diff options
author | Franck Cuny <franck@fcuny.net> | 2022-02-21 13:33:51 -0800 |
---|---|---|
committer | Franck Cuny <franck@fcuny.net> | 2022-02-21 13:33:51 -0800 |
commit | cd9c8ec5fdbe4874c7be95c80f8ab86999b30390 (patch) | |
tree | 513331627090ae863c064cf2662ba77906e6f54a /docs | |
parent | secrets: initial config and a first secret (diff) | |
download | world-cd9c8ec5fdbe4874c7be95c80f8ab86999b30390.tar.gz |
wireguard: module and peers configurations
Add a new module to automatically configure the peers for wireguard. The module needs a configuration file (in `configs/wireguard.toml`) which lists all the peers, their IP and and their public keys. The secret keys is encrypted as a secret with agenix. There's some initial documentation on how to use this setup.
Diffstat (limited to 'docs')
-rw-r--r-- | docs/wireguard.org | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/docs/wireguard.org b/docs/wireguard.org new file mode 100644 index 0000000..154c159 --- /dev/null +++ b/docs/wireguard.org @@ -0,0 +1,21 @@ +#+TITLE: Configuration for wireguard + +* Creating the keys +We need a key for the host: +#+begin_src sh +(umask 0077; wg genkey > peer_A.key) +#+end_src + +Next we create the public key: +#+begin_src sh +wg pubkey < peer_A.key > peer_A.pub +#+end_src + +Now we need to add the private key to the list of secrets: +#+begin_src sh +nix run github:ryantm/agenix -- -e secrets/network/<host name>/wireguard_privatekey.age +#+end_src + +Once this is done, update [[file:~/workspace/world/configs/wireguard.toml][wireguard.toml]] to add the new peer with the public key. + +Once this is completed, we can delete the files =peer_A.key= and =peer_A.pub=. |