dusk/ark
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

wip

Browse Source
This commit is contained in:
dusk 2023-05-05 03:30:46 +03:00
parent cef3293400
commit 30bafe174e
Signed by: dusk
GPG Key ID: 1D8F8FAF2294D6EA
8 changed files with 46 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/default.nix
View File

@ -6,7 +6,6 @@
}: let }: let
baseModules = [ baseModules = [
../modules ../modules
../secrets
../locale ../locale
inputs.home.nixosModule inputs.home.nixosModule
]; ];

2
hosts/tkaronto/modules/secrets.nix
View File

@ -1,4 +1,4 @@
{ {
age.secrets.nixGithubAccessToken.file = ../../../secrets/nixGithubAccessToken.age; age.secrets.nixGithubAccessToken.file = ../../../secrets/nixGithubAccessToken.age;
age.secrets.wgServerPrivateKey.file = ../../../secrets/wgServerPrivateKey.age; age.secrets.wgTkarontoKey.file = ../../../secrets/wgTkarontoKey.age;
} }

6
hosts/tkaronto/modules/wireguard.nix
View File

@ -1,11 +1,11 @@
{config, ...}: { {config, ...}: {
networking.wireguard.enable = true; networking.wireguard.enable = true;
networking.wireguard.interfaces."wg0" = { networking.wireguard.interfaces."wg0" = {
privateKeyFile = config.age.secrets.wgServerPrivateKey.path; privateKeyFile = config.age.secrets.wgTkarontoKey.path;
peers = [{ peers = [{
publicKey = import ./wgProxyPublicKey.key.pub; publicKey = import ./wgWolumondeKey.pub;
allowedIPs = ["10.99.0.1/32"]; allowedIPs = ["10.99.0.1/32"];
endpoint = "${import ./wgProxyPublicIp}:51820"; endpoint = "${import ./wgWolumondeIp}:51820";
}]; }];
}; };
} }

2
hosts/wolumonde/modules/secrets.nix
View File

@ -1,4 +1,4 @@
{ {
age.secrets.bernbotToken.file = ../../../secrets/bernbotToken.age; age.secrets.bernbotToken.file = ../../../secrets/bernbotToken.age;
age.secrets.wgProxyPrivateKey.file = ../../../secrets/wgProxyPrivateKey.age; age.secrets.wgWolumondeKey.file = ../../../secrets/wgWolumondeKey.age;
} }

4
hosts/wolumonde/modules/wireguard.nix
View File

@ -2,9 +2,9 @@
networking.wireguard.enable = true; networking.wireguard.enable = true;
networking.wireguard.interfaces."wg0" = { networking.wireguard.interfaces."wg0" = {
listenPort = 51820; listenPort = 51820;
privateKeyFile = config.age.secrets.wgProxyPrivateKey.path; privateKeyFile = config.age.secrets.wgWolumondeKey.path;
peers = [{ peers = [{
publicKey = import ./wgServerPublicKey.key.pub; publicKey = import ./wgTkarontoKey.pub;
allowedIPs = ["10.99.0.2/32"]; allowedIPs = ["10.99.0.2/32"];
}]; }];
}; };

4
secrets/secrets.nix
View File

@ -3,8 +3,8 @@ let
wolumonde = builtins.readFile ./wolumonde.key.pub; wolumonde = builtins.readFile ./wolumonde.key.pub;
in in
{ {
"wgProxyPrivateKey.age".publicKeys = [yusdacra wolumonde]; "wgWolumondeKey.age".publicKeys = [yusdacra wolumonde];
"wgServerPrivateKey.age".publicKeys = [yusdacra]; "wgTkarontoKey.age".publicKeys = [yusdacra];
"bernbotToken.age".publicKeys = [yusdacra wolumonde]; "bernbotToken.age".publicKeys = [yusdacra wolumonde];
"nixGithubAccessToken.age".publicKeys = [yusdacra]; "nixGithubAccessToken.age".publicKeys = [yusdacra];
} }

