diff --git a/libs/s2s.py b/libs/s2s.py index d7c9e9f..fe0fc4e 100644 --- a/libs/s2s.py +++ b/libs/s2s.py @@ -5,7 +5,7 @@ AS_NUMBERS = { 'home': 4290000138, 'htz-cloud': 4290000137, 'ionos': 4290000002, - 'glauca': 4290207960, + 'revision': 4290000078, } WG_AUTOGEN_NODES = [ diff --git a/nodes/htz-cloud/wireguard.py b/nodes/htz-cloud/wireguard.py index d7f97ff..3ceaf2d 100644 --- a/nodes/htz-cloud/wireguard.py +++ b/nodes/htz-cloud/wireguard.py @@ -51,6 +51,7 @@ nodes['htz-cloud.wireguard'] = { '50-wireguard': [ 'udp dport 1194 accept', 'udp dport 51800 accept', + 'udp dport 51804 accept', # wg.c3voc.de 'udp dport 51801 ip saddr 185.106.84.42 accept', @@ -117,6 +118,13 @@ nodes['htz-cloud.wireguard'] = { 'psk': vault.decrypt('encrypt$gAAAAABnc7LZSHWmOOQJpbtnpMn9QuWnbiB-6rShwgqbilVd45GzkUwOfEHBw28P_TVm9XJgFiQPOIo12DdxPCzSxKRtcqzji72QCzTlze4ZYWjL-iHm7TydLcKzXOTCO42LKpkMPUgR'), 'pubkey': vault.decrypt('encrypt$gAAAAABnc7LZpfAeig8yCdcZ-NegshXl-DmkJr0F2OlQR2fqhVnrfKPjgOu-5Cq09KnhdvhomGx_9ZtoFS_3OsVqcFHEasBh27aQN41xZPzEN5-qIPQRnmVoTHpufcU6tC-37Fq-PeAE'), }, + 'revision-dect-vpn': { + 'endpoint': None, + 'exclude_from_monitoring': True, + 'my_port': 51804, + 'my_ip': '172.19.136.66', + 'their_ip': '172.19.136.67', + }, }, }, }, diff --git a/nodes/revision-dect-vpn.toml b/nodes/revision-dect-vpn.toml new file mode 100644 index 0000000..5789358 --- /dev/null +++ b/nodes/revision-dect-vpn.toml @@ -0,0 +1,26 @@ +hostname = "10.1.3.252" +bundles = ["bird", "wireguard"] +groups = ["debian-bookworm"] + +[metadata] +location = "revision" +icinga_options.exclude_from_monitoring = true + +[metadata.bird] +static_routes = [ + "10.1.3.0/24", +] + +[metadata.interfaces.ens18] +ips = ["10.1.3.252/24"] +gateway4 = "10.1.3.1" + +[metadata.nftables.postrouting] +"50-router" = [ + "oifname ens18 masquerade", +] + +[metadata.wireguard.peers."htz-cloud.wireguard"] +my_port = 51804 +my_ip = "172.19.136.67" +their_ip = "172.19.136.66"