ellmau/nixos
1
0
Fork 0
mirror of https://github.com/ellmau/nixos.git synced 2025-12-18 09:19:39 +01:00
Code Issues Projects Releases Wiki Activity

Add stel-xps and nucturne to the wireguard network

Browse Source
This commit is contained in:
Stefan Ellmauthaler 2022-08-02 11:28:11 +02:00
parent 95b6639009
commit e2931365b5
Failed to extract signature
6 changed files with 137 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
.sops.yaml
View File

@ -28,3 +28,15 @@ creation_rules:
- pgp:
- *stefan_ellmauthaler
- *metis
- path_regex: machines/stel-xps/secrets/[^/]+\.yaml
key_groups:
- pgp:
- *stefan_ellmauthaler
- *stel-xps
- path_regex: machines/nucturne/secrets/[^/]+\.yaml
key_groups:
- pgp:
- *stefan_ellmauthaler
- *nucturne

15
common/wireguard.nix
View File

@ -7,13 +7,24 @@ with lib; {
servers = {
metis = {
localIp = "1";
extraIps = [ "1" "142" ];
extraIps = [ "1" "2" "142" ];
publicKey = "wP49t1TYXI3ucsYb8RavNGwIf+8nx5UBgDU0PM9VlnI=";
endpoint = "metis.ellmauthaler.net:51820"; #TODO
};
};
peers = { # TODO
peers = {
# TODO
stel-xps = {
localIp = "2";
publicKey = "Wmw+gIvMdaAZ+m7Ruk60IZukW2TvMZxdT13xof9mazs=";
};
nucturne = {
localIp = "3";
publicKey = "DJ1U2EQLkqqapYXKZDgtS/b/xX7ACIHuFuH1sNpecnU=";
};
stelphone = {
localIp = "142";
publicKey = "UnS5BtlKKTXfNaSsw2PY7Gbd5aLGiJVlCUY7bHosLio=";

52
machines/nucturne/secrets/wireguard.yaml Normal file
View File

@ -0,0 +1,52 @@
wireguard-stelnet: ENC[AES256_GCM,data:xjxETy/QfjzLET9nueYAYVAHWywHsuFH93Zu83KIGYV4FuGc68vOycWfXag=,iv:4F9H9FUk9ByDRfR64bwQ8AG8f/jLAMgt8V5HOsf5oGQ=,tag:EIkmGN7nJz+LW4IugSgKzQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2022-08-02T09:19:24Z"
mac: ENC[AES256_GCM,data:SXXw4GR+SDDyZa/FN+feN3EVeFs9eY9Jn41p0Cb0ozJJ+cMCw37VZ2MriOFUbv/c/AO3yotguXSfvXkmtQLXLriyIGymmIPwwIrBoIk+BLuBdc1r0dKOQhzGjVifZUivxJTBoabKpxQMIyFocnHhqoISVnOixcO0V1yoXecVnZI=,iv:Bcia5JX+wpHM5fPQjxoCn9tywTemAOXEd8g0jTuBYBQ=,tag:e9oV7ZLMX8hurYb6XERTDw==,type:str]
pgp:
- created_at: "2022-08-02T09:18:27Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMAzhsLR+kpSPjARAAjve/SlLy2TmlFLhNca1fZQFmqrKLf/+a1arQX8+gasRZ
HEtS8P6qZF8H6Gfdr3mOQymtPIGgZ0EOljN3zTb8fk3Ezs8UnZL0os+PK85JHLx/
MPab7uXOSz1YRg0W2s5vuE3TXn/U8/ub2OwYAgz8CuqBnvm0m+mijIG3/R42Xw9L
MTOMm2pjYgg1Gahbu6dLUgu2CRv6JyDWL90VBdtVF2PKHtAq0Ej7Iwl2idoOtno3
kPSh5npXQEkgfgK+8Prp6Vnx50KJ/c7codf2dgb6fAi+rFLRe3WK0SBxD+vTFbc6
i7FIlYvxIJ1axcUM+Uub2ash2n7o2etWyqCJTou0uOrsXhvQ0A1A1wD9/XJYluvQ
eE0CKVTxJk0kgRCFFh1SLYmh7rAfgnXcQoTr74WM+mNkMx6XH3An4QkYBVkt8fMH
DFswosalYLmDizpui1pROzDlpZA5MUcwh26EytSfSCbWz+RfjJEJWmOuj1zdsTqL
PABfYWPzLfdpm9rktPSOUPfCuMQRUuG30g27cRheMhi50fuOsj0EhCmJZ6c6QhVL
ZHZ2TUh/GK6tih0Yt+3zLD/y/wzCBvlXXR+MdUgoo7F3B0AsxhSOl/TsnK8qurPX
Y59NxcyVymfxeFxiX57mULrBz9H8SBG1SsPN9Kvy6r+VDEG6t2+Y0ydHHiSboF3S
XgHWSGd7nS+NnyOh1M/5Jf6WwUQlVP/IQgkof1mFOUWu+t84fLYmNRb/gbhLZNBS
KRsAyhLDQC2q7/y6m3lOrdYrrQAyFrjc7HyOuNXrv0tuHxRkRQkmgflC3I+viow=
=lAlf
-----END PGP MESSAGE-----
fp: 3B398B086C410264A14FB353B1E6F03030A4AEAA
- created_at: "2022-08-02T09:18:27Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA8COMi97/ZKxARAAgiWiiVaUkjoui5AFpr/hP5kUwDK4DrGHvonWqqVP2o2T
sE9c7qjih0DD8NtUSRtlt3gZUWK0QcNBBW8d+KE7dmon0IaTzcXVdwwoJygIi+D+
PDU9GUms12u2w2xQBemqSZqLe1MAnB8abOxIDUcLzaPxXi2eQwr9D+MP49XXe36v
Qsa7tQs6P2/eFHFLWyjxfIo62frFg71H+xSCkie2kd6tmdqnmQLGFlzqTuU/L/QD
3ofurwfclo3sWK2sqqUIIAJClRGi+to9w+wr69P6O3GS99rJo6GngeHv3n8rcIxI
iYuikhq8Rl+sPiE+DBZUEWO41pqhLQE/Dwt1I+QKdYb56i1FtLg4hB4zERnROTBh
NAWkOywjjHSWpxZ/Nh66WtGj+IpIgOj8W25QVvzOHPw0/7gHFWHTg6uUQ1dbymUY
z4KzFMPrDNY3gZbAbxLCVFhRRJn21jnZcT6DPI1TvLS5d3HP4+4YHEGDx3UCJsha
+NlbPvx0r3OCBu4p1Gvjl2jhpgQudJtPNiuBolqB/4lOAtpNOIxJpInK0I28ORzz
zLP5cOaGm5yDuCFJ9eQNxvws4xuMazOqHbwxz+QyI0mOcJPHWb28m3tLBrRNcLsx
Vy/4NYbFllE3ms7TyQXnlCrFsoHK1ecKITRIehYwJ9fSI7pT3mqAaUxjNyASg93S
WAHiMptr0BfM5mMy/fHq+FbuvB31SnRej3xL04X+E2gimLYtUwyJvoO+rJGHkRxd
G2HrRMP8TPrSqZ/KcofATtVOLN2lrjJ4AGNRPCkGTn5g5mAaKG1Dc4E=
=X9Xu
-----END PGP MESSAGE-----
fp: 9b6a58764eddd81d07180d6dc08e322f7bfd92b1
unencrypted_suffix: _unencrypted
version: 3.7.3

