setup everii vpn
This commit is contained in:
Joakim Repomaa
@@ -69,9 +69,15 @@
|
||||
enable = true;
|
||||
extraPackages = with pkgs; [ rocmPackages.clr.icd ];
|
||||
};
|
||||
services.resolved = {
|
||||
enable = true;
|
||||
dnsovertls = "opportunistic";
|
||||
dnssec = "allow-downgrade";
|
||||
};
|
||||
networking.networkmanager = {
|
||||
enable = true;
|
||||
wifi.backend = "iwd";
|
||||
dns = "systemd-resolved";
|
||||
plugins = with pkgs; [
|
||||
networkmanager-openvpn
|
||||
];
|
||||
@@ -86,4 +92,50 @@
|
||||
}
|
||||
];
|
||||
networking.firewall.allowedUDPPorts = [ 5353 ];
|
||||
|
||||
networking.wg-quick.interfaces = lib.mkMerge (
|
||||
lib.map
|
||||
(
|
||||
{
|
||||
region,
|
||||
ipOctet,
|
||||
publicKey,
|
||||
}:
|
||||
{
|
||||
"everii-${region}" = {
|
||||
address = [ "10.${toString ipOctet}.8.48/22" ];
|
||||
dns = [ "10.${toString ipOctet}.1.1" ];
|
||||
privateKeyFile = config.age.secrets."everii-vpn/${region}.key".path;
|
||||
peers = [
|
||||
{
|
||||
allowedIPs = [ "10.${toString ipOctet}.0.0/16" ];
|
||||
endpoint = "vpn.${region}.infra.everii.io:51821";
|
||||
inherit publicKey;
|
||||
}
|
||||
];
|
||||
postUp = ''
|
||||
${pkgs.systemd}/bin/resolvectl domain everii-${region} ~${region}.everii ~${toString ipOctet}.10.in-addr.arpa
|
||||
${pkgs.systemd}/bin/resolvectl dnssec everii-${region} no
|
||||
'';
|
||||
};
|
||||
}
|
||||
)
|
||||
[
|
||||
{
|
||||
region = "de1";
|
||||
ipOctet = 13;
|
||||
publicKey = "uBUgSTZb6WbfE960S3qFP/UUMtdsgNWqtkTaBkp6Xxo=";
|
||||
}
|
||||
{
|
||||
region = "fi1";
|
||||
ipOctet = 14;
|
||||
publicKey = "Yoakl0lrL6IK1nT8x5SGpaS39fQxRAsP9Zjpu8/1RRs=";
|
||||
}
|
||||
{
|
||||
region = "ch1";
|
||||
ipOctet = 15;
|
||||
publicKey = "gfciqAk+X02zoEKXSvRamx5+TGL3i4GpT7oUvHMD0xo=";
|
||||
}
|
||||
]
|
||||
);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user