Rodrigo Arias Mallo
52380eae59
The 106 byte is the code for 'j' (jungle) in ASCII: % printf j | od -t d 0000000 106 0000001 Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>
47 lines
1.3 KiB
Nix
47 lines
1.3 KiB
Nix
{ config, ... }:
|
|
|
|
{
|
|
networking.firewall = {
|
|
allowedUDPPorts = [ 666 ];
|
|
};
|
|
|
|
age.secrets.wgFox.file = ../../secrets/wg-fox.age;
|
|
|
|
networking.wireguard.enable = true;
|
|
networking.wireguard.interfaces = {
|
|
# "wg0" is the network interface name. You can name the interface arbitrarily.
|
|
wg0 = {
|
|
# Determines the IP address and subnet of the server's end of the tunnel interface.
|
|
ips = [ "10.106.0.1/24" ];
|
|
|
|
# The port that WireGuard listens to. Must be accessible by the client.
|
|
listenPort = 666;
|
|
|
|
# Path to the private key file.
|
|
privateKeyFile = config.age.secrets.wgFox.path;
|
|
# Public key: VfMPBQLQTKeyXJSwv8wBhc6OV0j2qAxUpX3kLHunK2Y=
|
|
|
|
peers = [
|
|
# List of allowed peers.
|
|
{
|
|
name = "Apex";
|
|
publicKey = "VwhcN8vSOzdJEotQTpmPHBC52x3Hbv1lkFIyKubrnUA=";
|
|
# List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
|
|
allowedIPs = [ "10.106.0.30/32" ];
|
|
}
|
|
];
|
|
};
|
|
};
|
|
|
|
networking.hosts = {
|
|
"10.106.0.30" = [ "apex" ];
|
|
};
|
|
|
|
networking.firewall = {
|
|
extraCommands = ''
|
|
# Accept slurm connections to slurmd from apex (via wireguard)
|
|
iptables -A nixos-fw -p tcp -i wg0 -s 10.106.0.30/32 -d 10.106.0.1/32 --dport 6818 -j nixos-fw-accept
|
|
'';
|
|
};
|
|
}
|