bundlewrap/nodes/htz-cloud/wireguard.py

114 lines
4 KiB
Python

nodes['htz-cloud.wireguard'] = {
'hostname': '162.55.54.226',
'bundles': {
'bird',
'wireguard',
},
'groups': {
'debian-bookworm',
},
'metadata': {
'interfaces': {
'eth0': {
'ips': {
'162.55.54.226',
'2a01:4f8:1c1c:884d::1/64'
},
'gateway4': '172.31.1.1',
'gateway6': 'fe80::1'
},
'ens10': {
'ips': {
'172.19.137.2/32',
},
'routes': {
'172.19.137.0/24': {
'via': '172.19.137.1',
},
},
},
},
'backups': {
'exclude_from_backups': True,
},
'bird': {
'static_routes': {
'10.73.0.0/16',
'172.19.137.0/24',
'172.19.136.62/31',
'172.19.136.64/31',
'192.168.100.0/24',
},
},
'nftables': {
'forward': {
'50-router': [
'ct state { related, established } accept',
'oifname eth0 accept',
],
},
'input': {
'50-wireguard': [
'udp dport 1194 accept',
'udp dport 51800 accept',
# wg.c3voc.de
'udp dport 51801 ip saddr 185.106.84.42 accept',
'udp dport 51801 ip6 saddr 2001:67c:20a0:e::189 accept',
],
},
'postrouting': {
'50-router': [
'oifname eth0 masquerade',
],
},
},
'vm': {
'cpu': 1,
'ram': 2,
},
'wireguard': {
'snat_ip': '172.19.137.2',
'peers': {
'c3voc': {
'endpoint': 'wg.c3voc.de:13337',
'my_ip': '10.44.0.35/24',
'my_port': 51801,
'their_ip': '10.44.0.1',
'pubkey': vault.decrypt('encrypt$gAAAAABl_fnDW_9u0RLQpKmiE9V-4DjEcEVSaGp5NohG8tBD3tayGkrDd-LahgeEhDeWlCnoomErZi6HHCag3ODeoKivPr9F_UfdKPEOlCoDkMahqud8p5_3edi-TvIt30Bq_45yeIOo'),
'masquerade': True,
'routes': {
'10.73.0.0/16',
},
},
'fra-jana': {
'endpoint': 'gw.as212226.net:40000',
'my_ip': '192.168.48.11/24',
'my_port': 51802,
'their_ip': '192.168.48.1',
'pubkey': vault.decrypt('encrypt$gAAAAABnCA7M0Jg0cQwIaYCYEYN74MOSQK30rbhxD6tDIi2VEBqPh-UHrt7MdRzI4AUZ-p0MzjIdsps_DdGBkUTwA_UKD15Q_tg_LJNwDb04zvgSqc3hnJ4jeS2ZZEED0T1dVJ7E0YNS'),
'masquerade': True,
'routes': {
'192.168.100.0/24',
},
},
'kunsi-oneplus7': {
'endpoint': None,
'exclude_from_monitoring': True,
'my_ip': '172.19.136.62',
'my_port': 51800,
'their_ip': '172.19.136.63',
'psk': vault.decrypt('encrypt$gAAAAABlbr26kyQ_DNIObVNtG31e1uSZkfDKH9Y1tzq8ZNSAMeuEh30cMJBZQskLLYqt5HUGd-YFwYQB_E7oa-WWbHmDh4vAxJ22Efr85tA0TWsgkc2KvKHqZrNo-GCXhxCqs7SqhW1C'),
'pubkey': vault.decrypt('encrypt$gAAAAABlbr27doNVsPXF7hMpAp93fP-h_jlW10zycZAHy05r4R7rOZrLqf5b-lhdamx_kQxypYtcW-jOCYgcqWNsId7RluEmFo3drFuUYKIa32YU_U0Pe5EjVRFz_tuf9NRPPugmHb22'),
},
'kunsi-p14s': {
'endpoint': None,
'exclude_from_monitoring': True,
'my_ip': '172.19.136.64',
'my_port': 1194,
'their_ip': '172.19.136.65',
},
},
},
},
}