asmir/nixos_flake_config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: asmir:572ce078be0927b9dfaf8046532e5a557027a81a
Branches Tags
asmir:master
asmir:gitea_typst
asmir:magento2
...
compare: asmir:d7096e405185d72ad6e25b9c0a713a9059367cb8
Branches Tags
asmir:master
asmir:gitea_typst
asmir:magento2

8 Commits
572ce078be ... d7096e4051

Author SHA1 Message Date
Asmir A
d7096e4051
magpie/wireguard: add preshared key 2024-04-20 20:18:06 +02:00
Asmir A
a3017e3f8c
magpie/sops: add wireguard preshared key 2024-04-20 20:15:33 +02:00
Asmir A
75987df524
magpie/sops: fix config 2024-04-20 20:15:04 +02:00
Asmir A
1f065c29be
nixy/wireguard: add preshared key 2024-04-20 20:13:27 +02:00
Asmir A
05fbfc7c70
nixy/sops/wireguard: update preshared key 2024-04-20 20:12:54 +02:00
Asmir A
2da4bf2f0c
{magpie,nixy}/sops: add config 2024-04-20 19:01:55 +02:00
Asmir A
9c156ddd7e
nixy/sops/wireguard: add preshared key 2024-04-20 18:58:33 +02:00
Asmir A
e96ebdf63d
packages: add sops 2024-04-20 18:51:42 +02:00
7 changed files with 69 additions and 0 deletions
Show Stats Expand all files Collapse all files

1
common/packages.nix
View File

@ -55,6 +55,7 @@
rsync
silver-searcher
socat
sops
sshfs
strace
swaylock

8
magpie/.sops.yaml Normal file
View File

@ -0,0 +1,8 @@
keys:
- &magpie age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
creation_rules:
- path_regex: secrets/[^/]+\.yaml$
key_groups:
- age:
- *magpie

5
magpie/configuration.nix
View File

@ -300,6 +300,10 @@
sopsFile = ./secrets/wg_privkey.yaml;
};
sops.secrets."wg_preshared" = {
sopsFile = ./secrets/wg_preshared.yaml;
};
sops.secrets."borgbase_enc_key" = {
sopsFile = ./secrets/borgbase_enc_key.yaml;
};
@ -342,6 +346,7 @@
peers = [
{
publicKey = builtins.readFile ../nixy/wg_pubkey;
presharedKeyFile = config.sops.secrets."wg_preshared".path;
allowedIPs = ["10.100.0.6/32"];
}
{

21
magpie/secrets/wg_preshared.yaml Normal file
View File

@ -0,0 +1,21 @@
wg_preshared: ENC[AES256_GCM,data:11RNO9XAvgaeWsZT7lykZ6CfS75KnjXraNSxjiMufVJhd36ZEX+KmUh8TOk=,iv:vwrzSmGC9cGW6404qYHe+cfnaZfL2a6Y4uAzWmuY6hI=,tag:1A3xpUW1ZPC03iVUyJlSLg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhZTdrK1BpUzNpa0hrVTU5
RVhkUmVFS1RNM2RQVDEvb1NwdnV4MlplTERrCjdwc29peG9zMkVHWlkxUFEwRTVY
ajUrVjZFNzNTR3hta0ZGekNNVU1teUUKLS0tIDhiSFhYZXUwRXExUXptd1VxS252
dEZvOFNvZml4eUdPeG1BK1Q4VjlpL1EKb0QDk7A77lh1Ld3A//BgSzotcgutMUk+
D1dbbYlrvRi7OT/tfnfHf8cnH1P2FJwKDW9DXlafkKISGHLxVXZ53A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-20T18:14:25Z"
mac: ENC[AES256_GCM,data:VAfEPnd7PrUBJ5EqG5WUqgQTJXTVH6h7AxVRcy8YBaXdHmMtsE1GeLul0RlS24S7F2DNKkgTcDeMW3BRxyzOJI21CmNgcRlYHklSwXEidEHD0fLkI2MAHGjyaWdiC2mC2uV7GMcW1GiPLJoNSguz6RzjxleaU3Bl+rARCIrU15Y=,iv:BFPkSUdF6mcrW+3Pqi0bV7Lx1/FkqIiGbYZCe+Dv0Jc=,tag:bWsnVtKX+J28yBDJEoi+KQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

8
nixy/.sops.yaml Normal file
View File

@ -0,0 +1,8 @@
keys:
- &nixy age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
creation_rules:
- path_regex: secrets/[^/]+\.yaml$
key_groups:
- age:
- *nixy

5
nixy/configuration.nix
View File

@ -24,6 +24,10 @@
sopsFile = ./secrets/wg_privkey.yaml;
};
sops.secrets."wg_preshared" = {
sopsFile = ./secrets/wg_preshared.yaml;
};
sops.secrets."borgbase_enc_key" = {
sopsFile = ./secrets/borgbase_enc_key.yaml;
owner = config.users.users.akill.name;
@ -129,6 +133,7 @@
peers = [
{
publicKey = builtins.readFile ../magpie/wg_pubkey;
presharedKeyFile = config.sops.secrets."wg_preshared".path;
allowedIPs = ["10.100.0.0/24"];
endpoint = "5.75.229.224:51820";
persistentKeepalive = 25;

21
nixy/secrets/wg_preshared.yaml Normal file
View File

@ -0,0 +1,21 @@
wg_preshared: ENC[AES256_GCM,data:k+aFYDNMojf5kktn6KJ4F5mH5oGdqxdF0MO88NcYpai9USnH394XRL9ASvs=,iv:L5LIXbADhrivKjK/V0E5QpRT7BDsktwIuKHgY+2qr84=,tag:pCW1naU/ygxAIDYWV2hHPQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZSHZvYy9TTmVEb2ZSTncy
ckJ1bXZGWVdJSkVHMGx2Vk5ZNlZ3Q2wzVFQ0Cmg1M3hKNFhnZk5nTE54RTdyR0Vs
NVRiTEltSnkxdmhhdGlycHNPWjFLbncKLS0tIE02NVJRZTd0VmowT1c4cjhKNlZk
Q01BQWNSVWtIMnFXRWpxR3JDMU8zYTAKIbfpM8uUb09cUlA8YWtgEOL5zvWf5omv
baZINiAu0/f1avYmW6Qb+aLa2ALrSZaotj46Uwd9Lb5mtjJ/8v9IOg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-20T18:12:20Z"
mac: ENC[AES256_GCM,data:4PWjwxOO0UuNsevCbzCLaiW7C+So4mEGivd9GzyLKx2JlkNFVB8wqPrY1Rl1ANMrT+7LKc8tVOA4zbweNc9idFG4y5DcvnDSieqKu9v1MeEMHqNpz5TTLbCP81g7qegjI/WKul2kaWIdPaioI/f5x2E6rEYnzFv+Di2mc3W+Qcc=,iv:iE9sali0O3sQIhOw30RGR/4ZQsAPcSxq1qxosfasojU=,tag:+9AOwph5A4oDXsK6Z3YeZA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1