Replace ad-hoc wireguard by wesher on staging cluster

1 files changed, 1 insertions, 37 deletions

diff --git a/nix/configuration.nix b/nix/configuration.nix
index 3f3aa49..984307c 100644
--- a/nix/configuration.nix
+++ b/nix/configuration.nix
@@ -69,6 +69,7 @@ SystemMaxUse=1G
     rclone
     docker
     docker-compose
+    wireguard
     wesher
   ];
 
@@ -81,43 +82,6 @@ SystemMaxUse=1G
   services.openssh.enable = true;
   services.openssh.passwordAuthentication = false;
 
-  services.wesher = {
-    enable = true;
-    join = [ "192.168.1.22" "192.168.1.23" ];
-    bindAddr = config.deuxfleurs.lan_ip;  # for now
-    overlayNet = "10.14.0.0/16";
-  };
-
-  # ---- CONFIG FOR DEUXFLEURS CLUSTER ----
-
-  # Open ports in the firewall.
-  networking.firewall = {
-    enable = true;
-
-    # Allow anyone to connect on SSH port
-    allowedTCPPorts = [
-      (builtins.head ({ openssh.ports = [22]; } // config.services).openssh.ports)
-    ];
-
-    # Allow specific hosts access to specific things in the cluster
-    extraCommands = ''
-      # Allow everything from router (usefull for UPnP/IGD)
-      iptables -A INPUT -s 192.168.1.254 -j ACCEPT
-
-      # Allow docker containers to access all ports
-      iptables -A INPUT -s 172.17.0.0/16 -j ACCEPT
-
-      # Allow other nodes on VPN to access all ports
-      iptables -A INPUT -s 10.42.0.0/16 -j ACCEPT
-    '';
-
-    # When stopping firewall, delete all rules that were configured manually above
-    extraStopCommands = ''
-      iptables -D INPUT -s 192.168.1.254 -j ACCEPT
-      iptables -D INPUT -s 172.17.0.0/16 -j ACCEPT
-      iptables -D INPUT -s 10.42.0.0/16 -j ACCEPT
-    '';
-  };
 
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions