diff --git a/secrets/zeus/wireguard.yaml b/secrets/zeus/wireguard.yaml deleted file mode 100644 index fd4c9ac..0000000 --- a/secrets/zeus/wireguard.yaml +++ /dev/null @@ -1,31 +0,0 @@ -private_key: ENC[AES256_GCM,data:HuO60p+jAmsdMbUUF6pcgdsOVW9uU+W1cLn4dvqb9MopCgdukZtRoTwMTFU=,iv:Z1YkYxZBCstfI7aQEhZhT4eGlbjqwQ2VN01Y5HUbO7E=,tag:FXi/mTAiOoYcdXrgKDvt/g==,type:str] -preshared_key: ENC[AES256_GCM,data:iFEFO7SMNrLqqpRQF57XSe9+59YdFdTXvP3QKxHkRrOzMRzJqGhi3wrjbAI=,iv:S4OA4GLK8wBkHwtq2Rqo76wxsJd5GJnJMjpPk/zRTAQ=,tag:vZaOaVTOAkuN8HgabOKkyA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age15va8dthvmn30ymex0kkrrk034aq25drmsx4mkmf480a8uq4tvcyqw5s4uk - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAycG1rZmpXZTExVEtEZVMz - NVBqTkNyQ2Noa1hjMFBDVGxOczRadnVaRWhBCmNFSTVoVlcvbDVXTHRpaFlQVE4y - UGZHb1lVWEF2N29hMW5QM1V0UVNteHcKLS0tIG1HM2JRdnVabERGODltS3EyM0U3 - ei9xcG8wY0FnRzJZUEdqeXAzdWtCM0EKHYGaKJRDJ4OlPlCnGlZBTybpYmUQJ6Kg - aZlmeezY8JqpFH3zsXfyWuMZ6j6rs63UXVL7vZ3fEloUXHV7F57gVQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1y06hfa8ctp3tr7g2rukmst4cl064hxaqfsx8w0yq4tgmcrv7qvksct7mnl - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RFdoTzlTNU9yem1QTWtj - UTYxcWcxYXlGeks3TEw5bWtOczdub1lDRjJFCmdiWi9ZMkF3Vk15Y1VrMTBvM3du - ZDRpKytaMTRGZ1g3ZHhhNTlxWkYrS3cKLS0tIGhxSUcyWmRCMVp3Q1daZGt1Tk51 - d3pqdWU4NXVTMGZ5dTkvNnZyYjdvck0Khp1IPBPKelQ41FPqi/uuPFqN7T0bic8+ - AKld/MUNWxLIZpbqDeXyfJAJVAbgKdk1lrIYpgshOZNV6u/SHAcmzA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-28T02:47:34Z" - mac: ENC[AES256_GCM,data:Zq4M8qr5PPOk+uPx/f3C24D4uTL82C1Cs7c5y66aAgnydR1ro9Pu5//Jj4fSOY59aKgeOGmx0DqV3k+1E6FttNy/8qpzJFCCDlgqB/BPqzJElFQ9FlgdCqoMehu9ETys1SgAhWi8aEZZAYbGKFQ/MX6LCAP2zx8NZ/wkbtUEU3E=,iv:k5RnwFwiEAugD/DTpOSCmSzpZCRzdkpTmOS3PTz44/c=,tag:T7HJFVr6VwzHCWIUD/uwXA==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.1 diff --git a/systems/zeus/configuration.nix b/systems/zeus/configuration.nix index fc41f47..bb663af 100644 --- a/systems/zeus/configuration.nix +++ b/systems/zeus/configuration.nix @@ -17,16 +17,6 @@ networking.hostName = "zeus"; # Define your hostname. networking.hostId = "9e95b576"; - sops.secrets = { - private_key = { - sopsFile = ../../secrets/zeus/wireguard.yaml; - owner = "systemd-network"; - }; - preshared_key = { - sopsFile = ../../secrets/zeus/wireguard.yaml; - owner = "systemd-network"; - }; - }; systemd.network.netdevs = { bond0 = { netdevConfig = { @@ -47,25 +37,6 @@ Mode = "bridge"; }; }; - wg0 = { - netdevConfig = { - Name = "wg0"; - Kind = "wireguard"; - }; - wireguardConfig = { - PrivateKeyFile = config.sops.secrets.private_key.path; - ListenPort = 51821; - }; - wireguardPeers = [{ - wireguardPeerConfig = { - PublicKey = "ZT+n0XONAZ6dkiIJR+2bmTT9y7WTxDNdnZo5S7b8vxE="; - AllowedIPs = [ "10.98.0.0/31" ]; - PresharedKeyFile = config.sops.secrets.preshared_key.path; - PersistentKeepalive = 25; - Endpoint = "remote.kow.is:51821"; - }; - }]; - }; }; systemd.network.networks = { "00-bondage" = { @@ -83,10 +54,6 @@ domains = [ "icanttype.org" ]; gateway = [ "10.42.69.1" ]; }; - wg0 = { - name = "wg0"; - address = [ "10.98.0.0/31" "fd72:3dd5:21ae:ff1a::1/64" ]; - }; }; @@ -270,7 +237,6 @@ dive podman-tui docker-compose - wireguard-tools ]; services.samba.enable = true;