From 6bbfb0d1244b79728a2a4e6f6f4b0cb4bf2a6475 Mon Sep 17 00:00:00 2001
From: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
Date: Fri, 29 Aug 2025 14:29:14 +0200
Subject: [PATCH] Make apex host specific to each machine

Allows direct contact via the VPN when accessing from fox, but use
Internet when using the rest of the machines.

Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>
---
 m/common/base/net.nix       | 2 +-
 m/fox/wireguard.nix         | 4 ++++
 m/raccoon/configuration.nix | 1 +
 m/tent/configuration.nix    | 3 +++
 4 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/m/common/base/net.nix b/m/common/base/net.nix
index 3a64c786..64e6160a 100644
--- a/m/common/base/net.nix
+++ b/m/common/base/net.nix
@@ -14,7 +14,7 @@
     nftables.enable = lib.mkForce false;
 
     hosts = {
-      "84.88.53.236" = [ "apex" "ssfhead.bsc.es" "ssfhead" ];
+      "84.88.53.236" = [ "ssfhead.bsc.es" "ssfhead" ];
       "84.88.51.152" = [ "raccoon" ];
       "84.88.51.142" = [ "raccoon-ipmi" ];
     };
diff --git a/m/fox/wireguard.nix b/m/fox/wireguard.nix
index 34d84c07..a16f1528 100644
--- a/m/fox/wireguard.nix
+++ b/m/fox/wireguard.nix
@@ -32,4 +32,8 @@
       ];
     };
   };
+
+  networking.hosts = {
+    "10.100.0.30" = [ "apex" ];
+  };
 }
diff --git a/m/raccoon/configuration.nix b/m/raccoon/configuration.nix
index 46f63f56..cec17e6f 100644
--- a/m/raccoon/configuration.nix
+++ b/m/raccoon/configuration.nix
@@ -39,6 +39,7 @@
     };
     hosts = {
       "10.0.44.4" = [ "tent" ];
+      "84.88.53.236" = [ "apex" ];
     };
   };
 
diff --git a/m/tent/configuration.nix b/m/tent/configuration.nix
index 57ac6e9f..416d8df1 100644
--- a/m/tent/configuration.nix
+++ b/m/tent/configuration.nix
@@ -33,6 +33,9 @@
     nameservers = [ "84.88.52.35" "84.88.52.36" ];
     search = [ "bsc.es" "ac.upc.edu" ];
     defaultGateway = "10.0.44.1";
+    hosts = {
+      "84.88.53.236" = [ "apex" ];
+    };
   };
 
   services.p.enable = true;