From cd9c8ec5fdbe4874c7be95c80f8ab86999b30390 Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Mon, 21 Feb 2022 13:33:51 -0800 Subject: wireguard: module and peers configurations Add a new module to automatically configure the peers for wireguard. The module needs a configuration file (in `configs/wireguard.toml`) which lists all the peers, their IP and and their public keys. The secret keys is encrypted as a secret with agenix. There's some initial documentation on how to use this setup. --- docs/wireguard.org | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 docs/wireguard.org (limited to 'docs') diff --git a/docs/wireguard.org b/docs/wireguard.org new file mode 100644 index 0000000..154c159 --- /dev/null +++ b/docs/wireguard.org @@ -0,0 +1,21 @@ +#+TITLE: Configuration for wireguard + +* Creating the keys +We need a key for the host: +#+begin_src sh +(umask 0077; wg genkey > peer_A.key) +#+end_src + +Next we create the public key: +#+begin_src sh +wg pubkey < peer_A.key > peer_A.pub +#+end_src + +Now we need to add the private key to the list of secrets: +#+begin_src sh +nix run github:ryantm/agenix -- -e secrets/network//wireguard_privatekey.age +#+end_src + +Once this is done, update [[file:~/workspace/world/configs/wireguard.toml][wireguard.toml]] to add the new peer with the public key. + +Once this is completed, we can delete the files =peer_A.key= and =peer_A.pub=. -- cgit 1.4.1