add rottenraptor vpn

libs/s2s.py

@@ -6,6 +6,7 @@ AS_NUMBERS = {
     'htz-cloud':    4290000137,
     'ionos':        4290000002,
     'revision':     4290000078,
+    'rottenraptor': 4290000030,
 }
 
 WG_AUTOGEN_NODES = [

nodes/htz-cloud/wireguard.py

@@ -53,6 +53,7 @@ nodes['htz-cloud.wireguard'] = {
                     'udp dport 1194 accept',
                     'udp dport 51800 accept',
                     'udp dport 51804 accept',
+                    'udp dport 51805 accept',
 
                     # wg.c3voc.de
                     'udp dport 51801 ip saddr 185.106.84.42 accept',
@@ -126,6 +127,13 @@ nodes['htz-cloud.wireguard'] = {
                     'my_ip': '172.19.136.66',
                     'their_ip': '172.19.136.67',
                 },
+                'rottenraptor-vpn': {
+                    'endpoint': None,
+                    'exclude_from_monitoring': True,
+                    'my_port': 51805,
+                    'my_ip': '172.19.136.68',
+                    'their_ip': '172.19.136.69',
+                },
             },
         },
     },

nodes/rottenraptor-vpn.toml

@@ -0,0 +1,27 @@
+hostname = "172.30.17.53"
+bundles = ["bird", "wireguard"]
+groups = ["debian-bookworm"]
+
+[metadata]
+location = "rottenraptor"
+backups.exclude_from_backups = true
+icinga_options.exclude_from_monitoring = true
+
+[metadata.bird]
+static_routes = [
+    "172.30.17.0/24",
+]
+
+[metadata.interfaces.ens18]
+ips = ["172.30.17.53/24"]
+gateway4 = "172.30.17.1"
+
+[metadata.nftables.postrouting]
+"50-router" = [
+    "oifname ens18 masquerade",
+]
+
+[metadata.wireguard.peers."htz-cloud.wireguard"]
+my_port = 51804
+my_ip = "172.19.136.69"
+their_ip = "172.19.136.68"