Commit `941e7e2eaa3c`

Vincent Demeester <vincent@sbr.pm>

2026-04-07 22:42:03

feat(vpn): cutover wireguard from kerkouane to carthage

Switched VPN server from DigitalOcean (kerkouane) to Hetzner (carthage). Updated endpoint IP, peer public key, and vpnServer reference across globals, wireguard client config, and nagoya's static config.

main

1 parent 9d6e943

Changed files (3)

systems

common

services

wireguard.nix

nagoya

system.nix

globals.nix

@@ -1,6 +1,6 @@
 # Auto-derive WireGuard client config from hostname + globals.
 # VPN servers (kerkouane/carthage) are excluded — they keep their own server config.
-# MIGRATION: Change vpnServer from "kerkouane" to "carthage" during cutover.
+# MIGRATION: Cutover done 2026-04-02 — vpnServer is now "carthage" (Hetzner).
 {
   hostname,
   globals,
@@ -11,7 +11,7 @@
 let
   # The active VPN server hostname.
   # Change to "carthage" when cutting over from DigitalOcean to Hetzner.
-  vpnServer = "kerkouane";
+  vpnServer = "carthage";
 
   machine = globals.machines.${hostname};
   isServer = hostname == "kerkouane" || hostname == "carthage";

@@ -86,9 +86,9 @@
         Address = 10.100.0.80/24
 
         [Peer]
-        PublicKey = +H3fxErP9HoFUrPgU19ra9+GDLQw+VwvLWx3lMct7QI=
+        PublicKey = PQD1dtxhy9NMbmfy2OQPeLiQg0Alcfa1Mo4HVN5WqgA=
         AllowedIPs = 10.100.0.0/24
-        Endpoint = 167.99.17.238:51820
+        Endpoint = 46.224.100.116:51820
         PersistentKeepalive = 25
       '';
       mode = "0600";

@@ -79,7 +79,7 @@ _: {
       ];
     };
     vpn = {
-      endpoint = "167.99.17.238";
+      endpoint = "46.224.100.116";
     };
     nfs = {
       defaultHosts = {

Commit 941e7e2eaa3c

Commit `941e7e2eaa3c`