diff --git a/machine-confs/helium.nix b/machine-confs/helium.nix index d19966d..c20d693 100644 --- a/machine-confs/helium.nix +++ b/machine-confs/helium.nix @@ -3,14 +3,11 @@ networking = { hostName = "helium"; - firewall.allowedUDPPorts = [ - 51820 - 51821 - ]; + firewall.allowedUDPPorts = [ 51820 ]; wg-quick.interfaces = { wg0 = { - autostart = true; + autostart = false; address = [ "172.16.0.2/24" ]; dns = [ "192.168.0.1" @@ -32,7 +29,7 @@ address = [ "10.100.0.7/24" ]; dns = [ "1.1.1.1" ]; privateKeyFile = "/root/wireguard-keys/privatekey-netflix"; - listenPort = 51821; + listenPort = 51820; peers = [ { @@ -45,10 +42,31 @@ } ]; }; + wg2 = { + autostart = true; + address = [ "fd08:d473:bcca:f0::2/64" ]; + dns = [ + "fd08:d473:bcca::1" + "vsinerva.fi" + ]; + privateKeyFile = "/root/wireguard-keys/privatekey-home"; + listenPort = 51820; + + peers = [ + { + publicKey = "f9QoYPxyaxylUcOI9cE9fE9DJoEX4c6GUtr4p+rsd34="; + allowedIPs = [ + "fd08:d473:bcca::/64" + "fd08:d473:bcca:f0::/64" + ]; + endpoint = "wg.vsinerva.fi:51821"; + } + ]; + }; }; }; # Dirty hack to fix autostart failing due to DNS lookups - systemd.services."wg-quick-wg0".serviceConfig = { + systemd.services."wg-quick-wg2".serviceConfig = { Restart = "on-failure"; RestartSec = "1s"; }; diff --git a/machine-confs/lithium.nix b/machine-confs/lithium.nix index a4af369..81fa25b 100644 --- a/machine-confs/lithium.nix +++ b/machine-confs/lithium.nix @@ -5,27 +5,50 @@ firewall.allowedUDPPorts = [ 51820 ]; - wg-quick.interfaces.wg0 = { - autostart = true; - address = [ "172.16.0.4/24" ]; - dns = [ - "192.168.0.1" - "vsinerva.fi" - ]; - privateKeyFile = "/root/wireguard-keys/privatekey-home"; - listenPort = 51820; + wg-quick.interfaces = { + wg0 = { + autostart = false; + address = [ "172.16.0.4/24" ]; + dns = [ + "192.168.0.1" + "vsinerva.fi" + ]; + privateKeyFile = "/root/wireguard-keys/privatekey-home"; + listenPort = 51820; - peers = [ - { - publicKey = "f9QoYPxyaxylUcOI9cE9fE9DJoEX4c6GUtr4p+rsd34="; - allowedIPs = [ "0.0.0.0/0" ]; - endpoint = "wg.vsinerva.fi:51820"; - } - ]; + peers = [ + { + publicKey = "f9QoYPxyaxylUcOI9cE9fE9DJoEX4c6GUtr4p+rsd34="; + allowedIPs = [ "0.0.0.0/0" ]; + endpoint = "wg.vsinerva.fi:51820"; + } + ]; + }; + wg1 = { + autostart = true; + address = [ "fd08:d473:bcca:f0::3/64" ]; + dns = [ + "fd08:d473:bcca::1" + "vsinerva.fi" + ]; + privateKeyFile = "/root/wireguard-keys/privatekey-home"; + listenPort = 51820; + + peers = [ + { + publicKey = "f9QoYPxyaxylUcOI9cE9fE9DJoEX4c6GUtr4p+rsd34="; + allowedIPs = [ + "fd08:d473:bcca::/64" + "fd08:d473:bcca:f0::/64" + ]; + endpoint = "wg.vsinerva.fi:51821"; + } + ]; + }; }; }; # Dirty hack to fix autostart failing due to DNS lookups - systemd.services."wg-quick-wg0".serviceConfig = { + systemd.services."wg-quick-wg1".serviceConfig = { Restart = "on-failure"; RestartSec = "1s"; }; diff --git a/services/syncthing.nix b/services/syncthing.nix index a4d1ff6..f45a3f2 100644 --- a/services/syncthing.nix +++ b/services/syncthing.nix @@ -18,11 +18,11 @@ devices = { "helium" = { id = "2MRUBSY-NHXYMAW-SY22RHP-CNNMHKR-DPDKMM4-2XV5F6M-6KSNLQI-DD4EOAM"; - addresses = [ "tcp://172.16.0.2:22000" ]; + addresses = [ "tcp://[fd08:d473:bcca:f0::2]:22000" ]; }; "lithium" = { id = "S4ZORDV-QBY7QC7-FQHADMZ-NQSKJUA-7B7LQNS-CWJLSMG-JPMN7YJ-OVRDZQA"; - addresses = [ "tcp://172.16.0.4:22000" ]; + addresses = [ "tcp://[fd08:d473:bcca:f0::3]:22000" ]; }; "nixos-cpu" = { id = "ZX35ARB-3ULEUV3-NNUEREF-DEDWOJU-GE7A4PP-T7O43NI-SU564OD-E26HHA4";