Add raccoon peer to wireguard

2025-09-19 13:27:42 +02:00
parent 4a97ca2e18
commit bb2c3345a0
6 changed files with 54 additions and 0 deletions
--- a/m/apex/wireguard.nix
+++ b/m/apex/wireguard.nix
@@ -25,11 +25,17 @@
          # Send keepalives every 25 seconds. Important to keep NAT tables alive.
          persistentKeepalive = 25;
        }
+        {
+          name = "raccoon";
+          publicKey = "QUfnGXSMEgu2bviglsaSdCjidB51oEDBFpnSFcKGfDI=";
+          allowedIPs = [ "10.106.0.236/32" ];
+        }
      ];
    };
  };

  networking.hosts = {
    "10.106.0.1" = [ "fox" ];
+    "10.106.0.236" = [ "raccoon.wg" ];
  };
 }
--- a/m/fox/wireguard.nix
+++ b/m/fox/wireguard.nix
@@ -29,12 +29,18 @@
          # List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
          allowedIPs = [ "10.106.0.30/32" ];
        }
+        {
+          name = "raccoon";
+          publicKey = "QUfnGXSMEgu2bviglsaSdCjidB51oEDBFpnSFcKGfDI=";
+          allowedIPs = [ "10.106.0.236/32" ];
+        }
      ];
    };
  };

  networking.hosts = {
    "10.106.0.30" = [ "apex" ];
+    "10.106.0.236" = [ "raccoon.wg" ];
  };

  networking.firewall = {
--- a/m/raccoon/configuration.nix
+++ b/m/raccoon/configuration.nix
@@ -8,6 +8,7 @@
    ../module/ssh-hut-extern.nix
    ../module/nvidia.nix
    ../eudy/kernel/perf.nix
+    ./wireguard.nix
  ];

  # Don't install Grub on the disk yet
--- a/m/raccoon/wireguard.nix
+++ b/m/raccoon/wireguard.nix
@@ -0,0 +1,39 @@
+{ config, ... }:
+
+{
+  networking.firewall = {
+    allowedUDPPorts = [ 666 ];
+  };
+
+  age.secrets.wgRaccoon.file = ../../secrets/wg-raccoon.age;
+
+  # Enable WireGuard
+  networking.wireguard.enable = true;
+  networking.wireguard.interfaces = {
+    wg0 = {
+      ips = [ "10.106.0.236/24" ];
+      listenPort = 666;
+      privateKeyFile = config.age.secrets.wgRaccoon.path;
+      # Public key: QUfnGXSMEgu2bviglsaSdCjidB51oEDBFpnSFcKGfDI=
+      peers = [
+        {
+          name = "fox";
+          publicKey = "VfMPBQLQTKeyXJSwv8wBhc6OV0j2qAxUpX3kLHunK2Y=";
+          allowedIPs = [ "10.106.0.1/32" ];
+          endpoint = "fox.ac.upc.edu:666";
+        }
+        {
+          name = "apex";
+          publicKey = "VwhcN8vSOzdJEotQTpmPHBC52x3Hbv1lkFIyKubrnUA=";
+          allowedIPs = [ "10.106.0.30/32" ];
+          endpoint = "ssfhead.bsc.es:666";
+        }
+      ];
+    };
+  };
+
+  networking.hosts = {
+    "10.106.0.1"  = [ "fox.wg" ];
+    "10.106.0.30" = [ "apex.wg" ];
+  };
+}