update maura config

darwin/frodo/darwin.nix

@@ -78,8 +78,8 @@
     uutils-coreutils
     yt-dlp
 
-    wireguard-tools
-    wireguard-go
+    #wireguard-tools
+    #wireguard-go
 
     # emacs language servers
     elixir_ls

hosts/maura/links.nix

 { ... }:
 
 {
-  k.wg = {
-    enable = true;
-    id = 151;
-  };
-
   systemd.network = {
     links."10-eth0" = {
       matchConfig.MACAddress = "c6:a5:dd:5d:42:d9";
@@ -14,20 +9,11 @@
     networks."10-eth0" = {
       name = "eth0";
       DHCP = "yes";
+      routes = [{
+        Destination = "10.84.34.8/29";
+        Table = "babel";
+      }];
     };
-
-    links."10-br-vpn" = {
-      matchConfig.MACAddress = "4a:76:cb:bb:5f:6e";
-      linkConfig.Name = "br-vpn";
-    };
-    networks."10-br-vpn" = {
-      name = "br-vpn";
-      DHCP = "no";
-      addresses = [{ Address = "10.84.32.144/30"; }];
-    };
-
-    # disable legacy wg0
-    netdevs."30-wg0".enable = false;
   };
 
   k.strongswan = {
@@ -40,35 +26,37 @@
         v4 = 144;
         v6 = "59b2";
       };
-      bird.extraConfig = ''
-        protocol direct direct_frodo {
-          interface "br-vpn";
-          ipv6 {
-            table babel6;
-            import filter {
-              if net_vpn() then accept;
-              reject;
-            };
-          };
-          ipv4 {
-            table babel4;
-            import filter {
-              if net_vpn() then accept;
-              reject;
-            };
-          };
-        }
-      '';
+      /* bird.extraConfig = ''
+           protocol direct direct_frodo {
+             interface "eth0";
+             ipv6 {
+               table babel6;
+               import filter {
+                 if net_vpn() then accept;
+                 reject;
+               };
+             };
+             ipv4 {
+               table babel4;
+               import filter {
+                 if net_vpn() then accept;
+                 reject;
+               };
+             };
+           }
+         '';
+      */
     };
   };
   k.vpn.monitoring.mobile = true;
 
-  boot.kernel.sysctl = {
-    "net.ipv4.ip_forward" = 1;
-    "net.ipv6.conf.all.forwarding" = 1;
+  # network overrides
+  services.strongswan-swanctl.swanctl = {
+    connections.babel-elros.remote_addrs = [ "10.84.16.1" ];
+    connections.babel-elrond.remote_addrs = [ "10.84.19.1" ];
   };
 
-  networking.firewall.extraForwardRules = ''
+  Networking.firewall.extraForwardRules = ''
     oifname "br-vpn" accept;
     iifname "br-vpn" oifname "gre-*" accept;
   '';

hosts/vaire/default.nix

@@ -9,7 +9,7 @@
     ../../profiles/postgres.nix
 
     ../../services/netbox
-    ../../services/kitchenowl
+    #../../services/kitchenowl
     ../../services/snipe-it
     ../../services/hedgedoc
     ../../services/vpn-acme-ca

modules/kloenk/strongswan/babel.nix

@@ -64,6 +64,11 @@ in {
       iifname "gre-*" oifname "gre-*" accept;
     '';
 
+    boot.kernel.sysctl = {
+      "net.ipv4.ip_forward" = 1;
+      "net.ipv6.conf.all.forwarding" = 1;
+    };
+
     services.strongswan-swanctl.swanctl = {
       connections = lib.mapAttrs' (name: remote: {
         name = "babel-${name}";

services/knot-dns/primary/zones/common.nix

@@ -161,7 +161,7 @@ in {
     };
 
     frodo = host {
-      v4 = "10.84.32.145";
+      v4 = "10.84.34.10";
       v6 = "fd4c:1796:6b06:59b2::2";
     };