about summary refs log tree commit diff
path: root/lib/private-wireguard.nix (follow)
Commit message (Collapse)AuthorAgeFilesLines
* secrets: move the actual secrets with hosts configFranck Cuny2022-04-131-2/+1
| | | | | | Having the secrets closer to the host is easier to manage. At the moment I don't have secrets that are shared across multiple hosts, so that's an OK approach.
* secrets: move all the secrets under module/Franck Cuny2022-04-101-12/+6
| | | | | Refactor a bit the configuration, which should simplify the management and usage of secrets from now on.
* wireguard: revert to previous portFranck Cuny2022-03-021-1/+1
|
* wireguard: use agenix from the moduleFranck Cuny2022-03-021-2/+8
| | | | | This is the correct way to set up the private key, let's see if this works consistently across hosts and reboots.
* agenix: store wireguard key in persistent storageFranck Cuny2022-02-241-4/+2
| | | | | | The key was created under /run/agenix, which is wiped out after a reboot. The key being absent prevents the wireguard interface to come up. Store the key somewhere persistent to prevent this to happen.
* wireguard: module and peers configurationsFranck Cuny2022-02-211-0/+44
Add a new module to automatically configure the peers for wireguard. The module needs a configuration file (in `configs/wireguard.toml`) which lists all the peers, their IP and and their public keys. The secret keys is encrypted as a secret with agenix. There's some initial documentation on how to use this setup.
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-10-17 12:27:46 +0000