From db063ba40af023b3fcaaef495cd370e20c712ebc Mon Sep 17 00:00:00 2001
From: Filippo Berto <berto.f@protonmail.com>
Date: Sun, 2 Jul 2023 15:22:22 +0100
Subject: [PATCH] WG: simpler config

---
 baldur/configuration.nix      |  14 +++++++++++++-
 flake.nix                     |   5 +++--
 odin/common_configuration.nix |  25 ++++++++++++++++++++++---
 secrets/baldur_wg_psk.age     |  27 ---------------------------
 secrets/odin_wg_psk.age       |  25 -------------------------
 secrets/oppo_wg_priv.age      |  26 ++++++++++++++++++++++++++
 secrets/secrets.nix           |   5 +++--
 secrets/thor_wg_priv.age      |  26 ++++++++++++++++++++++++++
 secrets/wg_psk.age            | Bin 0 -> 1319 bytes
 9 files changed, 93 insertions(+), 60 deletions(-)
 delete mode 100644 secrets/baldur_wg_psk.age
 delete mode 100644 secrets/odin_wg_psk.age
 create mode 100644 secrets/oppo_wg_priv.age
 create mode 100644 secrets/thor_wg_priv.age
 create mode 100644 secrets/wg_psk.age

diff --git a/baldur/configuration.nix b/baldur/configuration.nix
index 8aa4105..a0bb6b2 100644
--- a/baldur/configuration.nix
+++ b/baldur/configuration.nix
@@ -258,9 +258,21 @@
         {
           # odin
           publicKey = "LDBhvzeYmHJ0z5ch+N559GWjT3It1gZvGR/9WtCfURw=";
-          presharedKeyFile = config.age.secrets.odin_wg_psk.path;
+          presharedKeyFile = config.age.secrets.wg_psk.path;
           allowedIPs = [ "10.0.0.2/32" "fdc9:281f:04d7:9ee9::2/128" ];
         }
+        {
+          # oppo
+          publicKey = "OBk6bHKuIYLwD7cwjmAuMn57jXqbDwCL52jhQxiHnnA=";
+          presharedKeyFile = config.age.secrets.wg_psk.path;
+          allowedIPs = [ "10.0.0.3/32" "fdc9:281f:04d7:9ee9::3/128" ];
+        }
+        {
+          # thor
+          publicKey = "rpwR6n4IE96VZAmQDBufsWE/a9G7d8fpkvY1OwsbOhk=";
+          presharedKeyFile = config.age.secrets.wg_psk.path;
+          allowedIPs = [ "10.0.0.4/32" "fdc9:281f:04d7:9ee9::4/128" ];
+        }
       ];
     };
   };
diff --git a/flake.nix b/flake.nix
index 818e373..7a35246 100644
--- a/flake.nix
+++ b/flake.nix
@@ -103,10 +103,11 @@
         {
           # age.secrets.oauth_proxy_client_credentials.file = ./secrets/oauth_proxy_client_credentials.age;
