wurzel/fruitbasket
9
1
Fork 0
Code Issues 5 Pull requests Packages Projects Releases Wiki Activity

network: init ese wireguard

Browse source
This commit is contained in:
Rouven Seifert 2024-10-04 15:39:10 +02:00
parent e80eb649ca
commit 0d9bd777c8
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
2 changed files with 35 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
hosts/quitte/network.nix
View file

@ -1,5 +1,6 @@
{ config, lib, ... }:
{
sops.secrets."wg-ese" = { };
networking = {
# portunus module does weird things to this, so we force it to some sane values
hosts = {
@ -44,4 +45,35 @@
};
};
};
netdevs."30-wireguard-ese" = {
netdevConfig = {
Kind = "wireguard";
Name = "wg0";
};
wireguardConfig = {
PrivateKeyFile = config.sops.secrets."wg-ese".path;
ListenPort = 10000;
RouteTable = "main";
RouteMetric = 30;
};
wireguardPeers = [
{
PublicKey = "";
AllowedIPs = "0.0.0.0/0";
}
];
};
networks."30-wireguard-ese" = {
matchConfig.Name = "wg0";
addresses = [
{
Address = "10.20.24.1/24";
# AddPrefixRoute = false;
}
];
# networkConfig = {
# DNSSEC = false;
# BindCarrier = [ "ens3" ];
# };
};
}

5
secrets/quitte.yaml
View file

@ -1,3 +1,4 @@
wg-ese: ENC[AES256_GCM,data:vfjDwFCgK2o4NFQtERoKnSksU54UD6igMvF0BWamLyTiO6X3rP4yXl+XCno=,iv:NuDyHsQp82MSn+S/8wV9Vj/OuAfsJeNDPBRGzmQwIbs=,tag:ErGaJ1uxw5Ft3UZ12UIiFA==,type:str]
nextcloud_adminpass: ENC[AES256_GCM,data:v6FYsO/RklPSz5uf6aYQDhdudHb0962I1WxJM3VGc0af6s/fEz2j+UTu,iv:WzS+jU7qmNQbd1RWDempdu4nv0ytWeybF/PKoc4mvTc=,tag:1CF3ZnQNDLv11j7UoyYsjg==,type:str]
hedgedoc_session_secret: ENC[AES256_GCM,data:WO3j/Sp0LHyNC51jdzChKB46KLU7l57TBVNL3v92sjs=,iv:HVizKMCd+d9cTQEzRncRpv9scldg5Nn2fBRz0D58OOg=,tag:8HZttVgZs4Ah8JWTDaTySA==,type:str]
nix-serve:
@ -51,8 +52,8 @@ sops:
c2lzVGV6WnVQT1pOTTVwRUxlMWZobWsK0CrDl2ELoYOTrMt3uN3mgBSyaYqOQY4I
vBK12PV9FR9GFpKN4kGB03PZ0gV0N1zlcCHpnPCUuHwbCvvF2+vCag==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-26T18:10:46Z"
mac: ENC[AES256_GCM,data:D2qTNh+PfSu3ZjoIv/8qS+S6+Rjqa9Xpwdm+Fj90ibimU3YW5FfrBrNb2psF1nterLUtSdCWPt02m4UFwsH4geizsrVTuv9mWtrCC2DhC8kzV+tFG4OvBCCIM/F7NWM6BElm+etKtvWULRxpoqu4TTk3mQzSQ49SxlaA/NbeVr8=,iv:p0HLBsU0cR2Yt9dF4R3lAIcenScHn47IN4zy/J51i6A=,tag:zuP6Zp8Q89spkvcNQ8kkrQ==,type:str]
lastmodified: "2024-10-04T13:36:52Z"
mac: ENC[AES256_GCM,data:uSpu82wJBDzFLyrX1An1OObnX2Rif38/Y/gEOOf3mWP3e6G98ldZatBWuUAiN6oCD9SFM95YnTf5gusypnURWaRC33rHaRKU92HDdbCoTt/8BColiu+2NBLfX3eTi20PsNEE1Bcq6QN83aul3nMT4/ahYeghE1LAH82a4bhshP0=,iv:N6ACDgKelZYrGAZefC+WyQVsanhecwIp74DtWiHlmBg=,tag:e0NUzEAh1FvlcNVmImm9/w==,type:str]
pgp:
- created_at: "2024-02-29T15:23:23Z"
enc: |-