bertof/nix-dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

WG: simpler config

Browse source
This commit is contained in:
Filippo Berto 2023-07-02 15:22:22 +01:00
parent 162ce91db7
commit db063ba40a
No known key found for this signature in database
GPG key ID: FE98AE5EC52B1056
9 changed files with 93 additions and 60 deletions
Download patch file Download diff file Expand all files Collapse all files

14
baldur/configuration.nix
View file

@ -258,9 +258,21 @@
{ {
# odin # odin
publicKey = "LDBhvzeYmHJ0z5ch+N559GWjT3It1gZvGR/9WtCfURw="; publicKey = "LDBhvzeYmHJ0z5ch+N559GWjT3It1gZvGR/9WtCfURw=";
presharedKeyFile = config.age.secrets.odin_wg_psk.path; presharedKeyFile = config.age.secrets.wg_psk.path;
allowedIPs = [ "10.0.0.2/32" "fdc9:281f:04d7:9ee9::2/128" ]; allowedIPs = [ "10.0.0.2/32" "fdc9:281f:04d7:9ee9::2/128" ];
} }
{
# oppo
publicKey = "OBk6bHKuIYLwD7cwjmAuMn57jXqbDwCL52jhQxiHnnA=";
presharedKeyFile = config.age.secrets.wg_psk.path;
allowedIPs = [ "10.0.0.3/32" "fdc9:281f:04d7:9ee9::3/128" ];
}
{
# thor
publicKey = "rpwR6n4IE96VZAmQDBufsWE/a9G7d8fpkvY1OwsbOhk=";
presharedKeyFile = config.age.secrets.wg_psk.path;
allowedIPs = [ "10.0.0.4/32" "fdc9:281f:04d7:9ee9::4/128" ];
}
]; ];
}; };
}; };

5
flake.nix
View file

@ -103,10 +103,11 @@
{ {
# age.secrets.oauth_proxy_client_credentials.file = ./secrets/oauth_proxy_client_credentials.age; # age.secrets.oauth_proxy_client_credentials.file = ./secrets/oauth_proxy_client_credentials.age;
age.secrets.spotify_password = { file = ./secrets/spotify_password.age; owner = "bertof"; }; age.secrets.spotify_password = { file = ./secrets/spotify_password.age; owner = "bertof"; };
age.secrets.wg_psk = { file = ./secrets/wg_psk.age; };
age.secrets.baldur_wg_priv = { file = ./secrets/baldur_wg_priv.age; }; age.secrets.baldur_wg_priv = { file = ./secrets/baldur_wg_priv.age; };
age.secrets.odin_wg_priv = { file = ./secrets/odin_wg_priv.age; }; age.secrets.odin_wg_priv = { file = ./secrets/odin_wg_priv.age; };
age.secrets.baldur_wg_psk = { file = ./secrets/baldur_wg_psk.age; }; age.secrets.oppo_wg_priv = { file = ./secrets/oppo_wg_priv.age; };
age.secrets.odin_wg_psk = { file = ./secrets/odin_wg_psk.age; }; age.secrets.thor_wg_priv = { file = ./secrets/thor_wg_priv.age; };
} }
./nixos_modules/bertof_user.nix ./nixos_modules/bertof_user.nix

25
odin/common_configuration.nix
View file

@ -51,11 +51,30 @@ with lib; {
peers = [ peers = [
{ {
publicKey = "K57ikgFSR1O0CXWBxfQEu7uxSOsp3ePj/NMRets5pVc="; # baldur
presharedKeyFile = config.age.secrets.odin_wg_psk.path; # allowedIPs = [ "10.0.0.3/32" "fdc9:281f:04d7:9ee9::3/128" ];
allowedIPs = [ "0.0.0.0/0" "::/0" ]; allowedIPs = [ "0.0.0.0/0" "::/0" ];
endpoint = "baldur.bertof.net:51820"; endpoint = "baldur.bertof.net:51820";
persistentKeepalive = 25; presharedKeyFile = config.age.secrets.wg_psk.path;
publicKey = "K57ikgFSR1O0CXWBxfQEu7uxSOsp3ePj/NMRets5pVc=";
}
{
# odin
publicKey = "LDBhvzeYmHJ0z5ch+N559GWjT3It1gZvGR/9WtCfURw=";
presharedKeyFile = config.age.secrets.wg_psk.path;
allowedIPs = [ "10.0.0.2/24" "fdc9:281f:04d7:9ee9::2/128" ];
}
{
# oppo
publicKey = "OBk6bHKuIYLwD7cwjmAuMn57jXqbDwCL52jhQxiHnnA=";
presharedKeyFile = config.age.secrets.wg_psk.path;
allowedIPs = [ "10.0.0.3/24" "fdc9:281f:04d7:9ee9::3/128" ];
}
{
# thor
publicKey = "rpwR6n4IE96VZAmQDBufsWE/a9G7d8fpkvY1OwsbOhk=";
presharedKeyFile = config.age.secrets.wg_psk.path;
allowedIPs = [ "10.0.0.4/24" "fdc9:281f:04d7:9ee9::4/128" ];
} }
]; ];
}; };