           age.secrets.spotify_password = { file = ./secrets/spotify_password.age; owner = "bertof"; };
+          age.secrets.wg_psk = { file = ./secrets/wg_psk.age; };
           age.secrets.baldur_wg_priv = { file = ./secrets/baldur_wg_priv.age; };
           age.secrets.odin_wg_priv = { file = ./secrets/odin_wg_priv.age; };
-          age.secrets.baldur_wg_psk = { file = ./secrets/baldur_wg_psk.age; };
-          age.secrets.odin_wg_psk = { file = ./secrets/odin_wg_psk.age; };
+          age.secrets.oppo_wg_priv = { file = ./secrets/oppo_wg_priv.age; };
+          age.secrets.thor_wg_priv = { file = ./secrets/thor_wg_priv.age; };
         }
 
         ./nixos_modules/bertof_user.nix
diff --git a/odin/common_configuration.nix b/odin/common_configuration.nix
index 1b774d6..195dded 100644
--- a/odin/common_configuration.nix
+++ b/odin/common_configuration.nix
@@ -51,11 +51,30 @@ with lib; {
 
         peers = [
           {
-            publicKey = "K57ikgFSR1O0CXWBxfQEu7uxSOsp3ePj/NMRets5pVc=";
-            presharedKeyFile = config.age.secrets.odin_wg_psk.path;
+            # baldur
+            # allowedIPs = [ "10.0.0.3/32" "fdc9:281f:04d7:9ee9::3/128" ];
             allowedIPs = [ "0.0.0.0/0" "::/0" ];
             endpoint = "baldur.bertof.net:51820";
-            persistentKeepalive = 25;
+            presharedKeyFile = config.age.secrets.wg_psk.path;
+            publicKey = "K57ikgFSR1O0CXWBxfQEu7uxSOsp3ePj/NMRets5pVc=";
+          }
+          {
+            # odin
+            publicKey = "LDBhvzeYmHJ0z5ch+N559GWjT3It1gZvGR/9WtCfURw=";
+            presharedKeyFile = config.age.secrets.wg_psk.path;
+            allowedIPs = [ "10.0.0.2/24" "fdc9:281f:04d7:9ee9::2/128" ];
+          }
+          {
+            # oppo
+            publicKey = "OBk6bHKuIYLwD7cwjmAuMn57jXqbDwCL52jhQxiHnnA=";
+            presharedKeyFile = config.age.secrets.wg_psk.path;
+            allowedIPs = [ "10.0.0.3/24" "fdc9:281f:04d7:9ee9::3/128" ];
+          }
+          {
+            # thor
+            publicKey = "rpwR6n4IE96VZAmQDBufsWE/a9G7d8fpkvY1OwsbOhk=";
+            presharedKeyFile = config.age.secrets.wg_psk.path;
