diff --git a/nodes/htz-cloud/wireguard.py b/nodes/htz-cloud/wireguard.py index ac4a02a..90b15ad 100644 --- a/nodes/htz-cloud/wireguard.py +++ b/nodes/htz-cloud/wireguard.py @@ -34,6 +34,7 @@ nodes['htz-cloud.wireguard'] = { 'bird': { 'static_routes': { '172.19.137.0/24', + '172.19.136.64/31', }, }, 'nftables': { @@ -43,6 +44,9 @@ nodes['htz-cloud.wireguard'] = { 'inet filter forward oif eth0 accept', 'nat postrouting oif eth0 masquerade', ], + 'wg_special': [ + 'inet filter input udp dport 51819 accept', + ], }, }, 'vm': { @@ -51,6 +55,15 @@ nodes['htz-cloud.wireguard'] = { }, 'wireguard': { 'snat_ip': '172.19.137.2', + 'peers': { + 'kunsi-p14s': { + 'endpoint': None, + 'exclude_from_monitoring': True, + 'my_ip': '172.19.136.64', + 'my_port': 51819, + 'their_ip': '172.19.136.65', + }, + }, }, }, } diff --git a/nodes/kunsi-p14s.py b/nodes/kunsi-p14s.py index 30cc830..7c41354 100644 --- a/nodes/kunsi-p14s.py +++ b/nodes/kunsi-p14s.py @@ -11,6 +11,7 @@ nodes['kunsi-p14s'] = { 'telegraf-battery-usage', 'vmhost', 'voc-tracker-worker', + 'wireguard', 'zfs', }, 'groups': { @@ -164,6 +165,20 @@ nodes['kunsi-p14s'] = { 'token': vault.decrypt('encrypt$gAAAAABiYqaFl4CqOc8DTQIn49Qq0KgAJSzA19GKPNMbyHIjYg0JkvY0sK43ps8CbJWMRR6hJHVK-nP4vrWLwyoWWqt8N8aASMur4odC2s8pEHQKM0TXg4cRwobQz_lyJgrYa2VYdhcD'), 'secret': vault.decrypt('encrypt$gAAAAABiYqaYbY-3IbnRk-S25pqxrOGN7ovgPo3kBYz8ZqKDedPRzskKZefpLHxBbCOZKjg1XNT4cKbIs5cPCLdj7HdY4beAhnXl4EHZZdxU1zVC7sJCmz9XOS_Ac0UOgOlUFMiet14U'), }, + 'wireguard': { + 'peers': { + 'htz-cloud.wireguard': { + 'auto_connection': False, + 'endpoint': 'wireguard.htz-cloud.kunbox.net:51819', + 'my_ip': '172.19.136.65', + 'my_port': 51819, + 'their_ip': '172.19.136.64', + 'routes': { + '172.19.128.0/20', + }, + }, + }, + }, 'zfs': { 'pools': { 'zroot': {