prefect: Update wireguard allowed ips

2022-09-12 12:59:21 -04:00 · 2022-09-12 12:59:21 -04:00 · 0bfca01749
commit 0bfca01749
parent 979cb9ae5b
1 changed files with 13 additions and 1 deletions
--- a/hosts/prefect/networking.nix
+++ b/hosts/prefect/networking.nix
@ -40,12 +40,24 @@
              publicKey = "wW5iNQcNa9VphZWicMdc8k7lJbVrXPMtzmWsHBwPqE0=";
              persistentKeepalive = 15;
              dynamicEndpointRefreshSeconds = 5;
-              allowedIPs = [ "0.0.0.0/0" ];
+              allowedIPs = [
+                "172.20.43.96/27"
+                "172.20.0.0/24"
+                "172.21.0.0/24"
+                "172.22.0.0/24"
+                "172.23.0.0/24"
+                "172.20.0.0/14"
+                "10.100.0.0/14"
+                "10.127.0.0/16"
+                "10.0.0.0/8"
+                "172.31.0.0/16"
+              ];
            }
          ];
          postSetup = ''
            ${pkgs.iproute}/bin/ip addr add 172.20.43.96/32 peer 172.20.43.97/32 dev wg0
            ${pkgs.iproute}/bin/ip -6 addr add fe80::1/64 peer fe80::2/64 dev wg0
+            ${pkgs.iproute}/bin/ip route del default dev wg0
          '';
        };
      };