add rottenraptor vpn

2025-04-23 10:58:10 +02:00 · 2025-04-23 10:58:10 +02:00 · 3ec701b2b6
commit 3ec701b2b6
parent f72f701a5a
3 changed files with 36 additions and 0 deletions
--- a/nodes/htz-cloud/wireguard.py
+++ b/nodes/htz-cloud/wireguard.py
@ -53,6 +53,7 @@ nodes['htz-cloud.wireguard'] = {
                    'udp dport 1194 accept',
                    'udp dport 51800 accept',
                    'udp dport 51804 accept',
+                    'udp dport 51805 accept',

                    # wg.c3voc.de
                    'udp dport 51801 ip saddr 185.106.84.42 accept',
@ -126,6 +127,13 @@ nodes['htz-cloud.wireguard'] = {
                    'my_ip': '172.19.136.66',
                    'their_ip': '172.19.136.67',
                },
+                'rottenraptor-vpn': {
+                    'endpoint': None,
+                    'exclude_from_monitoring': True,
+                    'my_port': 51805,
+                    'my_ip': '172.19.136.68',
+                    'their_ip': '172.19.136.69',
+                },
            },
        },
    },
--- a/nodes/rottenraptor-vpn.toml
+++ b/nodes/rottenraptor-vpn.toml
@ -0,0 +1,27 @@
+hostname = "172.30.17.53"
+bundles = ["bird", "wireguard"]
+groups = ["debian-bookworm"]
+
+[metadata]
+location = "rottenraptor"
+backups.exclude_from_backups = true
+icinga_options.exclude_from_monitoring = true
+
+[metadata.bird]
+static_routes = [
+    "172.30.17.0/24",
+]
+
+[metadata.interfaces.ens18]
+ips = ["172.30.17.53/24"]
+gateway4 = "172.30.17.1"
+
+[metadata.nftables.postrouting]
+"50-router" = [
+    "oifname ens18 masquerade",
+]
+
+[metadata.wireguard.peers."htz-cloud.wireguard"]
+my_port = 51804
+my_ip = "172.19.136.69"
+their_ip = "172.19.136.68"