 +27,12 @@
|
||||
];
|
||||
subnet = "10.42.96.0/24";
|
||||
interface = "lan";
|
||||
option-data = [
|
||||
{
|
||||
name = "domain-name";
|
||||
value = "cloonar.com";
|
||||
}
|
||||
];
|
||||
reservations = [
|
||||
{
|
||||
hw-address = "98:b6:e9:b6:ef:f4";
|
||||
@@ -53,6 +59,12 @@
|
||||
];
|
||||
subnet = "10.42.97.0/24";
|
||||
interface = "server";
|
||||
option-data = [
|
||||
{
|
||||
name = "domain-name";
|
||||
value = "cloonar.com";
|
||||
}
|
||||
];
|
||||
reservations = [
|
||||
{
|
||||
hw-address = "0a:0e:52:a2:f7:8e";
|
||||
@@ -74,6 +86,12 @@
|
||||
];
|
||||
subnet = "10.42.99.0/24";
|
||||
interface = "multimedia";
|
||||
option-data = [
|
||||
{
|
||||
name = "domain-name";
|
||||
value = "cloonar.multimedia";
|
||||
}
|
||||
];
|
||||
}
|
||||
{
|
||||
pools = [
|
||||
@@ -92,6 +110,12 @@
|
||||
];
|
||||
subnet = "10.42.254.0/24";
|
||||
interface = "smart";
|
||||
option-data = [
|
||||
{
|
||||
name = "domain-name";
|
||||
value = "cloonar.smart";
|
||||
}
|
||||
];
|
||||
reservations = [
|
||||
{
|
||||
hw-address = "7a:5a:d6:d0:29:fe";
|
||||
@@ -162,7 +186,45 @@
|
||||
}
|
||||
];
|
||||
dhcp-ddns = {
|
||||
ip-address = "127.0.0.1";
|
||||
port = 53001;
|
||||
enable-updates = true;
|
||||
forward-ddns = {
|
||||
ddns-domains = [
|
||||
{
|
||||
name = "cloonar.com.";
|
||||
key-name = "dhcp1-ns1";
|
||||
dns-servers = [
|
||||
{ ip-address = "127.0.0.1" }
|
||||
];
|
||||
}
|
||||
{
|
||||
name = "cloonar.smart.";
|
||||
key-name = "dhcp1-ns1";
|
||||
dns-servers = [
|
||||
{ ip-address = "127.0.0.1" }
|
||||
];
|
||||
}
|
||||
{
|
||||
name = "cloonar.multimedia.";
|
||||
key-name = "dhcp1-ns1";
|
||||
dns-servers = [
|
||||
{ ip-address = "127.0.0.1" }
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
reverse-ddns = {
|
||||
ddns-domains = [
|
||||
{
|
||||
name = "42.10.in-addr.arpa.";
|
||||
key-name = "dhcp1-ns1";
|
||||
dns-servers = [
|
||||
{ ip-address = "127.0.0.1" }
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
valid-lifetime = 4000;
|
||||
};
|
||||
|
||||
@@ -3,6 +3,7 @@
|
||||
enable = true;
|
||||
server = {
|
||||
interface = [ "10.42.96.1" "10.42.97.1" "10.42.99.1" "10.42.254.1" ];
|
||||
tls-cert-bundle = "/var/lib/acme/fw.cloonar.com/fullchain.pem"
|
||||
};
|
||||
local-data = [
|
||||
"localhost A 127.0.0.1"
|
||||
@@ -65,7 +66,6 @@
|
||||
"10.42.97.9 cl-storage-01.cloonar.com"
|
||||
"10.42.97.118 git.cloonar.com"
|
||||
|
||||
|
||||
"10.254.235.22 stage.wsw.at"
|
||||
"10.254.217.23 prod.wsw.at"
|
||||
"10.254.240.109 wohnservice-wien.at"
|
||||
@@ -113,4 +113,10 @@
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
security.acme.certs.fw = {
|
||||
domain = "fw.cloonar.com";
|
||||
user = config.services.unbound.user;
|
||||
group = config.services.unbound.group;
|
||||
};
|
||||
}
|
||||
|
||||
22
hosts/fw.cloonar.com/modules/wireguard.nix
Normal file
22
hosts/fw.cloonar.com/modules/wireguard.nix
Normal file
@@ -0,0 +1,22 @@
|
||||
{ ... }: {
|
||||
sops.secrets.wg0_key = {};
|
||||
|
||||
networking.wireguard.interfaces = {
|
||||
wg0 = {
|
||||
ips = [ "10.42.98.1/24" ];
|
||||
listenPort = 51820;
|
||||
# publicKey: TKQVDmBnf9av46kQxLQSBDhAeaK8r1zh8zpU64zuc1Q=
|
||||
privateKeyFile = config.sops.secrets.wg0_key.path;
|
||||
peers = [
|
||||
{ # Notebook
|
||||
publicKey = "YdlRGsjh4hS3OMJI+t6SZ2eGXKbs0wZBXWudHW4NyS8=";
|
||||
allowedIPs = [ "10.42.98.201/32" ];
|
||||
}
|
||||
{ # iPhone
|
||||
publicKey = "nkm10abmwt2G8gJXnpqel6QW5T8aSaxiqqGjE8va/A0=";
|
||||
allowedIPs = [ "10.42.98.202/32" ];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
Reference in New Issue
Block a user