Add firewall and update readme

.sops.yaml

@@ -15,7 +15,7 @@ creation_rules:
           - *stefan_ellmauthaler
           - *nucturne
 
-  - path_regex: machines/metis/secrets/wireguard\.yaml
+  - path_regex: machines/metis/secrets/[^/]+\.yaml
     key_groups:
       - pgp:
         - *stefan_ellmauthaler

README.md

@@ -18,4 +18,4 @@
 * Rekey the secrets with either 
 	* a master key
 	* or after a git push on another machine with enough permissions to rekey
-* the flakes dev-shell (`nix devshell`) allows to use `sops <sops-file>` as well as `sops-rekey <sops-file>` to manage the keys on the system
+* the flakes dev-shell (`nix develop`) allows to use `sops <sops-file>` as well as `sops-rekey <sops-file>` to manage the keys on the system

modules/base.nix

@@ -24,6 +24,10 @@ with lib; {
       dev.enable = true;
     };
 
+    networking = {
+      firewall.enable = true;
+    };
+
     environment.systemPackages = with pkgs; [
       alacritty.terminfo
       bintools

secrets/shell.nix

@@ -11,5 +11,10 @@ in
 pkgs.mkShell {
   sopsPGPKeyDirs = [ ./keys/users ./keys/hosts ];
 
-  nativeBuildInputs = [ sops-nix.sops-import-keys-hook sops-nix.ssh-to-pgp sops-rekey ];
+  nativeBuildInputs = [
+    sops-nix.sops-import-keys-hook
+    sops-nix.ssh-to-pgp
+    sops-rekey
+    pkgs.wireguard-tools
+  ];
 }