Use 10.106.0.0/24 subnet to avoid collisions

The 106 byte is the code for 'j' (jungle) in ASCII: % printf j | od -t d 0000000 106 0000001 Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>
2025-09-03 11:12:25 +02:00 · 2025-09-03 11:12:25 +02:00 · 52380eae59
commit 52380eae59
parent 2fe84c4cbc
3 changed files with 9 additions and 9 deletions
--- a/m/apex/wireguard.nix
+++ b/m/apex/wireguard.nix
@ -12,7 +12,7 @@
  networking.wireguard.interfaces = {
    # "wg0" is the network interface name. You can name the interface arbitrarily.
    wg0 = {
-      ips = [ "10.100.0.30/24" ];
+      ips = [ "10.106.0.30/24" ];
      listenPort = 666;
      privateKeyFile = config.age.secrets.wgApex.path;
      # Public key: VwhcN8vSOzdJEotQTpmPHBC52x3Hbv1lkFIyKubrnUA=
@ -20,7 +20,7 @@
        {
          name = "Fox";
          publicKey = "VfMPBQLQTKeyXJSwv8wBhc6OV0j2qAxUpX3kLHunK2Y=";
-          allowedIPs = [ "10.100.0.0/24" ];
+          allowedIPs = [ "10.106.0.0/24" ];
          endpoint = "fox.ac.upc.edu:666";
          # Send keepalives every 25 seconds. Important to keep NAT tables alive.
          persistentKeepalive = 25;
@ -30,6 +30,6 @@
  };

  networking.hosts = {
-    "10.100.0.1" = [ "fox" ];
+    "10.106.0.1" = [ "fox" ];
  };
 }
--- a/m/fox/wireguard.nix
+++ b/m/fox/wireguard.nix
@ -12,7 +12,7 @@
    # "wg0" is the network interface name. You can name the interface arbitrarily.
    wg0 = {
      # Determines the IP address and subnet of the server's end of the tunnel interface.
-      ips = [ "10.100.0.1/24" ];
+      ips = [ "10.106.0.1/24" ];

      # The port that WireGuard listens to. Must be accessible by the client.
      listenPort = 666;
@ -27,20 +27,20 @@
          name = "Apex";
          publicKey = "VwhcN8vSOzdJEotQTpmPHBC52x3Hbv1lkFIyKubrnUA=";
          # List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
-          allowedIPs = [ "10.100.0.30/32" ];
+          allowedIPs = [ "10.106.0.30/32" ];
        }
      ];
    };
  };

  networking.hosts = {
-    "10.100.0.30" = [ "apex" ];
+    "10.106.0.30" = [ "apex" ];
  };

  networking.firewall = {
    extraCommands = ''
      # Accept slurm connections to slurmd from apex (via wireguard)
-      iptables -A nixos-fw -p tcp -i wg0 -s 10.100.0.30/32 -d 10.100.0.1/32 --dport 6818 -j nixos-fw-accept
+      iptables -A nixos-fw -p tcp -i wg0 -s 10.106.0.30/32 -d 10.106.0.1/32 --dport 6818 -j nixos-fw-accept
    '';
  };
 }
--- a/m/module/slurm-server.nix
+++ b/m/module/slurm-server.nix
@ -15,9 +15,9 @@
      iptables -A nixos-fw -p tcp -s 10.0.40.0/24 --dport 60000:61000 -j nixos-fw-accept

      # Accept slurm connections to controller from fox (via wireguard)
-      iptables -A nixos-fw -p tcp -i wg0 -s 10.100.0.1/32 --dport 6817 -j nixos-fw-accept
+      iptables -A nixos-fw -p tcp -i wg0 -s 10.106.0.1/32 --dport 6817 -j nixos-fw-accept
      # Accept slurm connections from fox for srun (via wireguard)
-      iptables -A nixos-fw -p tcp -i wg0 -s 10.100.0.1/32 --dport 60000:61000 -j nixos-fw-accept
+      iptables -A nixos-fw -p tcp -i wg0 -s 10.106.0.1/32 --dport 60000:61000 -j nixos-fw-accept
    '';
  };
 }