17
secrets/wgTkarontoKey.age Normal file
View File

@ -0,0 +1,17 @@
age-encryption.org/v1
-> ssh-rsa Abmvag
fO3lQR63PmOPCObw33ZW6wydazNyiY4DMELKcb+ScKsbWqv++DzZy9rhTAzIWy0L
mV5H06XQKrN8JxzC8S6KHKBiyFZBwMw4Q9HXQAj+GsKy9Ts8mT9Eydq2dVYlceBl
6U31EO1EkKh5wGbQztSc52uEIKwfskNM7pgF9FQkChFX3Fju7CDxQaJwtQQ9/6Fz
HikmDoK9EHdSyEowGFLzOSN+8nuI+QgH0e9p8NUGkZZt02V3KTZBgoSkeCwlqr3I
F8fr8mkmHmBq3X1AdDushorCHJioh9ZTcLhCd+WZwG8G+gtlnyLNNENEqcFO08yR
1KbCpr4wxmMGPs+vnE0PjFSZpvbT0qegauM0e/yGmZI7SjR8NfkN4Yah+lfgHgU6
ThsHav2FeDDKVocJrRMfyuMn0DB3wMv5XMBD41PQP9te3URQhrg9DptTUbtvcgBm
UQs83DL7UB5beNuku4pdb5ihXmmIu+UBXWRjbVXcdwVwTeUYSi+FzRKGeHN8Q6zB
Sq6OUQVtRoGKLyqnH05JzrnOKLP+YvAnfn95AjZu1fvxOLen6tTxiP1Hy0/IRWJ9
lCiDLJzueQqVU7APPNJ+mkco/9dBguuwqmjwj/0IopFLGGAXdq4xsPS6q4kmlUAb
s0PS2XoefHyliTZaeJN4m/rA8kxrEQ+A8TG8Iq0jhrQ
-> ImuX-grease ?
jDl7okapM3YiqfppSi0z4/g
--- 8OjxSYdr+L5qWxb5SyvjZ/exgFOwtiaHdHdvhMSV2CQ
ÇŸ0¥íçbú~†¦ý§bÔ?ì”îÆö¦ƒ6Ï úÀ+W,nÌŠŽ<C5A0>ƒ&ÈjQuËÏU<C38F>ªßmø£BâÁS}lˆ¦ôKª]H

20
secrets/wgWolumondeKey.age Normal file
View File

@ -0,0 +1,20 @@
age-encryption.org/v1
-> ssh-rsa Abmvag
VCeXZjRIvdZD1E5Xt/k1uH3j9nrdtGzQ8ydHQDGWUkZpOlBlucujrGuoCuiRZGle
7ctY5Np3lWH6aL9R8DtYmkz0AAKlZ/gK4UNdtFA9J0huNhk1GfWIuVU3yFEg+Mg0
LW7yK3uFvELjbQy5gKLczuMQhQ+CWuCf/4pRVnpLhqrCre4+jj2bEAfICsniSdcO
FuChw1IS7cRSttE9DShjT15Wml7+i5I4w2UY5tosi49dc8Y7FFa5EAnIkO6YbCrF
AV5OukWoASPWlzUIBG+hx1kVGIyOfBGemoeB/xksTGfY+uIdelCzqrAWg4JdnzP3
wgCqCCR/6xOhX4GHiJERwSeyJ54PKp+UwegOI8xPKiPOGk/8VXcpOKIaLQeb+nzW
YwEbPzmqYtzNmQk456PGcC9Ibv9HVZbC+cjKygh4z5lBJPL9/O8tz8AGDBuMaoLD
5DMoa9W/3BCzPW46YFJA5K4IbYfb6mqGnqTeZOq/KlxMydK1+iSgc8/ZTQEdJw80
WrVupR6BJkiu5bvMqCsuYtEbqWNAWFFz61ifQPt4s86B7QAWgNznfcf7nlufWQw4
u8J74WtaPe6K+wDybN3Xv9Hi5ZgwRU8220w8jHkY+986gVQoapkCv0xuxLSeJ1/9
2m5WifiM2lIk/yTtzPosfiMz4CynmKFm17sZcVOzACI
-> ssh-ed25519 KjIL7g jVrj2lq/7hxXvebnw92IOB+sgDt4MQF1HHInzGPrc0M
jPb62GFP+i3Vnw08kDJeD60m2Dnz4xd7Lsgv0LQtdBI
-> QZ=&db*J-grease '
isL9Vjh7E/6SBk2Lcv19W7vaWqjcQRbLgNm0iPx480QpbHC7r66dF7gBrl0TmdRR
zy2Q
--- 1IaQ42FjPe1B/rcWmA5ghfOIN/AOuqUcfXuh7oyOHn4
–ì<øC9LQ˜zÝ#¸P ‰Í5îìUBþÄ®T@Í•O×·÷éF ô7tægÌfjy7/d˶,¦£ôTÞÝ4<Ž3