27
secrets/baldur_wg_psk.age
View file

@ -1,27 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 lC44xg siyicGezmHp45yWb72O5RifDMUe8cnNR/8rlMqkRLmg
xA8vPnJazAWVVKJTzP2ngi/xHt/0V9n+9ijECsbXTgQ
-> ssh-ed25519 2L7QNA QcYCyrqUHqX5CE8KmVzMM+oaXOzCaEAyuy8JBYsJWwY
WljidAlaPXxrfsZKtmDi5iGNqOBs3Tm4hXPeJB99vos
-> ssh-ed25519 sNAOqA /vCQydAHoSTaWDbjP9/NmM+CkdUrtO/XJjPCoN21xmU
QsWk9YqL07P3UNkZt+5Xd4dZw7SENGOUAq/iHFee2nw
-> ssh-ed25519 13iwjQ oD0OpKZ+Vm0nWmworan8dWOAlUQsHDvpm3bqGrOxIQc
pJL9YhA3sXjo38fRvYraL/gLn1rgSKspMizDUuEChYk
-> ssh-ed25519 7MB20A 7kq62RnldRIwC16RKEIsSwPTbn6eH+3FtfmVJucnAyQ
EdyaTv+I+oA8/Y3RvaGTHwpLyzshfnVF4dq0nmo+IoU
-> ssh-ed25519 IvyYug BwwnIO+4eduO4rVu18pA1P3EWwA+9W0WtTlIGNlQ8EU
o++5xPZGMS3K1ACfwbbnQ9BVj8+GNRGFXsiIrWxz1hk
-> ssh-ed25519 v7O/FA MK70P0PK1SeatEb/xbK6wU/1cfiYF4zzYpBHHwx6t2k
y2iwBptLaMsNeRn00vuy2SfdQNRnXHTiBouZo5BBExs
-> ssh-ed25519 Wzv8ew N2K5VjuHs3/RvDkh9Hlrf+ZVfAAKNcLcQmp3k6Tym3U
9ghaa0D4Bpmzd9Yvx+Er3qYFGuC7TSgIirto0uKZRZA
-> ssh-ed25519 XgC3XA CtfNLoBAYMvcyt602EkEqPB4Fz3CRQG76JC0N/qtvFw
X60izqbZKHBqW0+L905eI3Ya6sKgHFU2HevkQfep4LQ
-> ssh-ed25519 l795CA F3NiNkDDNR3PTKnS5OwMLY7s+/3NGNYMS5kiQcV/mRI
8jVt29DIRitRGOFPUV9ncHeFmBJflUcE8g9EB1C0pOk
-> Vb6Y-grease lf
kGMEIpGP8XAGzA6XQgKWZ72fH+9KEjQs9zDiE+nAxJX9uQePckfa++O23ZAcfseA
Hrs6EFSwE+9UvhUHBY+/uuaxKhYGLG9p7ALhut+l
--- 9TLi7lo+ZYZtWSsjavBdUPkkEZF+j14+YJ8szI/Dp5U
i‰,šðwDƒÉ€ùBxþë`ëçŒËRètúºü´¿W&<26> îj6¿L øëDÐ Xø»=<3D>¬ˆNw3ïò0Ž€J
‡”0RC³