+            allowedIPs = [ "10.0.0.4/24" "fdc9:281f:04d7:9ee9::4/128" ];
           }
         ];
       };
diff --git a/secrets/baldur_wg_psk.age b/secrets/baldur_wg_psk.age
deleted file mode 100644
index 11a9864..0000000
--- a/secrets/baldur_wg_psk.age
+++ /dev/null
@@ -1,27 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 lC44xg siyicGezmHp45yWb72O5RifDMUe8cnNR/8rlMqkRLmg
-xA8vPnJazAWVVKJTzP2ngi/xHt/0V9n+9ijECsbXTgQ
--> ssh-ed25519 2L7QNA QcYCyrqUHqX5CE8KmVzMM+oaXOzCaEAyuy8JBYsJWwY
-WljidAlaPXxrfsZKtmDi5iGNqOBs3Tm4hXPeJB99vos
--> ssh-ed25519 sNAOqA /vCQydAHoSTaWDbjP9/NmM+CkdUrtO/XJjPCoN21xmU
-QsWk9YqL07P3UNkZt+5Xd4dZw7SENGOUAq/iHFee2nw
--> ssh-ed25519 13iwjQ oD0OpKZ+Vm0nWmworan8dWOAlUQsHDvpm3bqGrOxIQc
-pJL9YhA3sXjo38fRvYraL/gLn1rgSKspMizDUuEChYk
--> ssh-ed25519 7MB20A 7kq62RnldRIwC16RKEIsSwPTbn6eH+3FtfmVJucnAyQ
-EdyaTv+I+oA8/Y3RvaGTHwpLyzshfnVF4dq0nmo+IoU
--> ssh-ed25519 IvyYug BwwnIO+4eduO4rVu18pA1P3EWwA+9W0WtTlIGNlQ8EU
-o++5xPZGMS3K1ACfwbbnQ9BVj8+GNRGFXsiIrWxz1hk
--> ssh-ed25519 v7O/FA MK70P0PK1SeatEb/xbK6wU/1cfiYF4zzYpBHHwx6t2k
-y2iwBptLaMsNeRn00vuy2SfdQNRnXHTiBouZo5BBExs
--> ssh-ed25519 Wzv8ew N2K5VjuHs3/RvDkh9Hlrf+ZVfAAKNcLcQmp3k6Tym3U
-9ghaa0D4Bpmzd9Yvx+Er3qYFGuC7TSgIirto0uKZRZA
--> ssh-ed25519 XgC3XA CtfNLoBAYMvcyt602EkEqPB4Fz3CRQG76JC0N/qtvFw
-X60izqbZKHBqW0+L905eI3Ya6sKgHFU2HevkQfep4LQ
--> ssh-ed25519 l795CA F3NiNkDDNR3PTKnS5OwMLY7s+/3NGNYMS5kiQcV/mRI
-8jVt29DIRitRGOFPUV9ncHeFmBJflUcE8g9EB1C0pOk
--> Vb6Y-grease lf
-kGMEIpGP8XAGzA6XQgKWZ72fH+9KEjQs9zDiE+nAxJX9uQePckfa++O23ZAcfseA
-Hrs6EFSwE+9UvhUHBY+/uuaxKhYGLG9p7ALhut+l
---- 9TLi7lo+ZYZtWSsjavBdUPkkEZF+j14+YJ8szI/Dp5U
-i‰,šðwDƒÉ€ùBxþë`–ëçŒ–ËRètúº–ü´¿W&îj6¿L øëDÐ	‘Xø»=¬ˆNw3ïò0Ž€J
-4Ø‡”0RC³
\ No newline at end of file
diff --git a/secrets/odin_wg_psk.age b/secrets/odin_wg_psk.age
deleted file mode 100644
index 14dccdc..0000000
--- a/secrets/odin_wg_psk.age
+++ /dev/null
@@ -1,25 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 lC44xg sxuYE9qrczPu9f7HguM6FS+24q+c6awYijsW75PaM1M
-lyU5kWLbhh8DtYqOdAwhD6ichr8tXaojvaks8N7uoDQ
--> ssh-ed25519 2L7QNA FEhfHUdaVct+NguR2covi+uizBwJabG7Oi2Kx6XED3A
-1Uge6BVi8Q9Wobg8mbCCg2QqtZFprbE2ucZM2qTz5Do
--> ssh-ed25519 sNAOqA RdSNYpDBjrdCdGbqviLC/3jNUpQlJVcVDJBZsYuSeGA
