asmir/nixos_flake_config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: asmir:e5412509cb8a90e76914a9fa47f03c40214e5790
Branches Tags
asmir:master
asmir:gitea_typst
asmir:magento2
...
compare: asmir:f0a51744941609edd37ef0ac29e94ec50972350c
Branches Tags
asmir:master
asmir:gitea_typst
asmir:magento2

4 Commits
e5412509cb ... f0a5174494

Author SHA1 Message Date
Asmir A
f0a5174494
nixy/wireguard: add pubkey 2024-04-04 21:41:02 +02:00
Asmir A
0800300c41
magpie/wireguard: add pubkey 2024-04-04 21:34:39 +02:00
Asmir A
0a901f8a7c
nixy/sops/wireguard: add privkey 2024-04-04 21:34:17 +02:00
Asmir A
1645789022
nixy/wireguard: add client 2024-04-04 21:31:53 +02:00
4 changed files with 60 additions and 8 deletions
Show Stats Expand all files Collapse all files

1
magpie/wg_pubkey Normal file
View File

@ -0,0 +1 @@
xhjJdIXtTBNhtSoehsi6p+znIgOfMRetl5/wtnMxJGk=

22
nixy/configuration.nix
View File

@ -22,6 +22,10 @@
group = config.users.users.nobody.group;
};
sops.secrets."wg_privkey" = {
sopsFile = ./secrets/wg_privkey.yaml;
};
nix = {
optimise.automatic = true;
gc.automatic = true;
@ -76,7 +80,7 @@
networking = {
firewall = {
enable = true;
allowedTCPPorts = [80 443];
allowedTCPPorts = [80 443 51820];
};
hostName = "nixy";
@ -108,6 +112,22 @@
};
};
};
wireguard.interfaces = {
wg0 = {
ips = ["10.100.0.6/24"];
listenPort = 51820;
privateKeyFile = config.sops.secrets."wg_privkey".path;
peers = [
{
publicKey = builtins.readFile ../magpie/wg_pubkey;
allowedIPs = ["10.100.0.1"];
endpoint = "5.75.229.224:51820";
persistentKeepalive = 25;
}
];
};
};
};
time.timeZone = "Europe/Sarajevo";

30
nixy/secrets/wg_privkey.yaml Normal file
View File

@ -0,0 +1,30 @@
wg_privkey: ENC[AES256_GCM,data:HcOkr+leeB6QmEx77KHWgFlp2m2qr4TvakoHyy0SaPpML2o/51IDYjcu2H4=,iv:8nHJIqz3+LmL4rM7idXbvbQKdhkDqmoY/TAvAf/Zfvw=,tag:VSHRKjVgottVC0uPsC0JgA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzaTRxUDZJREhyYjQraUsw
T1p2UlpkSjBnbjZTWUJDM2lHUVN5Z1ZQQWdvCnFmV1RRazBpTHhrTHpQelpjcnlq
NnJ0dUNwZTB0V0hOdTJJamY3azBUbXcKLS0tIGpZUG5KUFhPbW1LWWQ1RUd2OFVq
WlBMd0tGcnBHSFk4SHhkVkZPZXJPY28Keh/k5yQ/iJgy9S9rf2DhCr3M2ozgMBRp
NJrCKJuiDugeK8q29x6a+4pyg2zSwlA6Q2lxGDca3m3TX45QImLt3g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEelBJaCtJVnVZcHQ4V1Nz
ZDV4T21VZGNjanpRbERxOWx1RXNZZ2hwTFdrCmg4MHdWTnVTd0hiL2F2VXRxUk5P
eHRrRTduZjZ6T3dCcW0yMENKMHg5TVkKLS0tIDVSMFJqQU1uTEpzTElIN3RZNi95
S2Y2dFROYkJCOTVlS00rZWZDeWlGV2sKWKV7lMoLQbDBTql5+xWW+uOKxS6FG7jT
BtAMbL2YfTCEcV7nimzco649UUtoY9oOk2635uoToIxBI1mr9UVlNw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-04T19:26:58Z"
mac: ENC[AES256_GCM,data:ZA1Rc1sMvIwEQBZ6d+u4RZ00KzLxjMW/Tzr3ZlHMduuJmvDXjPjobpALwbJoEraa3yBwwJyf0b0Grwhlz1kvoWYjos3rTk8noy4UiEjav5Dxf8aZP5j6YL5HSzHgwWvRkzYvIAaaVGVpUM7Wl2llDSCeQluIw0R3kUXEiRW10RU=,iv:/fq3S0kmo9IZNvnP2o4kT2beaRgEMtJIMlQNCqSotd0=,tag:eMOrWijXQsc8agWGJmyLjw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

1
nixy/wg_pubkey Normal file
View File

@ -0,0 +1 @@
oHVmhw80daHjDjo7nwt/Y9eKBaH5FoTiVeukwDObijM=