25
secrets/odin_wg_psk.age
View file

@ -1,25 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 lC44xg sxuYE9qrczPu9f7HguM6FS+24q+c6awYijsW75PaM1M
lyU5kWLbhh8DtYqOdAwhD6ichr8tXaojvaks8N7uoDQ
-> ssh-ed25519 2L7QNA FEhfHUdaVct+NguR2covi+uizBwJabG7Oi2Kx6XED3A
1Uge6BVi8Q9Wobg8mbCCg2QqtZFprbE2ucZM2qTz5Do
-> ssh-ed25519 sNAOqA RdSNYpDBjrdCdGbqviLC/3jNUpQlJVcVDJBZsYuSeGA
X+pXWiBGoaSbJx5IOS6TF+vbSunhsjViLk54os2Ry1c
-> ssh-ed25519 13iwjQ yD/1bxrjpl+U4x6EBz/BNZKwarc7O99VKN6CqD09CyE
2fCHX+tX4bbWgqEERk6SYl1Ati67q4AtwELJ7iyoKcI
-> ssh-ed25519 7MB20A 3sdcbYjpK8ySeMjz8pOLFIaWFemso5li9lGyTQHQpmU
9yTSX6juV9OBtWisz/q4cTDpRYJe2sUbqHutx1pOJN8
-> ssh-ed25519 IvyYug Mv0oOpFUJOFLaPQbGju5JW4yRbLTonz31mLLk4GwYE0
2Pof++UU99R229ovY+jouIr+Ty4u3ysw56iLC8+j2Bg
-> ssh-ed25519 v7O/FA 4GV/vYqiRqLSUvtg+IdmQCd7xXUuJH0wqEuPw+SC4QQ
hupPjtZWH1A88DMA+aw2DoyyHLPLzvHejA5ohqCje1s
-> ssh-ed25519 Wzv8ew O8GUxPSc8+CRD2so4nMsMbtjDa6QVnqSj+czUFcs3ww
KsTescNrPtapbAzgQ4cxXteyok8JG/fPYsbSnOysdL0
-> ssh-ed25519 XgC3XA vNZvFuAycFWyiSpAyjQGfVH9Gz9OEL5AOqrZ3ChBv0E
IOOU/ru6k93kSpaHFjgPLyTViOcQQF5Hhe+Rx0u0t68
-> ssh-ed25519 l795CA ukyFdc58fFZlyzT56cwuTq+yzD30/aUfrjIkcsqHlSA
hGru5mUwFbpAhgavMmm/fJmVzhDlhhi3HvPiSKPObRo
-> hD3?-grease
--- IuZjNwhOjNv7HLoZy0MlS50zvRKTNSVM51/Qjdv4G70
^k¯õц)=?"S|s7¼?uÞ©aÌØ"N½ƒ —KãÆ+(´h|ÅáÚ¢º¸ì+â—Å šôeÓŒêÏÇ„Íí¶\È@éžkT9U殩

26
secrets/oppo_wg_priv.age Normal file
View file

@ -0,0 +1,26 @@
age-encryption.org/v1
-> ssh-ed25519 lC44xg Z9RaDb0JbVBLG7+KpVlmh5mi/oOz2cMSP/ITL66SOWY
aALSGRpf1IODsqzc4arKp+YrUud6v3oGeqVsThZ5wtQ
-> ssh-ed25519 2L7QNA gqNAVQUGZtzKFxJCmxA/DKJ/ZEM4tZB3wL+dpVw6X0Q
nr8mkJ1WqTAyOEea9WitMRJxYnqecV5+oGmb6YFuH3U
-> ssh-ed25519 sNAOqA QB0rbnb35HyyN44jwxb2u5u8aWfan9ktNPEgdVIk52g
TCU7phnf/DMyhZ4E5ZXc3LCqwEWbC5C1S98g88ZjFUM
-> ssh-ed25519 13iwjQ ypYebKQM2OsgpoCdVQq3QNKSNZ/+oTDYEdMhwHtwsDA
Eh9s3kC6dFjF7NvtcAmwt/zIBK5kXn+LqLGtknqVoGM
-> ssh-ed25519 7MB20A If2LXQVdYMJpok0hjUU1GYmNX4VNJ8bhHfzkwX2n3kw
6UEF27+gBhrZcLaBe5scN0QVkCKSUtja598zTAxmCqg
-> ssh-ed25519 IvyYug SZGon3MLj789yMGfyZiIDcVwfzZC0BLFZYPma3gWIFs
wQHTpASfufnGc+QPDuA56ECoYigESL/wVo/kbUxtBpc
-> ssh-ed25519 v7O/FA P+VHlrU9rxL3GNbMWfq0J5BgSxeSFSoyZTwG9FhXRRs
eTWRUf0In4uoi0PMX+3TpTBJbU8V8wa5XMTnD33rdVE
-> ssh-ed25519 Wzv8ew kRo+OIwnSyoVNmsh4sskkJttJ8fpeHdjh480Xmt7wR0
77vNZj942WVVx3qFN/NZqI+KHHFaT/145CfmMjC6LpI
-> ssh-ed25519 XgC3XA dy3A48uxqMna0hD9TS1YmOyCeJpL1JZti9f7y1Isiik
ZAAHRutLgNEiOj+7kS6DtqQpNSk5CwTa32wLc5rBhPY
-> ssh-ed25519 l795CA ZgcVl+Ea0nZpHNQNvLgBTD+DHzz5odN3Pw6xAT8BQhQ
DmB3Yl19+taWk2r7HvDB+oFXmyNJYKFbu4rJIGvYnCs
-> nr:n[-grease *z #R=tf 3! TR@,U(%
710uDuet/sVD1mEV+OuQGNZQTtfPSF2R5zSZI3cMPbsoJO/tNbzcpqy6BC7YCAuz
UlaGBNdBrERq
--- ZS8S8G4uTjw6PwljoDWkNyTQ3XgJEj5ujm0aFCeMkKg
ö5¿¿[0Bx‡äözØáz<C3A1>Z?©IX)=DU® ýÆõÅN¹*ãˆ`ô©¹=qÍýø<C3BD><EFBFBD>š®©ºœ²zmw><H;F˜=¦FŸªSh4œ¢

