3 files changed, 23 insertions, 0 deletions

diff --git a/hosts/carmel/networking.nix b/hosts/carmel/networking.nix
index 38dd7c8..5662104 100644
--- a/hosts/carmel/networking.nix
+++ b/hosts/carmel/networking.nix
@@ -107,5 +107,6 @@ in
     internalInterfaces = [ "mgmt0" "guest" "iot" ];
   };
 
+  networking.private-wireguard.enable = true;
   my.services.tailscale.enable = true;
 }
diff --git a/hosts/carmel/secrets/secrets.nix b/hosts/carmel/secrets/secrets.nix
new file mode 100644
index 0000000..c6f0b35
--- /dev/null
+++ b/hosts/carmel/secrets/secrets.nix
@@ -0,0 +1,9 @@
+let
+  root = "age1ey5kk4hufygu7wuw4p6dmtxaem08lshuk4p9nj0sw7ynh0lexvrsnudehr";
+  fcuny = "age1keyvdhpspgqp4g5zjthdphau5q5qlt6fs0ex0wqnve66dmup9pzqn4sakj";
+  backup = "age1fh4960rdrk4d7m4c5lwd3trvw9ylk09dvucj2gd2udy7d5cz2a0svcqws6";
+  all = [ root fcuny backup ];
+in
+{
+  "wireguard_privatekey.age".publicKeys = all;
+}
diff --git a/hosts/carmel/secrets/wireguard_privatekey.age b/hosts/carmel/secrets/wireguard_privatekey.age
new file mode 100644
index 0000000..09c9b6a
--- /dev/null
+++ b/hosts/carmel/secrets/wireguard_privatekey.age
@@ -0,0 +1,13 @@
+age-encryption.org/v1
+-> X25519 FPkiLvi9JeC3vBiE8cEkaTCVbUsGkhabsAe3aGjXQgU
+xiMkThXk5jqHpDBRvTfdBaTcp8onJxvT7aANkvgjTbE
+-> X25519 oZwPWtnuEOFquxzbvNeO8kj5qhRhZGhncjqh1MpQRH8
+qORK1U5x5WIDqHN54m+mAgTVehF35QYoOF1/HRT07os
+-> X25519 6qSLagkBc18qhavfkTlCl17ADvVyWeTKMEUZCIqwaXk
+cXuJK0dr3+Vov3agaJDA0o+OEs0fFLaHapNBo9GvHx0
+-> J-grease ~`?4bjZ T9vNE:D N 1$3hAU[
+sMR56U11qdo+L37M02hD/EC6cJKrCaQZc8N2v+I8uXPvPHhRDHp8lQQBmSfyPaG6
+VaenaaWt+hH37CxKv0yJM7PcnHdTI2GshQ3MiWkfWrDlW8B6
+--- 9X5ZgTvWnS9+Z94gRRN2iyDFrixCC9lpFbhhTxnHOOA
+Z�a��
+A}���}�%�Y�GV��U;@ΰ���{e�VE���m�Ła�	�����&!q;�u�B������[¸�<����
\ No newline at end of file