Sigaint/vyos-config-lhm
2
0
Fork 0
mirror of https://github.com/sigaint-au/vyos-config-nsw01.git synced 2026-06-03 21:21:02 +00:00
Code Issues Projects Releases Packages Wiki Activity
No description
170 commits 2 branches 0 tags 174 KiB
  • Shell 100%
Find a file
Exact
Mark Hahl f3876b7efc add hairpin nat for hosting net
2026-05-30 20:02:57 +10:00
config-parts add hairpin nat for hosting net 2026-05-30 20:02:57 +10:00
hosts admin and wifi fw 2025-01-30 10:06:18 +11:00
scripts remove stream message 2025-12-30 10:27:18 +11:00
secrets update certs 2025-12-29 17:34:49 +11:00
.gitignore feat: load pem from certs 2025-12-27 21:14:06 +11:00
apply-config.sh feat: load pem from certs 2025-12-27 21:14:06 +11:00
README.md add ADMIN zone WAN connectivity. 2025-07-18 08:50:54 +10:00

README.md

VyOS Configuration

Manage your VyOS device configuration.

Setup

Getting the code

Clone the code onto your vyos machine into the '/'

Secrets

Secrets are stored in the secrets/* directory are are gpg encrypted. The file looks like the following example:

# interface wireguard
export secret_wireguard_wg600_private_key="NGZiMmJlMDAtZDQ2OS0xMWVmLWExYTItODRhOTNlNzM0ODI3Cg=="
export secret_wireguard_wg600_public_key="NTRmYjE1OGMtZDQ2OS0xMWVmLWExYTItODRhOTNlNzM0ODI3Cg=="
export secret_dns_dynamic_cloudflare_password="5e11dbdd-d469-11ef-a1a2-84a93e734827"

These export the secrets are environment variables are are substuted into any lines in the config-parts/*.sh files. To use a secret in an interface for wireguard you might have the following configuration:

set interfaces wireguard wg600 peer Site__ABC public-key "$secret_wireguard_wg600_public_key"
set interfaces wireguard wg600 private-key "$secret_wireguard_wg600_private_key"

TODO

  • Remove temp rules for WIFI-ADMIN
  • Fix IPV6 on NET_NSW01_MGMT.
  • Fix IPv6 LOCAL-WAN-6 to work correctly.
  • Fix ADMIN-WAN-6 and WAN-ADMIN-6 and NET_NSW1_ADMIN for v6