add revision-dect-vpn

libs/s2s.py

@@ -5,7 +5,7 @@ AS_NUMBERS = {
     'home':         4290000138,
     'htz-cloud':    4290000137,
     'ionos':        4290000002,
-    'glauca':       4290207960,
+    'revision':     4290000078,
 }
 
 WG_AUTOGEN_NODES = [

nodes/htz-cloud/wireguard.py

@@ -51,6 +51,7 @@ nodes['htz-cloud.wireguard'] = {
                 '50-wireguard': [
                     'udp dport 1194 accept',
                     'udp dport 51800 accept',
+                    'udp dport 51804 accept',
 
                     # wg.c3voc.de
                     'udp dport 51801 ip saddr 185.106.84.42 accept',
@@ -117,6 +118,13 @@ nodes['htz-cloud.wireguard'] = {
                     'psk': vault.decrypt('encrypt$gAAAAABnc7LZSHWmOOQJpbtnpMn9QuWnbiB-6rShwgqbilVd45GzkUwOfEHBw28P_TVm9XJgFiQPOIo12DdxPCzSxKRtcqzji72QCzTlze4ZYWjL-iHm7TydLcKzXOTCO42LKpkMPUgR'),
                     'pubkey': vault.decrypt('encrypt$gAAAAABnc7LZpfAeig8yCdcZ-NegshXl-DmkJr0F2OlQR2fqhVnrfKPjgOu-5Cq09KnhdvhomGx_9ZtoFS_3OsVqcFHEasBh27aQN41xZPzEN5-qIPQRnmVoTHpufcU6tC-37Fq-PeAE'),
                 },
+                'revision-dect-vpn': {
+                    'endpoint': None,
+                    'exclude_from_monitoring': True,
+                    'my_port': 51804,
+                    'my_ip': '172.19.136.66',
+                    'their_ip': '172.19.136.67',
+                },
             },
         },
     },

nodes/revision-dect-vpn.toml

@@ -0,0 +1,26 @@
+hostname = "10.1.3.252"
+bundles = ["bird", "wireguard"]
+groups = ["debian-bookworm"]
+
+[metadata]
+location = "revision"
+icinga_options.exclude_from_monitoring = true
+
+[metadata.bird]
+static_routes = [
+    "10.1.3.0/24",
+]
+
+[metadata.interfaces.ens18]
+ips = ["10.1.3.252/24"]
+gateway4 = "10.1.3.1"
+
+[metadata.nftables.postrouting]
+"50-router" = [
+    "oifname ens18 masquerade",
+]
+
+[metadata.wireguard.peers."htz-cloud.wireguard"]
+my_port = 51804
+my_ip = "172.19.136.67"
+their_ip = "172.19.136.66"