rouven.seifert/nixos-config
1
1
Fork 0
mirror of https://git.sr.ht/~rouven/nixos-config synced 2024-11-15 05:13:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

added dorm wireguard

Browse source
This commit is contained in:
Rouven Seifert 2022-12-30 11:02:10 +01:00
parent 084aa31503
commit ad7938a056
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
2 changed files with 29 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
hosts/thinkpad/modules/networks/default.nix
View file

@ -2,12 +2,15 @@
{
imports = [ ./uni.nix ];
sops.secrets."wireless-env" = { };
sops.secrets = {
"wireless-env" = { };
"wireguard/dorm/private" = { };
"wireguard/dorm/preshared" = { };
};
networking = {
hostName = "thinkpad";
firewall = {
allowedUDPPorts = [ 51820 ]; # used for wireguard
checkReversePath = false;
#allowedUDPPorts = [ 51820 ]; # used for wireguard
};
wireless = {
enable = true;
@ -27,5 +30,22 @@
};
};
};
wg-quick.interfaces = {
Dorm = {
address = [ "10.10.10.3/32" ];
privateKeyFile = config.sops.secrets."wireguard/dorm/private".path;
listenPort = 51820;
dns = [ "192.168.10.1" ];
autostart = false;
peers = [
{
publicKey = "vUmworuJFHjB4KUdkucQ+nzqO2ysARLomq4UuK1n430=";
presharedKeyFile = config.sops.secrets."wireguard/dorm/preshared".path;
allowedIPs = [ "0.0.0.0/0" ];
endpoint = "dorm.vpn.rfive.de:51820";
}
];
};
};
};
}

8
secrets/thinkpad.yaml
View file

@ -1,6 +1,10 @@
wireless-env: ENC[AES256_GCM,data:ammPuyKddupz2q4zYLNzAH3W0uarrUnD4vu6ta3cboYN5egTrDrKWrgInSFNcebHUJknaS8WV8uqxFISMvi0+6KDXgf1CFpaF2xIaRhDUNr2Cd7eSCS9sbmy4tJ7Vinwt8prgElMm0heAjEgsP/ob9dAPrkFBkWXIk9pRtOZsAngqZ2CBXyPH2EciLCdJBaE+2SiQCvZfcNvsmKM2b9oTpQcP4Yp8HuWkUJthy+qyOHBq2LStiBAIjjXPqRR/PFKofPrXojs7+by,iv:63dNbgQq3fDGitfsHAxtwPzhiSyb4818a6iuc0s+zzo=,tag:edV7fPU5h8N362vonltt9g==,type:str]
uni:
zih: ENC[AES256_GCM,data:irxq42t4H+7E3YJjqbmyccw=,iv:f0E84HMBQN9TtR1BN56LTU4FLOkVWPFTUysQvu99nzs=,tag:BkNyAJAj+3tPF3Us4Vqg3w==,type:str]
wireguard:
dorm:
private: ENC[AES256_GCM,data:ISK2FjZsBx60Sgag8tJs+SyXSvdIQeIHeqB1V/m3g8RxkgIFBkCBnEjB8/g=,iv:CbDXnT3ERB+OYSa0+Xc4nN8joNj3dtSPTQa0SU5S5xg=,tag:Eap30fSv0MtBzaZvBLWAYA==,type:str]
preshared: ENC[AES256_GCM,data:5Kc/CMoEVpqJO0vyDOKmw5A19P68jJe5N025+kIvdvoOoNs2Knl127EuSAA=,iv:5lX9Kj5hz1GNh3a6Ig701cocuZ1CYr4Ze++wJzu7AAU=,tag:1rVx8EA5N++SgXpv0aMGNg==,type:str]
sops:
kms: []
gcp_kms: []
@ -16,8 +20,8 @@ sops:
S0NwYWFQcmFtTm5zTEZLVXRtMi91Zk0K3ylHH4OXduJlJxepPz9GxBzVmKGpv9LL
ApkEQxfPL4Bxrb2XOFLOYqJGv2SwxBv1QNYT7eTXRLTEsIXUHR0MGA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-12-29T19:11:37Z"
mac: ENC[AES256_GCM,data:Y+f5llPf+i6KcsH3bkvr9joSguIXRjsEIEp+KmqSFf86P5HAj90uROKFyvpkjiOf0P9/1Z1qeuDKxWG3WTAvMG+eWOVigou3rOLSDzUBnl1q+HT5G8EmPAVZ39aGssFi8Vy+dVHRrSnXmJ2D4oA2514xqjwZLcParqfi5LM61mI=,iv:e58rnR6BfdSBpYhJyNI1aWq51NMILhySEFKHGNaEk4o=,tag:Av3Y+fmoOhr6ddDvPNpK3Q==,type:str]
lastmodified: "2022-12-30T10:00:06Z"
mac: ENC[AES256_GCM,data:sbnck/gYg9FnWkqGjNqOvtc853VNQCRwdDjuZ+WX7aOrO7cKcmLqMz7kKqV5qVUoygEQERy2hnT0hWSUdAI3sUehCrteYQe+iQSz7Q05IOGmnrcH1ilUwMpD23tZsRUsC4MewVusUaRLnK7Ryu0wS2fSL0wdrluex1eUsvfs+Wo=,iv:F0j9rh4bmHKNzPKRcBBNm26GiTQysGAahpQlRMmfhkM=,tag:UgPKc1abo8kjm3ZrgFos/g==,type:str]
pgp:
- created_at: "2022-12-27T16:39:15Z"
enc: |-