-X+pXWiBGoaSbJx5IOS6TF+vbSunhsjViLk54os2Ry1c
--> ssh-ed25519 13iwjQ yD/1bxrjpl+U4x6EBz/BNZKwarc7O99VKN6CqD09CyE
-2fCHX+tX4bbWgqEERk6SYl1Ati67q4AtwELJ7iyoKcI
--> ssh-ed25519 7MB20A 3sdcbYjpK8ySeMjz8pOLFIaWFemso5li9lGyTQHQpmU
-9yTSX6juV9OBtWisz/q4cTDpRYJe2sUbqHutx1pOJN8
--> ssh-ed25519 IvyYug Mv0oOpFUJOFLaPQbGju5JW4yRbLTonz31mLLk4GwYE0
-2Pof++UU99R229ovY+jouIr+Ty4u3ysw56iLC8+j2Bg
--> ssh-ed25519 v7O/FA 4GV/vYqiRqLSUvtg+IdmQCd7xXUuJH0wqEuPw+SC4QQ
-hupPjtZWH1A88DMA+aw2DoyyHLPLzvHejA5ohqCje1s
--> ssh-ed25519 Wzv8ew O8GUxPSc8+CRD2so4nMsMbtjDa6QVnqSj+czUFcs3ww
-KsTescNrPtapbAzgQ4cxXteyok8JG/fPYsbSnOysdL0
--> ssh-ed25519 XgC3XA vNZvFuAycFWyiSpAyjQGfVH9Gz9OEL5AOqrZ3ChBv0E
-IOOU/ru6k93kSpaHFjgPLyTViOcQQF5Hhe+Rx0u0t68
--> ssh-ed25519 l795CA ukyFdc58fFZlyzT56cwuTq+yzD30/aUfrjIkcsqHlSA
-hGru5mUwFbpAhgavMmm/fJmVzhDlhhi3HvPiSKPObRo
--> hD3?-grease
-
---- IuZjNwhOjNv7HLoZy0MlS50zvRKTNSVM51/Qjdv4G70
-^k¯õÑ†)=?"S|s7¼?uÞ©aÌØ"N½ƒ—KãÆ+(´h|ÅáÚ¢º¸ì+â—ÅšôeÓŒêÏÇ„Íí¶\È@éžkT9Uæ®©
\ No newline at end of file
diff --git a/secrets/oppo_wg_priv.age b/secrets/oppo_wg_priv.age
new file mode 100644
index 0000000..864c4c6
--- /dev/null
+++ b/secrets/oppo_wg_priv.age
@@ -0,0 +1,26 @@
+age-encryption.org/v1
+-> ssh-ed25519 lC44xg Z9RaDb0JbVBLG7+KpVlmh5mi/oOz2cMSP/ITL66SOWY
+aALSGRpf1IODsqzc4arKp+YrUud6v3oGeqVsThZ5wtQ
+-> ssh-ed25519 2L7QNA gqNAVQUGZtzKFxJCmxA/DKJ/ZEM4tZB3wL+dpVw6X0Q
+nr8mkJ1WqTAyOEea9WitMRJxYnqecV5+oGmb6YFuH3U
+-> ssh-ed25519 sNAOqA QB0rbnb35HyyN44jwxb2u5u8aWfan9ktNPEgdVIk52g
+TCU7phnf/DMyhZ4E5ZXc3LCqwEWbC5C1S98g88ZjFUM
+-> ssh-ed25519 13iwjQ ypYebKQM2OsgpoCdVQq3QNKSNZ/+oTDYEdMhwHtwsDA
+Eh9s3kC6dFjF7NvtcAmwt/zIBK5kXn+LqLGtknqVoGM
+-> ssh-ed25519 7MB20A If2LXQVdYMJpok0hjUU1GYmNX4VNJ8bhHfzkwX2n3kw
+6UEF27+gBhrZcLaBe5scN0QVkCKSUtja598zTAxmCqg
+-> ssh-ed25519 IvyYug SZGon3MLj789yMGfyZiIDcVwfzZC0BLFZYPma3gWIFs
+wQHTpASfufnGc+QPDuA56ECoYigESL/wVo/kbUxtBpc
+-> ssh-ed25519 v7O/FA P+VHlrU9rxL3GNbMWfq0J5BgSxeSFSoyZTwG9FhXRRs
+eTWRUf0In4uoi0PMX+3TpTBJbU8V8wa5XMTnD33rdVE
+-> ssh-ed25519 Wzv8ew kRo+OIwnSyoVNmsh4sskkJttJ8fpeHdjh480Xmt7wR0
+77vNZj942WVVx3qFN/NZqI+KHHFaT/145CfmMjC6LpI
+-> ssh-ed25519 XgC3XA dy3A48uxqMna0hD9TS1YmOyCeJpL1JZti9f7y1Isiik
