Pete KeenOn the plus side, I have _almost_ all machine to machine comms going over my static #IPv6 #wireguard mesh. The couple remaining things are related to my certificate and DNS setup which are things I hesitate to change at the end of a long day. One of them is going to require moving an authoritative DNS server elsewhere.
Nogweii S@zrail very cool! Do you assign the IPv6 addresses according to a scheme/pattern, or is it just incremental? And how do you manage transmitting the pubkey data? By hand?
@nogweii pubkeys and pairwise psks are in a json file checked in next to all the rest of my homelab stuff. Mesh deploy generates a wg-quick config and install script for each machine, scps it there over tailscale, and executes it.
Addresses are a /48 ULA + first 80 bits of SHA256(hostname).
(Yes tailscale. It's really useful at the moment as a management plane but I want to get it out of the data plane as much as possible)