asmir/nixos_flake_config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

all: wireguard add preshared keys and update hierarchy

Browse Source
This commit is contained in:
Asmir A 2024-04-20 20:44:36 +02:00
parent dab24f0302
commit 871df5a514
Signed by: asmir
GPG Key ID: 020C42B7A9ABA3E2
3 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
magpie/configuration.nix
View File

@ -300,8 +300,8 @@
sopsFile = ./secrets/wg_privkey.yaml; sopsFile = ./secrets/wg_privkey.yaml;
}; };
sops.secrets."wg_preshared" = { sops.secrets."wg_preshared/nixy" = {
sopsFile = ./secrets/wg_preshared.yaml; sopsFile = ../common/secrets/wg_preshared.yaml;
}; };
sops.secrets."borgbase_enc_key" = { sops.secrets."borgbase_enc_key" = {
@ -346,11 +346,12 @@
peers = [ peers = [
{ {
publicKey = builtins.readFile ../nixy/wg_pubkey; publicKey = builtins.readFile ../nixy/wg_pubkey;
presharedKeyFile = config.sops.secrets."wg_preshared".path; presharedKeyFile = config.sops.secrets."wg_preshared/nixy".path;
allowedIPs = ["10.100.0.6/32"]; allowedIPs = ["10.100.0.6/32"];
} }
{ {
publicKey = builtins.readFile ../mediabox/wg_pubkey; publicKey = builtins.readFile ../mediabox/wg_pubkey;
presharedKeyFile = config.sops.secrets."wg_preshared/mediabox".path;
allowedIPs = ["10.100.0.5/32"]; allowedIPs = ["10.100.0.5/32"];
} }
]; ];

5
mediabox/configuration.nix
View File

@ -26,6 +26,10 @@
sopsFile = ./secrets/wg_privkey.yaml; sopsFile = ./secrets/wg_privkey.yaml;
}; };
sops.secrets."wg_preshared/mediabox" = {
sopsFile = ../common/secrets/wg_privkey.yaml;
};
nix = { nix = {
optimise.automatic = true; optimise.automatic = true;
gc.automatic = true; gc.automatic = true;
@ -101,6 +105,7 @@
peers = [ peers = [
{ {
publicKey = builtins.readFile ../magpie/wg_pubkey; publicKey = builtins.readFile ../magpie/wg_pubkey;
presharedKeyFile = config.sops.secrets."wg_preshared/mediabox".path;
allowedIPs = ["10.100.0.0/24"]; allowedIPs = ["10.100.0.0/24"];
endpoint = "5.75.229.224:51820"; endpoint = "5.75.229.224:51820";
persistentKeepalive = 25; persistentKeepalive = 25;

6
nixy/configuration.nix
View File

@ -24,8 +24,8 @@
sopsFile = ./secrets/wg_privkey.yaml; sopsFile = ./secrets/wg_privkey.yaml;
}; };
sops.secrets."wg_preshared" = { sops.secrets."wg_preshared/nixy" = {
sopsFile = ./secrets/wg_preshared.yaml; sopsFile = ../common/secrets/wg_preshared.yaml;
}; };
sops.secrets."borgbase_enc_key" = { sops.secrets."borgbase_enc_key" = {
@ -133,7 +133,7 @@
peers = [ peers = [
{ {
publicKey = builtins.readFile ../magpie/wg_pubkey; publicKey = builtins.readFile ../magpie/wg_pubkey;
presharedKeyFile = config.sops.secrets."wg_preshared".path; presharedKeyFile = config.sops.secrets."wg_preshared/nixy".path;
allowedIPs = ["10.100.0.0/24"]; allowedIPs = ["10.100.0.0/24"];
endpoint = "5.75.229.224:51820"; endpoint = "5.75.229.224:51820";
persistentKeepalive = 25; persistentKeepalive = 25;