This commit is contained in:
parent
d32ce1e215
commit
785b34b0fe
3 changed files with 26 additions and 93 deletions
|
@ -1,26 +0,0 @@
|
|||
{
|
||||
"version": "ENC[AES256_GCM,data:0w==,iv:G3rLUS9npUCPBnD3kBAAWWEUxI0C3IxzCw/pv44w2WU=,tag:XRNcrozkJKoPzZ1IeDAVtA==,type:float]",
|
||||
"terraform_version": "ENC[AES256_GCM,data:0b5iY2Q=,iv:4rhvvkWVpHSDXS3LgN/chnrDAbBXU9tBe7pENIrph40=,tag:YTWEFVgZX6ndpndKY61d6Q==,type:str]",
|
||||
"serial": "ENC[AES256_GCM,data:rw==,iv:8BBMYzcTkSByfjlEY426uitbq6jy2f6y3xLXhzIoYUw=,tag:o2z/yZBS44KV+DwpnnjpgQ==,type:float]",
|
||||
"lineage": "ENC[AES256_GCM,data:zRSoPA0cHclE8K+sDEpKmnTLRo488j3UlW+UudN/rSZuh/13,iv:yux3HnuviGOyDG40FKSwXdQhzb9YKDDVbc778FkK0A8=,tag:Oj6pjjDhCSHYrCV7bCcvvg==,type:str]",
|
||||
"outputs": {},
|
||||
"resources": [],
|
||||
"check_results": null,
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1cl3d4wtrrqrgldmrzpu53q2mk60r7hrhrymsrwss8s57z4mdv9fst4a55h",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBETTlBbCsyWlJ2VXM3ZTBY\nSWVQbDhhQzFVVzBlMmZNVW1rS3Zmb2xadGhVCmVQYmRKaWw3Ym9CeUkzeGlFSnRt\naWtoaGpPSkpoTnRMMFMxTlE1UkV2eW8KLS0tIHN1R0FFY1R4MlZhNjBiZlZZVWlj\ndUVOZlRQWkhQb0djZ2FMMHU1b3pHcDQKbAT356aMElIFXdFWWypcfnoacGSKIzo6\nm+JEnaumurm1xEs83ueLxZ5vqv6AqamUXVUDDZR0tAtIWJK+NLKDOg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2025-03-25T21:06:34Z",
|
||||
"mac": "ENC[AES256_GCM,data:uag6KNOfHPzt6PxH9eyj8rjpslmlWVL0OswsgjBLCBKKw8MVqSDv06U5IOP/LEnUs9P0jQ7tWkvd9XFqCb5Ge7lY2L3RYjUM1zsxumGwrUwvCL/aHmnJ6kGDIWnMBiNiv/VMR+nskJWcHmnRVFYU7doAKgrtGzzeh/XO+Ts7LAU=,iv:yWUy4deSEftX64joHJ8uIo4SRyjEzbZtJBvBk5R2AQc=,tag:iQCSiYSlJ4/tZ8f/0Go50w==,type:str]",
|
||||
"pgp": null,
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.9.4"
|
||||
}
|
||||
}
|
|
@ -56,7 +56,7 @@ configure node:
|
|||
tailscale ssh "root@${node}-network-tjo-cloud" <<'EOL'
|
||||
tailscale up \
|
||||
--advertise-routes=10.0.0.0/16,fd74:6a6f:0::/48 \
|
||||
--snat-subnet-routes=false \
|
||||
--snat-subnet-routes=true \
|
||||
--accept-dns=false \
|
||||
--ssh \
|
||||
--reset
|
||||
|
|
|
@ -4,14 +4,9 @@ config defaults
|
|||
option forward 'REJECT'
|
||||
option synflood_protect '1'
|
||||
|
||||
config zone
|
||||
option name 'lan'
|
||||
option input 'ACCEPT'
|
||||
option output 'ACCEPT'
|
||||
option forward 'ACCEPT'
|
||||
list network 'lan'
|
||||
list network 'lan_vip'
|
||||
|
||||
##
|
||||
# WAN
|
||||
##
|
||||
config zone
|
||||
option name 'wan'
|
||||
list network 'wan'
|
||||
|
@ -23,9 +18,12 @@ config zone
|
|||
option masq6 '1'
|
||||
option mtu_fix '1'
|
||||
|
||||
config forwarding
|
||||
option src 'lan'
|
||||
option dest 'wan'
|
||||
config rule
|
||||
option name 'Allow-ZeroTier-Inbound'
|
||||
option src '*'
|
||||
option proto 'udp'
|
||||
option dest_port '9993'
|
||||
option target 'ACCEPT'
|
||||
|
||||
config rule
|
||||
option name 'Allow-DHCP-Renew'
|
||||
|
@ -120,6 +118,22 @@ config rule
|
|||
option proto 'udp'
|
||||
option target 'ACCEPT'
|
||||
|
||||
##
|
||||
# LAN
|
||||
##
|
||||
config zone
|
||||
option name 'lan'
|
||||
option input 'ACCEPT'
|
||||
option output 'ACCEPT'
|
||||
option forward 'ACCEPT'
|
||||
list network 'lan'
|
||||
list network 'lan_vip'
|
||||
list network 'zerotier'
|
||||
|
||||
config forwarding
|
||||
option src 'lan'
|
||||
option dest 'wan'
|
||||
|
||||
##
|
||||
# TAILSCALE
|
||||
##
|
||||
|
@ -136,65 +150,10 @@ config forwarding
|
|||
option src 'tailscale'
|
||||
option dest 'lan'
|
||||
|
||||
config forwarding
|
||||
option src 'tailscale'
|
||||
option dest 'zerotier'
|
||||
|
||||
config forwarding
|
||||
option src 'lan'
|
||||
option dest 'tailscale'
|
||||
|
||||
##
|
||||
# ZEROTIER
|
||||
##
|
||||
config zone
|
||||
option name 'zerotier'
|
||||
option input 'ACCEPT'
|
||||
option output 'ACCEPT'
|
||||
option forward 'ACCEPT'
|
||||
option masq '0'
|
||||
option mtu_fix '1'
|
||||
list network 'zerotier'
|
||||
|
||||
config forwarding
|
||||
option src 'zerotier'
|
||||
option dest 'lan'
|
||||
|
||||
config forwarding
|
||||
option src 'lan'
|
||||
option dest 'zerotier'
|
||||
|
||||
config rule
|
||||
option name 'Allow-ZeroTier-Inbound'
|
||||
option src '*'
|
||||
option proto 'udp'
|
||||
option dest_port '9993'
|
||||
option target 'ACCEPT'
|
||||
|
||||
##
|
||||
# ZEROTIER - TAILSCALE
|
||||
#
|
||||
# We need a specific zone to connect
|
||||
# zerotier to tailscale with masquerading.
|
||||
#
|
||||
##
|
||||
config zone
|
||||
option name 'zttots'
|
||||
option input 'ACCEPT'
|
||||
option output 'ACCEPT'
|
||||
option forward 'ACCEPT'
|
||||
option masq '1'
|
||||
option mtu_fix '1'
|
||||
list network 'zerotier'
|
||||
|
||||
config forwarding
|
||||
option src 'zttots'
|
||||
option dest 'tailscale'
|
||||
|
||||
config forwarding
|
||||
option src 'tailscale'
|
||||
option dest 'zttots'
|
||||
|
||||
##
|
||||
# INGRESS.TJO.CLOUD
|
||||
##
|
||||
|
|
Loading…
Reference in a new issue