hide sigma-p2p address

2024-03-29 20:36:24 +01:00 · 2024-03-29 20:36:24 +01:00 · 6c947dca0c
parent e33a9538fb
commit 6c947dca0c
3 changed files with 15 additions and 15 deletions
--- a/flake.lock
+++ b/flake.lock
@ -165,11 +165,11 @@
    },
    "secrets": {
      "locked": {
-        "lastModified": 1711641020,
-        "narHash": "sha256-und6yndmaPsS/wEkqrEvN02VbK+HCFz0zglRNaZeCJI=",
+        "lastModified": 1711740735,
+        "narHash": "sha256-/NmklXfLak65luQoMsUl539faoabD+lo7P9fNDaXkic=",
        "ref": "refs/heads/master",
-        "rev": "057f8a2b8cd29a70764004d035a6a9e33c73f4ff",
-        "revCount": 5,
+        "rev": "42e5e76765daf6dd36fa195a5a424d8d69c15dfa",
+        "revCount": 6,
        "type": "git",
        "url": "ssh://git@git.caspervk.net/caspervk/nixos-secrets.git"
      },
--- a/hosts/alpha/network.nix
+++ b/hosts/alpha/network.nix
@ -45,9 +45,9 @@
      name = "wg-sigma-public";
    };

-    # The following routes traffic destined for 116.203.6.156 (floating IP) to
-    # sigma through wireguard. This allows the server to have a public address
-    # and help others sail the high seas even though it is behind NAT.
+    # The following routes traffic destined for the sigma-p2p address (floating
+    # IP) to sigma through wireguard. This allows the server to have a public
+    # address and help others sail the high seas even though it is behind NAT.
    netdevs."51-wg-sigma-p2p" = {
      netdevConfig = {
        Name = "wg-sigma-p2p";
@ -62,7 +62,7 @@
          wireguardPeerConfig = {
            PublicKey = "sigmaH/DKSU8KWyrPtucYmS2ewUvDvCNLxd/qYEo0n0=";
            PresharedKeyFile = config.age.secrets.wireguard-preshared-key-file.path;
-            AllowedIPs = ["116.203.6.156/32"];
+            AllowedIPs = ["${secrets.alpha.sigma-p2p-ip-address}/32"];
            RouteTable = "main";
          };
        }
--- a/hosts/omega/network.nix
+++ b/hosts/omega/network.nix
@ -6,8 +6,8 @@
  systemd.network = {
    config = {
      routeTables = {
-        "wg-sigma-public" = 822944075;
-        "wg-sigma-p2p" = 2553;
+        "wg-sigma-public" = 42;
+        "wg-sigma-p2p" = 6881;
      };
    };

@ -59,9 +59,9 @@
    };

    # The following establishes a wireguard tunnel to alpha and configures
-    # receiving traffic destined for 116.203.6.156. This allows the server to
-    # have a public address and help others sail the high seas even though it
-    # is behind NAT.
+    # receiving traffic destined for the sigma-p2p address. This allows the
+    # server to have a public address and help others sail the high seas even
+    # though it is behind NAT.
    netdevs."51-wg-sigma-p2p" = {
      netdevConfig = {
        Name = "wg-sigma-p2p";
@ -85,11 +85,11 @@
    };
    networks."wg-sigma-p2p" = {
      name = "wg-sigma-p2p";
-      address = ["116.203.6.156/32"];
+      address = ["${secrets.sigma.sigma-p2p-ip-address}/32"];
      routingPolicyRules = [
        {
          routingPolicyRuleConfig = {
-            From = "116.203.6.156/32";
+            From = "${secrets.sigma.sigma-p2p-ip-address}/32";
            Table = "wg-sigma-p2p";
          };
        }