5
secrets/secrets.nix
View file

@ -30,7 +30,8 @@ in
"nextcloud_admin_secret.age".publicKeys = users ++ systems; "nextcloud_admin_secret.age".publicKeys = users ++ systems;
"nextcloud_bucket_secret.age".publicKeys = users ++ systems; "nextcloud_bucket_secret.age".publicKeys = users ++ systems;
"baldur_wg_priv.age".publicKeys = users ++ systems; "baldur_wg_priv.age".publicKeys = users ++ systems;
"baldur_wg_psk.age".publicKeys = users ++ systems;
"odin_wg_priv.age".publicKeys = users ++ systems; "odin_wg_priv.age".publicKeys = users ++ systems;
"odin_wg_psk.age".publicKeys = users ++ systems; "oppo_wg_priv.age".publicKeys = users ++ systems;
"thor_wg_priv.age".publicKeys = users ++ systems;
"wg_psk.age".publicKeys = users ++ systems;
} }

26
secrets/thor_wg_priv.age Normal file
View file

@ -0,0 +1,26 @@
age-encryption.org/v1
-> ssh-ed25519 lC44xg Z9RaDb0JbVBLG7+KpVlmh5mi/oOz2cMSP/ITL66SOWY
aALSGRpf1IODsqzc4arKp+YrUud6v3oGeqVsThZ5wtQ
-> ssh-ed25519 2L7QNA gqNAVQUGZtzKFxJCmxA/DKJ/ZEM4tZB3wL+dpVw6X0Q
nr8mkJ1WqTAyOEea9WitMRJxYnqecV5+oGmb6YFuH3U
-> ssh-ed25519 sNAOqA QB0rbnb35HyyN44jwxb2u5u8aWfan9ktNPEgdVIk52g
TCU7phnf/DMyhZ4E5ZXc3LCqwEWbC5C1S98g88ZjFUM
-> ssh-ed25519 13iwjQ ypYebKQM2OsgpoCdVQq3QNKSNZ/+oTDYEdMhwHtwsDA
Eh9s3kC6dFjF7NvtcAmwt/zIBK5kXn+LqLGtknqVoGM
-> ssh-ed25519 7MB20A If2LXQVdYMJpok0hjUU1GYmNX4VNJ8bhHfzkwX2n3kw
6UEF27+gBhrZcLaBe5scN0QVkCKSUtja598zTAxmCqg
-> ssh-ed25519 IvyYug SZGon3MLj789yMGfyZiIDcVwfzZC0BLFZYPma3gWIFs
wQHTpASfufnGc+QPDuA56ECoYigESL/wVo/kbUxtBpc
-> ssh-ed25519 v7O/FA P+VHlrU9rxL3GNbMWfq0J5BgSxeSFSoyZTwG9FhXRRs
eTWRUf0In4uoi0PMX+3TpTBJbU8V8wa5XMTnD33rdVE
-> ssh-ed25519 Wzv8ew kRo+OIwnSyoVNmsh4sskkJttJ8fpeHdjh480Xmt7wR0
77vNZj942WVVx3qFN/NZqI+KHHFaT/145CfmMjC6LpI
-> ssh-ed25519 XgC3XA dy3A48uxqMna0hD9TS1YmOyCeJpL1JZti9f7y1Isiik
ZAAHRutLgNEiOj+7kS6DtqQpNSk5CwTa32wLc5rBhPY
-> ssh-ed25519 l795CA ZgcVl+Ea0nZpHNQNvLgBTD+DHzz5odN3Pw6xAT8BQhQ
DmB3Yl19+taWk2r7HvDB+oFXmyNJYKFbu4rJIGvYnCs
-> nr:n[-grease *z #R=tf 3! TR@,U(%
710uDuet/sVD1mEV+OuQGNZQTtfPSF2R5zSZI3cMPbsoJO/tNbzcpqy6BC7YCAuz
UlaGBNdBrERq
--- ZS8S8G4uTjw6PwljoDWkNyTQ3XgJEj5ujm0aFCeMkKg
ö5¿¿[0Bx‡äözØáz<C3A1>Z?©IX)=DU® ýÆõÅN¹*ãˆ`ô©¹=qÍýø<C3BD><EFBFBD>š®©ºœ²zmw><H;F˜=¦FŸªSh4œ¢

BIN
secrets/wg_psk.age Normal file
View file

Binary file not shown.