+ZAAHRutLgNEiOj+7kS6DtqQpNSk5CwTa32wLc5rBhPY
+-> ssh-ed25519 l795CA ZgcVl+Ea0nZpHNQNvLgBTD+DHzz5odN3Pw6xAT8BQhQ
+DmB3Yl19+taWk2r7HvDB+oFXmyNJYKFbu4rJIGvYnCs
+-> nr:n[-grease *z #R=tf 3! TR@,U(%
+710uDuet/sVD1mEV+OuQGNZQTtfPSF2R5zSZI3cMPbsoJO/tNbzcpqy6BC7YCAuz
+UlaGBNdBrERq
+--- ZS8S8G4uTjw6PwljoDWkNyTQ3XgJEj5ujm0aFCeMkKg
+ö5¿¿[0Bx‡äözØázZ?©IX)=DU®ýÆõÅN¹*ãˆ`ô©¹=qÍýø‚š®©ºœ²zmw>‘<H;F˜=¦FŸªSh4œ¢
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 99e272c..f1e91d1 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -30,7 +30,8 @@ in
   "nextcloud_admin_secret.age".publicKeys = users ++ systems;
   "nextcloud_bucket_secret.age".publicKeys = users ++ systems;
   "baldur_wg_priv.age".publicKeys = users ++ systems;
-  "baldur_wg_psk.age".publicKeys = users ++ systems;
   "odin_wg_priv.age".publicKeys = users ++ systems;
-  "odin_wg_psk.age".publicKeys = users ++ systems;
+  "oppo_wg_priv.age".publicKeys = users ++ systems;
+  "thor_wg_priv.age".publicKeys = users ++ systems;
+  "wg_psk.age".publicKeys = users ++ systems;
 }
diff --git a/secrets/thor_wg_priv.age b/secrets/thor_wg_priv.age
new file mode 100644
index 0000000..864c4c6
--- /dev/null
+++ b/secrets/thor_wg_priv.age
@@ -0,0 +1,26 @@
+age-encryption.org/v1
+-> ssh-ed25519 lC44xg Z9RaDb0JbVBLG7+KpVlmh5mi/oOz2cMSP/ITL66SOWY
+aALSGRpf1IODsqzc4arKp+YrUud6v3oGeqVsThZ5wtQ
+-> ssh-ed25519 2L7QNA gqNAVQUGZtzKFxJCmxA/DKJ/ZEM4tZB3wL+dpVw6X0Q
+nr8mkJ1WqTAyOEea9WitMRJxYnqecV5+oGmb6YFuH3U
+-> ssh-ed25519 sNAOqA QB0rbnb35HyyN44jwxb2u5u8aWfan9ktNPEgdVIk52g
+TCU7phnf/DMyhZ4E5ZXc3LCqwEWbC5C1S98g88ZjFUM
+-> ssh-ed25519 13iwjQ ypYebKQM2OsgpoCdVQq3QNKSNZ/+oTDYEdMhwHtwsDA
+Eh9s3kC6dFjF7NvtcAmwt/zIBK5kXn+LqLGtknqVoGM
+-> ssh-ed25519 7MB20A If2LXQVdYMJpok0hjUU1GYmNX4VNJ8bhHfzkwX2n3kw
+6UEF27+gBhrZcLaBe5scN0QVkCKSUtja598zTAxmCqg
+-> ssh-ed25519 IvyYug SZGon3MLj789yMGfyZiIDcVwfzZC0BLFZYPma3gWIFs
+wQHTpASfufnGc+QPDuA56ECoYigESL/wVo/kbUxtBpc
+-> ssh-ed25519 v7O/FA P+VHlrU9rxL3GNbMWfq0J5BgSxeSFSoyZTwG9FhXRRs
+eTWRUf0In4uoi0PMX+3TpTBJbU8V8wa5XMTnD33rdVE
+-> ssh-ed25519 Wzv8ew kRo+OIwnSyoVNmsh4sskkJttJ8fpeHdjh480Xmt7wR0
+77vNZj942WVVx3qFN/NZqI+KHHFaT/145CfmMjC6LpI
+-> ssh-ed25519 XgC3XA dy3A48uxqMna0hD9TS1YmOyCeJpL1JZti9f7y1Isiik
