dusk/ark
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add secrets

Browse Source
This commit is contained in:
dusk 2023-05-05 03:50:25 +03:00
parent 30bafe174e
commit d8bb7cd045
Signed by: dusk
GPG Key ID: 1D8F8FAF2294D6EA
8 changed files with 13 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/tkaronto/modules/secrets.nix
View File

@ -1,4 +1,6 @@
{ {
age.identityPaths = ["/etc/nixos/keys/ssh_key"];
age.secrets.nixGithubAccessToken.file = ../../../secrets/nixGithubAccessToken.age; age.secrets.nixGithubAccessToken.file = ../../../secrets/nixGithubAccessToken.age;
age.secrets.wgTkarontoKey.file = ../../../secrets/wgTkarontoKey.age; age.secrets.wgTkarontoKey.file = ../../../secrets/wgTkarontoKey.age;
} }

1
hosts/tkaronto/modules/wgWolumondeIp Normal file
View File

@ -0,0 +1 @@
23.88.101.188

1
hosts/tkaronto/modules/wgWolumondeKey.pub Normal file
View File

@ -0,0 +1 @@
wua7uoPmmz0nXop3TKJOEUJ++LSmJdQxCRk9rNbPaAg=

4
hosts/tkaronto/modules/wireguard.nix
View File

@ -3,9 +3,9 @@
networking.wireguard.interfaces."wg0" = { networking.wireguard.interfaces."wg0" = {
privateKeyFile = config.age.secrets.wgTkarontoKey.path; privateKeyFile = config.age.secrets.wgTkarontoKey.path;
peers = [{ peers = [{
publicKey = import ./wgWolumondeKey.pub; publicKey = builtins.readFile ./wgWolumondeKey.pub;
allowedIPs = ["10.99.0.1/32"]; allowedIPs = ["10.99.0.1/32"];
endpoint = "${import ./wgWolumondeIp}:51820"; endpoint = "${builtins.readFile ./wgWolumondeIp}:51820";
}]; }];
}; };
} }

2
hosts/wolumonde/modules/ssh.nix
View File

@ -5,6 +5,6 @@
passwordAuthentication = false; passwordAuthentication = false;
}; };
users.users.root.openssh.authorizedKeys.keys = [ users.users.root.openssh.authorizedKeys.keys = [
(builtins.readFile "${inputs.self}/secrets/ssh-key.pub") (builtins.readFile "${inputs.self}/secrets/yusdacra.key.pub")
]; ];
} }

1
hosts/wolumonde/modules/wgTkarontoKey.pub Normal file
View File

@ -0,0 +1 @@
IPz9tX4jsDOYcujU5B2KVuPaPVG2JaYA1FqLsZzky0Q=

2
hosts/wolumonde/modules/wireguard.nix
View File

@ -4,7 +4,7 @@
listenPort = 51820; listenPort = 51820;
privateKeyFile = config.age.secrets.wgWolumondeKey.path; privateKeyFile = config.age.secrets.wgWolumondeKey.path;
peers = [{ peers = [{
publicKey = import ./wgTkarontoKey.pub; publicKey = builtins.readFile ./wgTkarontoKey.pub;
allowedIPs = ["10.99.0.2/32"]; allowedIPs = ["10.99.0.2/32"];
}]; }];
}; };

5
lib/default.nix
View File

@ -14,8 +14,11 @@ lib.makeExtensible (self: {
importFolder = modules: let importFolder = modules: let
b = builtins; b = builtins;
files = b.readDir modules; files = b.readDir modules;
fileNames = b.attrNames files;
filesToImport = filesToImport =
b.map (name: "${modules}/${name}") (b.attrNames files); b.map
(name: "${modules}/${name}")
(b.filter (name: b.match ".*\.nix" name != null) fileNames);
in in
filesToImport; filesToImport;