diff --git a/hosts/default.nix b/hosts/default.nix index ab96dc6..96350d4 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -6,7 +6,6 @@ }: let baseModules = [ ../modules - ../secrets ../locale inputs.home.nixosModule ]; diff --git a/hosts/tkaronto/modules/secrets.nix b/hosts/tkaronto/modules/secrets.nix index 37b5c33..123d007 100644 --- a/hosts/tkaronto/modules/secrets.nix +++ b/hosts/tkaronto/modules/secrets.nix @@ -1,4 +1,4 @@ { age.secrets.nixGithubAccessToken.file = ../../../secrets/nixGithubAccessToken.age; - age.secrets.wgServerPrivateKey.file = ../../../secrets/wgServerPrivateKey.age; + age.secrets.wgTkarontoKey.file = ../../../secrets/wgTkarontoKey.age; } diff --git a/hosts/tkaronto/modules/wireguard.nix b/hosts/tkaronto/modules/wireguard.nix index c9f4ce4..6e55a2f 100644 --- a/hosts/tkaronto/modules/wireguard.nix +++ b/hosts/tkaronto/modules/wireguard.nix @@ -1,11 +1,11 @@ {config, ...}: { networking.wireguard.enable = true; networking.wireguard.interfaces."wg0" = { - privateKeyFile = config.age.secrets.wgServerPrivateKey.path; + privateKeyFile = config.age.secrets.wgTkarontoKey.path; peers = [{ - publicKey = import ./wgProxyPublicKey.key.pub; + publicKey = import ./wgWolumondeKey.pub; allowedIPs = ["10.99.0.1/32"]; - endpoint = "${import ./wgProxyPublicIp}:51820"; + endpoint = "${import ./wgWolumondeIp}:51820"; }]; }; } \ No newline at end of file diff --git a/hosts/wolumonde/modules/secrets.nix b/hosts/wolumonde/modules/secrets.nix index a16ddc2..eb9e29d 100644 --- a/hosts/wolumonde/modules/secrets.nix +++ b/hosts/wolumonde/modules/secrets.nix @@ -1,4 +1,4 @@ { age.secrets.bernbotToken.file = ../../../secrets/bernbotToken.age; - age.secrets.wgProxyPrivateKey.file = ../../../secrets/wgProxyPrivateKey.age; + age.secrets.wgWolumondeKey.file = ../../../secrets/wgWolumondeKey.age; } diff --git a/hosts/wolumonde/modules/wireguard.nix b/hosts/wolumonde/modules/wireguard.nix index 264e684..cbcf849 100644 --- a/hosts/wolumonde/modules/wireguard.nix +++ b/hosts/wolumonde/modules/wireguard.nix @@ -2,9 +2,9 @@ networking.wireguard.enable = true; networking.wireguard.interfaces."wg0" = { listenPort = 51820; - privateKeyFile = config.age.secrets.wgProxyPrivateKey.path; + privateKeyFile = config.age.secrets.wgWolumondeKey.path; peers = [{ - publicKey = import ./wgServerPublicKey.key.pub; + publicKey = import ./wgTkarontoKey.pub; allowedIPs = ["10.99.0.2/32"]; }]; }; diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 6bc127a..fe46942 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -3,8 +3,8 @@ let wolumonde = builtins.readFile ./wolumonde.key.pub; in { - "wgProxyPrivateKey.age".publicKeys = [yusdacra wolumonde]; - "wgServerPrivateKey.age".publicKeys = [yusdacra]; + "wgWolumondeKey.age".publicKeys = [yusdacra wolumonde]; + "wgTkarontoKey.age".publicKeys = [yusdacra]; "bernbotToken.age".publicKeys = [yusdacra wolumonde]; "nixGithubAccessToken.age".publicKeys = [yusdacra]; } diff --git a/secrets/wgTkarontoKey.age b/secrets/wgTkarontoKey.age new file mode 100644 index 0000000..f8ea873 --- /dev/null +++ b/secrets/wgTkarontoKey.age @@ -0,0 +1,17 @@ +age-encryption.org/v1 +-> ssh-rsa Abmvag +fO3lQR63PmOPCObw33ZW6wydazNyiY4DMELKcb+ScKsbWqv++DzZy9rhTAzIWy0L +mV5H06XQKrN8JxzC8S6KHKBiyFZBwMw4Q9HXQAj+GsKy9Ts8mT9Eydq2dVYlceBl +6U31EO1EkKh5wGbQztSc52uEIKwfskNM7pgF9FQkChFX3Fju7CDxQaJwtQQ9/6Fz +HikmDoK9EHdSyEowGFLzOSN+8nuI+QgH0e9p8NUGkZZt02V3KTZBgoSkeCwlqr3I +F8fr8mkmHmBq3X1AdDushorCHJioh9ZTcLhCd+WZwG8G+gtlnyLNNENEqcFO08yR +1KbCpr4wxmMGPs+vnE0PjFSZpvbT0qegauM0e/yGmZI7SjR8NfkN4Yah+lfgHgU6 +ThsHav2FeDDKVocJrRMfyuMn0DB3wMv5XMBD41PQP9te3URQhrg9DptTUbtvcgBm +UQs83DL7UB5beNuku4pdb5ihXmmIu+UBXWRjbVXcdwVwTeUYSi+FzRKGeHN8Q6zB +Sq6OUQVtRoGKLyqnH05JzrnOKLP+YvAnfn95AjZu1fvxOLen6tTxiP1Hy0/IRWJ9 +lCiDLJzueQqVU7APPNJ+mkco/9dBguuwqmjwj/0IopFLGGAXdq4xsPS6q4kmlUAb +s0PS2XoefHyliTZaeJN4m/rA8kxrEQ+A8TG8Iq0jhrQ +-> ImuX-grease ? +jDl7okapM3YiqfppSi0z4/g +--- 8OjxSYdr+L5qWxb5SyvjZ/exgFOwtiaHdHdvhMSV2CQ +0b~b?6 +W,n&jQuUmBS}lK]H \ No newline at end of file diff --git a/secrets/wgWolumondeKey.age b/secrets/wgWolumondeKey.age new file mode 100644 index 0000000..c0f2893 --- /dev/null +++ b/secrets/wgWolumondeKey.age @@ -0,0 +1,20 @@ +age-encryption.org/v1 +-> ssh-rsa Abmvag +VCeXZjRIvdZD1E5Xt/k1uH3j9nrdtGzQ8ydHQDGWUkZpOlBlucujrGuoCuiRZGle +7ctY5Np3lWH6aL9R8DtYmkz0AAKlZ/gK4UNdtFA9J0huNhk1GfWIuVU3yFEg+Mg0 +LW7yK3uFvELjbQy5gKLczuMQhQ+CWuCf/4pRVnpLhqrCre4+jj2bEAfICsniSdcO +FuChw1IS7cRSttE9DShjT15Wml7+i5I4w2UY5tosi49dc8Y7FFa5EAnIkO6YbCrF +AV5OukWoASPWlzUIBG+hx1kVGIyOfBGemoeB/xksTGfY+uIdelCzqrAWg4JdnzP3 +wgCqCCR/6xOhX4GHiJERwSeyJ54PKp+UwegOI8xPKiPOGk/8VXcpOKIaLQeb+nzW +YwEbPzmqYtzNmQk456PGcC9Ibv9HVZbC+cjKygh4z5lBJPL9/O8tz8AGDBuMaoLD +5DMoa9W/3BCzPW46YFJA5K4IbYfb6mqGnqTeZOq/KlxMydK1+iSgc8/ZTQEdJw80 +WrVupR6BJkiu5bvMqCsuYtEbqWNAWFFz61ifQPt4s86B7QAWgNznfcf7nlufWQw4 +u8J74WtaPe6K+wDybN3Xv9Hi5ZgwRU8220w8jHkY+986gVQoapkCv0xuxLSeJ1/9 +2m5WifiM2lIk/yTtzPosfiMz4CynmKFm17sZcVOzACI +-> ssh-ed25519 KjIL7g jVrj2lq/7hxXvebnw92IOB+sgDt4MQF1HHInzGPrc0M +jPb62GFP+i3Vnw08kDJeD60m2Dnz4xd7Lsgv0LQtdBI +-> QZ=&db*J-grease ' +isL9Vjh7E/6SBk2Lcv19W7vaWqjcQRbLgNm0iPx480QpbHC7r66dF7gBrl0TmdRR +zy2Q +--- 1IaQ42FjPe1B/rcWmA5ghfOIN/AOuqUcfXuh7oyOHn4 +