From 017c19e7d07ef53544abf599e7b59020667648bd Mon Sep 17 00:00:00 2001 From: Rodrigo Arias Mallo Date: Wed, 3 Sep 2025 11:12:25 +0200 Subject: [PATCH] Use 10.106.0.0/24 subnet to avoid collisions The 106 byte is the code for 'j' (jungle) in ASCII: % printf j | od -t d 0000000 106 0000001 Reviewed-by: Aleix Roca Nonell --- m/apex/wireguard.nix | 6 +++--- m/fox/wireguard.nix | 8 ++++---- m/module/slurm-server.nix | 4 ++-- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/m/apex/wireguard.nix b/m/apex/wireguard.nix index bd5b351..49180a1 100644 --- a/m/apex/wireguard.nix +++ b/m/apex/wireguard.nix @@ -12,7 +12,7 @@ networking.wireguard.interfaces = { # "wg0" is the network interface name. You can name the interface arbitrarily. wg0 = { - ips = [ "10.100.0.30/24" ]; + ips = [ "10.106.0.30/24" ]; listenPort = 666; privateKeyFile = config.age.secrets.wgApex.path; # Public key: VwhcN8vSOzdJEotQTpmPHBC52x3Hbv1lkFIyKubrnUA= @@ -20,7 +20,7 @@ { name = "Fox"; publicKey = "VfMPBQLQTKeyXJSwv8wBhc6OV0j2qAxUpX3kLHunK2Y="; - allowedIPs = [ "10.100.0.0/24" ]; + allowedIPs = [ "10.106.0.0/24" ]; endpoint = "fox.ac.upc.edu:666"; # Send keepalives every 25 seconds. Important to keep NAT tables alive. persistentKeepalive = 25; @@ -30,6 +30,6 @@ }; networking.hosts = { - "10.100.0.1" = [ "fox" ]; + "10.106.0.1" = [ "fox" ]; }; } diff --git a/m/fox/wireguard.nix b/m/fox/wireguard.nix index d10703d..8299d48 100644 --- a/m/fox/wireguard.nix +++ b/m/fox/wireguard.nix @@ -12,7 +12,7 @@ # "wg0" is the network interface name. You can name the interface arbitrarily. wg0 = { # Determines the IP address and subnet of the server's end of the tunnel interface. - ips = [ "10.100.0.1/24" ]; + ips = [ "10.106.0.1/24" ]; # The port that WireGuard listens to. Must be accessible by the client. listenPort = 666; @@ -27,20 +27,20 @@ name = "Apex"; publicKey = "VwhcN8vSOzdJEotQTpmPHBC52x3Hbv1lkFIyKubrnUA="; # List of IPs assigned to this peer within the tunnel subnet. Used to configure routing. - allowedIPs = [ "10.100.0.30/32" ]; + allowedIPs = [ "10.106.0.30/32" ]; } ]; }; }; networking.hosts = { - "10.100.0.30" = [ "apex" ]; + "10.106.0.30" = [ "apex" ]; }; networking.firewall = { extraCommands = '' # Accept slurm connections to slurmd from apex (via wireguard) - iptables -A nixos-fw -p tcp -i wg0 -s 10.100.0.30/32 -d 10.100.0.1/32 --dport 6818 -j nixos-fw-accept + iptables -A nixos-fw -p tcp -i wg0 -s 10.106.0.30/32 -d 10.106.0.1/32 --dport 6818 -j nixos-fw-accept ''; }; } diff --git a/m/module/slurm-server.nix b/m/module/slurm-server.nix index 449ba8c..25fe4f6 100644 --- a/m/module/slurm-server.nix +++ b/m/module/slurm-server.nix @@ -15,9 +15,9 @@ iptables -A nixos-fw -p tcp -s 10.0.40.0/24 --dport 60000:61000 -j nixos-fw-accept # Accept slurm connections to controller from fox (via wireguard) - iptables -A nixos-fw -p tcp -i wg0 -s 10.100.0.1/32 --dport 6817 -j nixos-fw-accept + iptables -A nixos-fw -p tcp -i wg0 -s 10.106.0.1/32 --dport 6817 -j nixos-fw-accept # Accept slurm connections from fox for srun (via wireguard) - iptables -A nixos-fw -p tcp -i wg0 -s 10.100.0.1/32 --dport 60000:61000 -j nixos-fw-accept + iptables -A nixos-fw -p tcp -i wg0 -s 10.106.0.1/32 --dport 60000:61000 -j nixos-fw-accept ''; }; }