From eb8bf2bcf773caf5ddb12b1077a879dcb63dd28f Mon Sep 17 00:00:00 2001 From: Alexander Wallau Date: Tue, 9 Apr 2024 23:40:12 +0200 Subject: [PATCH] Make wireguard trusted for easier testing and fix kipchoge timeserver --- machines/kipchoge/configuration.nix | 8 ++++++-- machines/mayer/configuration.nix | 7 +++++-- machines/phelps/configuration.nix | 2 +- 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/machines/kipchoge/configuration.nix b/machines/kipchoge/configuration.nix index e19b56a..2d1f38b 100644 --- a/machines/kipchoge/configuration.nix +++ b/machines/kipchoge/configuration.nix @@ -137,10 +137,14 @@ git ]; networking = { + firewall.trustedInterfaces = ["wg0" "wg1" ]; nameservers = [ "1.1.1.1" "1.0.0.1" ]; # Fallback ntp service, this one being T-Online - timeServers = [ "194.25.134.196" ]; - trustedInterfaces = ["wg0" "wg1" ]; + ttimeServers = [ + "ptbtime1.ptb.de" + "ptbtime2.ptb.de" + "ptbtime3.ptb.de" + ]; hostName = "kipchoge"; }; } diff --git a/machines/mayer/configuration.nix b/machines/mayer/configuration.nix index e5a71ad..4068701 100644 --- a/machines/mayer/configuration.nix +++ b/machines/mayer/configuration.nix @@ -99,7 +99,10 @@ interface = "ens3"; }; - firewall = { allowedTCPPorts = [ 443 80 9100 9115 ]; }; + firewall = { + allowedTCPPorts = [ 443 80 9100 9115 ]; + trustedInterfaces = ["wg0" ]; + }; nameservers = [ "192.168.69.1" "1.1.1.1" ]; # Fallback ntp service, this one being T-Online @@ -108,7 +111,7 @@ "ptbtime2.ptb.de" "ptbtime3.ptb.de" ]; - trustedInterfaces = ["wg0" ]; + hostName = "mayer"; }; diff --git a/machines/phelps/configuration.nix b/machines/phelps/configuration.nix index fc2aafe..09ebafb 100644 --- a/machines/phelps/configuration.nix +++ b/machines/phelps/configuration.nix @@ -70,6 +70,7 @@ networking = { firewall = { allowedTCPPorts = [ 443 80 ]; + trustedInterfaces = [ "wg0" ]; }; nameservers = [ "192.168.69.1" "1.1.1.1" ]; timeServers = [ @@ -77,7 +78,6 @@ "ptbtime2.ptb.de" "ptbtime3.ptb.de" ]; - trustedInterfaces = ["wg0"]; hostName = "phelps"; }; }