+ZAAHRutLgNEiOj+7kS6DtqQpNSk5CwTa32wLc5rBhPY
+-> ssh-ed25519 l795CA ZgcVl+Ea0nZpHNQNvLgBTD+DHzz5odN3Pw6xAT8BQhQ
+DmB3Yl19+taWk2r7HvDB+oFXmyNJYKFbu4rJIGvYnCs
+-> nr:n[-grease *z #R=tf 3! TR@,U(%
+710uDuet/sVD1mEV+OuQGNZQTtfPSF2R5zSZI3cMPbsoJO/tNbzcpqy6BC7YCAuz
+UlaGBNdBrERq
+--- ZS8S8G4uTjw6PwljoDWkNyTQ3XgJEj5ujm0aFCeMkKg
+ö5¿¿[0Bx‡äözØázZ?©IX)=DU®ýÆõÅN¹*ãˆ`ô©¹=qÍýø‚š®©ºœ²zmw>‘<H;F˜=¦FŸªSh4œ¢
\ No newline at end of file
diff --git a/secrets/wg_psk.age b/secrets/wg_psk.age
new file mode 100644
index 0000000000000000000000000000000000000000..7fb25526295e972b6a44034784d5cc2670e1a9ab
GIT binary patch
literal 1319
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU7aW*ljNLR>nPA|we
zajkO8H%=`tOUX_$w5-Yr&rb_U$td;8aEwT`baX282@Ng{bmXdXG%~R;(#}qE3(_|&
z4fhW)%*zQe_RSAZ4NePlwM-1mD%3AY^D!<+F+sP@$j3a;&r!i6*TmQ~#Hr9I$GxZ`
z*FDeGz|z^o!Yt1(Pdg<eFV!^IJ1<K=*dVpaEt1Qt&?mFd(y$;hU)!}fv@kKEB0R|`
z#K1Vu#W*X+I4LbX)jiBr->J&o$N=58Vn0X!LPrIU;G&|a6qlfoG{->K@~Q%3qY@9}
z2m^m7!_<6VL#M#XvZ~Z9vx-9PymYP*gP^GLw8)I`67y8oOz-S0N7rIg%Ww~0_k3f=
zilj2*O1}ahvnuDD!fbTg42?6(vjP=Tf{GHeT^;>1%?t8_9Rtjayj%h;{0k~v(~Q&e
zvrWuRT>_Jx!b0=?v(mXzD}BTAt4h4h%EKyCQ+zYMe2s!rBOEOvt4b4t48z^>(;~fd
z9X-O+1AWnLGxv2eGH_HV*0wCHOseuUF9<jANDfHSP76y5bu}nS4mS_U3QLcS3U+ob
zPWO%sEjQrGu*j+OGN~%`Fv|`#(k^lIs_@Gwj))5M%r7rW&h*c>3<(b_t4MSV4aTs|
zv#c_*G+iMhKP=Zh$<H`Fq#(p4Eu%=g($zEESlivd!qvj5Bq`f0%h@Z~EYsc3*@CMu
zEz~=|FiAhZIKRleEUeV4qA1@hE!op7xiYXIxhg-jyd>D9+`>6DG!)%$W#<0+ZjK7B
zg<%E7{!aQuVa6dT{+1E`>1IX+W|je_o{6bx=Eiv?L2lZ)CdPir9_3ux<$lExsU{^+
z0p7j^mC3F_mKhb{j{X5=rbdR&slLuZVTO4@j`=3x<&NmKg;$kXq?Rj$WTzPVcm!8O
z1sIv+2jplQqy>ArT3VR9W_gu+`<IkDR-~7CBxif%7+G)yR3;ae83vXFgm?smn|f>e
zxTWid`I~wM<@@+q8Wo0mdwb@UgnL+qIp(9=7Lo339O0;t8RAiuVd-q)Qtqgo=iyxC
z6BOy3Qe+fpSg0RlZf@>eqHR&+Vj5OfP-(*D7*dv39+_2=YnWr`>6>5f>f+{~<ZR-e
z=2uY?;aw8w;%rcwl;RhfZD4_JTaLM<sk5U(ev*Ecb55dnerd6ryR(^jfU`+zMO37*
zXQ-oLij$*TcA|@6u6ue#cy1(DVp2wiwr`-NS43s9zK_14o4IjWq_Js$YlgFdc4|?f
zae-HsSy`2lSq3=2RfQ*K6zQfHr6v}qD&%`QR3#`_`I#h#Ddg#d7!@Q}cybwrxl|UH
z7kV4#c^YPvBnO4~<y83<8D|$JM+Q5k2I&Vma_Q>oD&&S)1SGkI89D_y1tk`G<$D=a
z<fU5}Bt~WxnT7>b6&03;dK)J>hWZ*sa;f!t8*VFNQwgki_G2^0oYZ7{-Xo0_#;;~P
z`Ms$`BYJjNi)$47isbeMKQ+6TdAiF+F?8Pif9qjO&DlAJ?%JH~IR7%$`QKKDH`Ytc
G`J4e49<C<<

literal 0
HcmV?d00001