hydra: bayfront: Add Wireguard service.

* hydra/bayfront.scm: Add Wireguard service. * doc/cuirass.org (External machines): Update it.
2023-12-14 03:33:04 +01:00 · 2021-12-21 15:54:55 +01:00 · 2021-12-21 15:54:55 +01:00 · 969c0b5594
commit 969c0b5594
parent 8a7e2006fe
2 changed files with 15 additions and 1 deletions
--- a/doc/cuirass.org
+++ b/doc/cuirass.org
@ -25,6 +25,7 @@ network. The next section describes how to add a new external machine.
 | pankow     |  10.0.0.8 | Ricardo Wurmus        |
 | kreuzberg  |  10.0.0.9 | Ricardo Wurmus        |
 | grunewald  | 10.0.0.10 | Ricardo Wurmus        |
+| bayfront   | 10.0.0.11 | Andreas Enge          |

 * Connect an external machine

--- a/hydra/bayfront.scm
+++ b/hydra/bayfront.scm
@ -5,13 +5,14 @@
 ;; Copyright © 2019 Julien Lepiller <julien@lepiller.eu>
 ;; Copyright © 2020, 2021 Christopher Baines <mail@cbaines.net>
 ;; Copyright © 2020, 2021 Tobias Geerinckx-Rice <me@tobias.gr>
+;; Copyright © 2021 Mathieu Othacehe <othacehe@gnu.org>
 ;; Released under the GNU GPLv3 or any later version.

 (use-modules (gnu) (guix) (guix packages) (guix git)
             (sysadmin people) (sysadmin services)
             (sysadmin dns) (sysadmin web))
 (use-service-modules admin avahi base certbot databases dns
-                     monitoring networking shepherd ssh web mcron guix)
+                     monitoring networking shepherd ssh vpn web mcron guix)
 (use-package-modules admin certs ci databases linux ssh tls vim
                     package-management web wget)

@ -901,6 +902,18 @@ access_log  /var/log/nginx/bordeaux.access.log;"))

    firewall-service

+    (service wireguard-service-type
+             (wireguard-configuration
+              (addresses '("10.0.0.11/32"))
+              (peers
+               (list
+                (wireguard-peer
+                 (name "peer")
+                 (endpoint "ci.guix.gnu.org:51820")
+                 (public-key "wOIfhHqQ+JQmskRS2qSvNRgZGh33UxFDi8uuSXOltF0=")
+                 (allowed-ips '("10.0.0.1/32"))
+                 (keep-alive 25))))))
+
    (service openssh-service-type)
    (service sysadmin-service-type %sysadmins)