diff options
author | Franck Cuny <franck@fcuny.net> | 2023-04-05 18:55:20 -0700 |
---|---|---|
committer | Franck Cuny <franck@fcuny.net> | 2023-04-05 18:55:59 -0700 |
commit | 6d84c37249f56187023f54e15b89550388cefddf (patch) | |
tree | 2d210558ca392bad814fd463d90aa2fdbcae6c23 | |
parent | hosts/carmel: drop checkReversePath (diff) | |
download | world-6d84c37249f56187023f54e15b89550388cefddf.tar.gz |
hosts/carmel: add wireguard key
-rw-r--r-- | configs/wireguard.toml | 4 | ||||
-rw-r--r-- | hosts/carmel/networking.nix | 1 | ||||
-rw-r--r-- | hosts/carmel/secrets/secrets.nix | 9 | ||||
-rw-r--r-- | hosts/carmel/secrets/wireguard_privatekey.age | 13 |
4 files changed, 25 insertions, 2 deletions
diff --git a/configs/wireguard.toml b/configs/wireguard.toml index 6061847..f9dee16 100644 --- a/configs/wireguard.toml +++ b/configs/wireguard.toml @@ -10,9 +10,9 @@ ipv4 = 10 key = "SFlgoY+fQDUnI2D6Xp3JhqFKWsZABqahCv8IgKPWizA=" externalIp = "192.168.0.10" -[peers.rtr] +[peers.carmel] ipv4= 1 -key = "P4gxkIoQ9Ep6QqfTquJYbBkMPDJQkVE9v1eYh/uJwG8=" +key = "ifqsPWcc8nxwgpxRHmP6OUtvVYNQJj/CW8QIuxWqXGU=" externalIp = "192.168.0.1" [peers.tahoe] diff --git a/hosts/carmel/networking.nix b/hosts/carmel/networking.nix index 38dd7c8..5662104 100644 --- a/hosts/carmel/networking.nix +++ b/hosts/carmel/networking.nix @@ -107,5 +107,6 @@ in internalInterfaces = [ "mgmt0" "guest" "iot" ]; }; + networking.private-wireguard.enable = true; my.services.tailscale.enable = true; } diff --git a/hosts/carmel/secrets/secrets.nix b/hosts/carmel/secrets/secrets.nix new file mode 100644 index 0000000..c6f0b35 --- /dev/null +++ b/hosts/carmel/secrets/secrets.nix @@ -0,0 +1,9 @@ +let + root = "age1ey5kk4hufygu7wuw4p6dmtxaem08lshuk4p9nj0sw7ynh0lexvrsnudehr"; + fcuny = "age1keyvdhpspgqp4g5zjthdphau5q5qlt6fs0ex0wqnve66dmup9pzqn4sakj"; + backup = "age1fh4960rdrk4d7m4c5lwd3trvw9ylk09dvucj2gd2udy7d5cz2a0svcqws6"; + all = [ root fcuny backup ]; +in +{ + "wireguard_privatekey.age".publicKeys = all; +} diff --git a/hosts/carmel/secrets/wireguard_privatekey.age b/hosts/carmel/secrets/wireguard_privatekey.age new file mode 100644 index 0000000..09c9b6a --- /dev/null +++ b/hosts/carmel/secrets/wireguard_privatekey.age @@ -0,0 +1,13 @@ +age-encryption.org/v1 +-> X25519 FPkiLvi9JeC3vBiE8cEkaTCVbUsGkhabsAe3aGjXQgU +xiMkThXk5jqHpDBRvTfdBaTcp8onJxvT7aANkvgjTbE +-> X25519 oZwPWtnuEOFquxzbvNeO8kj5qhRhZGhncjqh1MpQRH8 +qORK1U5x5WIDqHN54m+mAgTVehF35QYoOF1/HRT07os +-> X25519 6qSLagkBc18qhavfkTlCl17ADvVyWeTKMEUZCIqwaXk +cXuJK0dr3+Vov3agaJDA0o+OEs0fFLaHapNBo9GvHx0 +-> J-grease ~`?4bjZ T9vNE:D N 1$3hAU[ +sMR56U11qdo+L37M02hD/EC6cJKrCaQZc8N2v+I8uXPvPHhRDHp8lQQBmSfyPaG6 +VaenaaWt+hH37CxKv0yJM7PcnHdTI2GshQ3MiWkfWrDlW8B6 +--- 9X5ZgTvWnS9+Z94gRRN2iyDFrixCC9lpFbhhTxnHOOA +Za +A}}%YGVU;@ΰ{eVEmŁa &!q;uB[¸< \ No newline at end of file |