diff --git a/shared/commons.nix b/shared/commons.nix index 5256d58..1ebdd98 100755 --- a/shared/commons.nix +++ b/shared/commons.nix @@ -8,7 +8,6 @@ ./commons/sudo.nix ./commons/networking.nix ./commons/mesh.nix - ./commons/forward.nix ./commons/nftables.nix ]; } \ No newline at end of file diff --git a/shared/commons/mesh.nix b/shared/commons/mesh.nix index e1c7fc1..60e17f8 100644 --- a/shared/commons/mesh.nix +++ b/shared/commons/mesh.nix @@ -36,9 +36,9 @@ let if4 = { "mesh-${shorten peerName}-${toString remoteZone}-${toString remoteId}" = { ips = [ - "172.19.${toString myId}.${toString myId}/32" + "172.19.0.${toString myId}/32" "172.19.${toString myId}.${toString remoteId}/32" - "fc00::${toString myId}:${toString myId}/128" + "fc00::${toString myId}/128" "fc00::${toString myId}:${toString remoteId}/128" ]; privateKeyFile = config.age.secrets."wg-private-zone-${toString myZone}-id-${toString myId}".path; @@ -48,6 +48,7 @@ let publicKey = peerConfig.wg-pub; allowedIPs = [ # Allow mesh trafic + "172.19.0.${toString peerConfig.id}/32" "172.19.${toString peerConfig.id}.0/24" "fc00::${toString peerConfig.id}:0/96" # Allow mgmt transport @@ -71,6 +72,10 @@ let ${pkgs.iproute2}/bin/ip route replace 172.19.${toString peerConfig.id}.0/24 dev mesh-${shorten peerName}-${toString peerConfig.zone}-${toString peerConfig.id} scope link ${pkgs.iproute2}/bin/ip -6 route replace fc00::${toString peerConfig.id}:0/112 dev mesh-${shorten peerName}-${toString peerConfig.zone}-${toString peerConfig.id} scope link + # Nodes self ip + ${pkgs.iproute2}/bin/ip route replace 172.19.0.${toString peerConfig.id}/32 dev mesh-${shorten peerName}-${toString peerConfig.zone}-${toString peerConfig.id} scope link + ${pkgs.iproute2}/bin/ip -6 route replace fc00::${toString peerConfig.id}/128 dev mesh-${shorten peerName}-${toString peerConfig.zone}-${toString peerConfig.id} scope link + # Return path for mgmt trafic ${if lib.elem peerName mapping.bastion then '' ${pkgs.iproute2}/bin/ip route replace 172.19.${toString (peerConfig.zone + 127)}.0/24 via 172.19.${toString peerConfig.id}.${toString myId} dev mesh-${shorten peerName}-${toString peerConfig.zone}-${toString peerConfig.id} diff --git a/shared/users.nix b/shared/users.nix index 0f2ad39..7567850 100644 --- a/shared/users.nix +++ b/shared/users.nix @@ -43,5 +43,15 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIGmU7yEOCGuGNt4PlQbzd0Cms1RePpo8yEA7Ij/+TdA soyouzpanda" ]; }; + users.users.raito = { + isNormalUser = true; + uid = 2005; + home = "/home/raito"; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcEkYM1r8QVNM/G5CxJInEdoBCWjEHHDdHlzDYNSUIdHHsn04QY+XI67AdMCm8w30GZnLUIj5RiJEWXREUApby0GrfxGGcy8otforygfgtmuUKAUEHdU2MMwrQI7RtTZ8oQ0USRGuqvmegxz3l5caVU7qGvBllJ4NUHXrkZSja2/51vq80RF4MKkDGiz7xUTixI2UcBwQBCA/kQedKV9G28EH+1XfvePqmMivZjl+7VyHsgUVj9eRGA1XWFw59UPZG8a7VkxO/Eb3K9NF297HUAcFMcbY6cPFi9AaBgu3VC4eetDnoN/+xT1owiHi7BReQhGAy/6cdf7C/my5ehZwD" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiXXYkhRh+s7ixZ8rvG8ntIqd6FELQ9hh7HoaHQJRPU" + ]; + }; } \ No newline at end of file