wireguard secrets
This commit is contained in:
parent
b469af3d5b
commit
a5e2c0e496
2 changed files with 43 additions and 2 deletions
31
secrets/zeus/wireguard.yaml
Normal file
31
secrets/zeus/wireguard.yaml
Normal file
|
|
@ -0,0 +1,31 @@
|
||||||
|
private_key: ENC[AES256_GCM,data:HuO60p+jAmsdMbUUF6pcgdsOVW9uU+W1cLn4dvqb9MopCgdukZtRoTwMTFU=,iv:Z1YkYxZBCstfI7aQEhZhT4eGlbjqwQ2VN01Y5HUbO7E=,tag:FXi/mTAiOoYcdXrgKDvt/g==,type:str]
|
||||||
|
preshared_key: ENC[AES256_GCM,data:iFEFO7SMNrLqqpRQF57XSe9+59YdFdTXvP3QKxHkRrOzMRzJqGhi3wrjbAI=,iv:S4OA4GLK8wBkHwtq2Rqo76wxsJd5GJnJMjpPk/zRTAQ=,tag:vZaOaVTOAkuN8HgabOKkyA==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age15va8dthvmn30ymex0kkrrk034aq25drmsx4mkmf480a8uq4tvcyqw5s4uk
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAycG1rZmpXZTExVEtEZVMz
|
||||||
|
NVBqTkNyQ2Noa1hjMFBDVGxOczRadnVaRWhBCmNFSTVoVlcvbDVXTHRpaFlQVE4y
|
||||||
|
UGZHb1lVWEF2N29hMW5QM1V0UVNteHcKLS0tIG1HM2JRdnVabERGODltS3EyM0U3
|
||||||
|
ei9xcG8wY0FnRzJZUEdqeXAzdWtCM0EKHYGaKJRDJ4OlPlCnGlZBTybpYmUQJ6Kg
|
||||||
|
aZlmeezY8JqpFH3zsXfyWuMZ6j6rs63UXVL7vZ3fEloUXHV7F57gVQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1y06hfa8ctp3tr7g2rukmst4cl064hxaqfsx8w0yq4tgmcrv7qvksct7mnl
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RFdoTzlTNU9yem1QTWtj
|
||||||
|
UTYxcWcxYXlGeks3TEw5bWtOczdub1lDRjJFCmdiWi9ZMkF3Vk15Y1VrMTBvM3du
|
||||||
|
ZDRpKytaMTRGZ1g3ZHhhNTlxWkYrS3cKLS0tIGhxSUcyWmRCMVp3Q1daZGt1Tk51
|
||||||
|
d3pqdWU4NXVTMGZ5dTkvNnZyYjdvck0Khp1IPBPKelQ41FPqi/uuPFqN7T0bic8+
|
||||||
|
AKld/MUNWxLIZpbqDeXyfJAJVAbgKdk1lrIYpgshOZNV6u/SHAcmzA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-04-28T02:47:34Z"
|
||||||
|
mac: ENC[AES256_GCM,data:Zq4M8qr5PPOk+uPx/f3C24D4uTL82C1Cs7c5y66aAgnydR1ro9Pu5//Jj4fSOY59aKgeOGmx0DqV3k+1E6FttNy/8qpzJFCCDlgqB/BPqzJElFQ9FlgdCqoMehu9ETys1SgAhWi8aEZZAYbGKFQ/MX6LCAP2zx8NZ/wkbtUEU3E=,iv:k5RnwFwiEAugD/DTpOSCmSzpZCRzdkpTmOS3PTz44/c=,tag:T7HJFVr6VwzHCWIUD/uwXA==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
||||||
|
|
@ -17,6 +17,16 @@
|
||||||
|
|
||||||
networking.hostName = "zeus"; # Define your hostname.
|
networking.hostName = "zeus"; # Define your hostname.
|
||||||
networking.hostId = "9e95b576";
|
networking.hostId = "9e95b576";
|
||||||
|
sops.secrets = {
|
||||||
|
private_key = {
|
||||||
|
sopsFile = ../../secrets/zeus/wireguard.yaml;
|
||||||
|
owner = "systemd-network";
|
||||||
|
};
|
||||||
|
preshared_key = {
|
||||||
|
sopsFile = ../../secrets/zeus/wireguard.yaml;
|
||||||
|
owner = "systemd-network";
|
||||||
|
};
|
||||||
|
};
|
||||||
systemd.network.netdevs = {
|
systemd.network.netdevs = {
|
||||||
bond0 = {
|
bond0 = {
|
||||||
netdevConfig = {
|
netdevConfig = {
|
||||||
|
|
@ -43,14 +53,14 @@
|
||||||
Kind = "wireguard";
|
Kind = "wireguard";
|
||||||
};
|
};
|
||||||
wireguardConfig = {
|
wireguardConfig = {
|
||||||
PrivateKeyFile = "/etc/nixos/wireguard.priv";
|
PrivateKeyFile = config.sops.secrets.private_key.path;
|
||||||
ListenPort = 51821;
|
ListenPort = 51821;
|
||||||
};
|
};
|
||||||
wireguardPeers = [{
|
wireguardPeers = [{
|
||||||
wireguardPeerConfig = {
|
wireguardPeerConfig = {
|
||||||
PublicKey = "ZT+n0XONAZ6dkiIJR+2bmTT9y7WTxDNdnZo5S7b8vxE=";
|
PublicKey = "ZT+n0XONAZ6dkiIJR+2bmTT9y7WTxDNdnZo5S7b8vxE=";
|
||||||
AllowedIPs = [ "10.98.0.0/31" ];
|
AllowedIPs = [ "10.98.0.0/31" ];
|
||||||
PresharedKeyFile = "/etc/nixos/wireguard.psk";
|
PresharedKeyFile = config.sops.secrets.preshared_key.path;
|
||||||
PersistentKeepalive = 25;
|
PersistentKeepalive = 25;
|
||||||
Endpoint = "remote.kow.is:51821";
|
Endpoint = "remote.kow.is:51821";
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue