From 0d9bd777c857ca8438bb9720efc855258265ccbb Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Fri, 4 Oct 2024 15:39:10 +0200
Subject: [PATCH] network: init ese wireguard

---
 hosts/quitte/network.nix | 32 ++++++++++++++++++++++++++++++++
 secrets/quitte.yaml      |  5 +++--
 2 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/hosts/quitte/network.nix b/hosts/quitte/network.nix
index 7ec034d..f4635ce 100644
--- a/hosts/quitte/network.nix
+++ b/hosts/quitte/network.nix
@@ -1,5 +1,6 @@
 { config, lib, ... }:
 {
+  sops.secrets."wg-ese" = { };
   networking = {
     # portunus module does weird things to this, so we force it to some sane values
     hosts = {
@@ -44,4 +45,35 @@
       };
     };
   };
+  netdevs."30-wireguard-ese" = {
+    netdevConfig = {
+      Kind = "wireguard";
+      Name = "wg0";
+    };
+    wireguardConfig = {
+      PrivateKeyFile = config.sops.secrets."wg-ese".path;
+      ListenPort = 10000;
+      RouteTable = "main";
+      RouteMetric = 30;
+    };
+    wireguardPeers = [
+      {
+        PublicKey = "";
+        AllowedIPs = "0.0.0.0/0";
+      }
+    ];
+  };
+  networks."30-wireguard-ese" = {
+    matchConfig.Name = "wg0";
+    addresses = [
+      {
+        Address = "10.20.24.1/24";
+        # AddPrefixRoute = false;
+      }
+    ];
+    # networkConfig = {
+    #   DNSSEC = false;
+    #   BindCarrier = [ "ens3" ];
+    # };
+  };
 }
diff --git a/secrets/quitte.yaml b/secrets/quitte.yaml
index f913500..8ed9c77 100644
--- a/secrets/quitte.yaml
+++ b/secrets/quitte.yaml
@@ -1,3 +1,4 @@
+wg-ese: ENC[AES256_GCM,data:vfjDwFCgK2o4NFQtERoKnSksU54UD6igMvF0BWamLyTiO6X3rP4yXl+XCno=,iv:NuDyHsQp82MSn+S/8wV9Vj/OuAfsJeNDPBRGzmQwIbs=,tag:ErGaJ1uxw5Ft3UZ12UIiFA==,type:str]
 nextcloud_adminpass: ENC[AES256_GCM,data:v6FYsO/RklPSz5uf6aYQDhdudHb0962I1WxJM3VGc0af6s/fEz2j+UTu,iv:WzS+jU7qmNQbd1RWDempdu4nv0ytWeybF/PKoc4mvTc=,tag:1CF3ZnQNDLv11j7UoyYsjg==,type:str]
 hedgedoc_session_secret: ENC[AES256_GCM,data:WO3j/Sp0LHyNC51jdzChKB46KLU7l57TBVNL3v92sjs=,iv:HVizKMCd+d9cTQEzRncRpv9scldg5Nn2fBRz0D58OOg=,tag:8HZttVgZs4Ah8JWTDaTySA==,type:str]
 nix-serve:
@@ -51,8 +52,8 @@ sops:
             c2lzVGV6WnVQT1pOTTVwRUxlMWZobWsK0CrDl2ELoYOTrMt3uN3mgBSyaYqOQY4I
             vBK12PV9FR9GFpKN4kGB03PZ0gV0N1zlcCHpnPCUuHwbCvvF2+vCag==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-09-26T18:10:46Z"
-    mac: ENC[AES256_GCM,data:D2qTNh+PfSu3ZjoIv/8qS+S6+Rjqa9Xpwdm+Fj90ibimU3YW5FfrBrNb2psF1nterLUtSdCWPt02m4UFwsH4geizsrVTuv9mWtrCC2DhC8kzV+tFG4OvBCCIM/F7NWM6BElm+etKtvWULRxpoqu4TTk3mQzSQ49SxlaA/NbeVr8=,iv:p0HLBsU0cR2Yt9dF4R3lAIcenScHn47IN4zy/J51i6A=,tag:zuP6Zp8Q89spkvcNQ8kkrQ==,type:str]
+    lastmodified: "2024-10-04T13:36:52Z"
+    mac: ENC[AES256_GCM,data:uSpu82wJBDzFLyrX1An1OObnX2Rif38/Y/gEOOf3mWP3e6G98ldZatBWuUAiN6oCD9SFM95YnTf5gusypnURWaRC33rHaRKU92HDdbCoTt/8BColiu+2NBLfX3eTi20PsNEE1Bcq6QN83aul3nMT4/ahYeghE1LAH82a4bhshP0=,iv:N6ACDgKelZYrGAZefC+WyQVsanhecwIp74DtWiHlmBg=,tag:e0NUzEAh1FvlcNVmImm9/w==,type:str]
     pgp:
         - created_at: "2024-02-29T15:23:23Z"
           enc: |-