From 10d370491e07223c54009feb9330a9c662fe3b79 Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Wed, 20 Apr 2022 18:04:57 +0200 Subject: Replace ad-hoc wireguard by wesher on staging cluster --- nix/configuration.nix | 38 +------------------------------------- 1 file changed, 1 insertion(+), 37 deletions(-) (limited to 'nix/configuration.nix') diff --git a/nix/configuration.nix b/nix/configuration.nix index 3f3aa49..984307c 100644 --- a/nix/configuration.nix +++ b/nix/configuration.nix @@ -69,6 +69,7 @@ SystemMaxUse=1G rclone docker docker-compose + wireguard wesher ]; @@ -81,43 +82,6 @@ SystemMaxUse=1G services.openssh.enable = true; services.openssh.passwordAuthentication = false; - services.wesher = { - enable = true; - join = [ "192.168.1.22" "192.168.1.23" ]; - bindAddr = config.deuxfleurs.lan_ip; # for now - overlayNet = "10.14.0.0/16"; - }; - - # ---- CONFIG FOR DEUXFLEURS CLUSTER ---- - - # Open ports in the firewall. - networking.firewall = { - enable = true; - - # Allow anyone to connect on SSH port - allowedTCPPorts = [ - (builtins.head ({ openssh.ports = [22]; } // config.services).openssh.ports) - ]; - - # Allow specific hosts access to specific things in the cluster - extraCommands = '' - # Allow everything from router (usefull for UPnP/IGD) - iptables -A INPUT -s 192.168.1.254 -j ACCEPT - - # Allow docker containers to access all ports - iptables -A INPUT -s 172.17.0.0/16 -j ACCEPT - - # Allow other nodes on VPN to access all ports - iptables -A INPUT -s 10.42.0.0/16 -j ACCEPT - ''; - - # When stopping firewall, delete all rules that were configured manually above - extraStopCommands = '' - iptables -D INPUT -s 192.168.1.254 -j ACCEPT - iptables -D INPUT -s 172.17.0.0/16 -j ACCEPT - iptables -D INPUT -s 10.42.0.0/16 -j ACCEPT - ''; - }; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions -- cgit v1.2.3