3
machines/stel-xps/default.nix
View File

@ -35,6 +35,9 @@
enable = true;
};
# enable wireguard
wireguard.enable = true;
# user setup
users = {
enable = true;

52
machines/stel-xps/secrets/wireguard.yaml Normal file
View File

@ -0,0 +1,52 @@
wireguard-stelnet: ENC[AES256_GCM,data:KnC28cZdVDYMEbJ2TEIYoGoS4/P9cYrzjMxYMJpHFDFtMAEqLqfMKDayC2o=,iv:bCj6q5wHMKUE01skbv4mp84oXCjWuhHCBM99/1lW5Z0=,tag:6YCNifIzJ8oO9BWoG+R2Ng==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2022-08-02T09:15:52Z"
mac: ENC[AES256_GCM,data:n6haSZnM35m2YjYW5mbqcc/fkQXzGJ+Cj/Epco7xFqTXUM4Ra9eWrj1JQ+4YxHMzq1J4927FawZPq/OVtxdMQCSb4a6LnAZfA6d8PycnICjdtvP5oAwN+mNYb/E2lWtjWHuOMHCagvHvrx8qAohaY/xyHkAS9cITUwrdO5b9HAQ=,iv:NXfPjLzGE4wptHQFxKPdlKQxCKGcZLYPTq5ghVz8tgI=,tag:y3rqJMVr4rusSsE9c9PPDw==,type:str]
pgp:
- created_at: "2022-08-02T09:15:13Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMAzhsLR+kpSPjAQ/+LkopjmvnGH45yBr0HDE/5vk/L4F6auh5ZgkkOP/gHffF
mZ59b8APVGhtQLFa9JDQ8UPYLwfGw64MOZ0xkDAZqg9uzDnuHsl3n9zXbzytDrv/
4Yge4NBVXIstqFwfoRlWRkl0IIeTLKd/4fbpljXFcp3HyzOmzPhCYpk445PtrsYB
SBkjxqn5mjYmE+45jTAoftGeW8HEn263gyQmrfCY2doER9Ul63kyqNHUzBAghv2h
G6ul3DZEFxtT1K/iM4MjkE/1v3msJCwfL+vRBIhmD7WQh7T6oADoSUmBJwR1dcH5
oblTi3YqlYhZKLiOCUY5YY5n61eeB9mMc5sByX4NpHpzUy4tC4PEKsao1BYo+Bz4
KEUBQmO2yT57qwvu4xMTqYZFgHg8F7VKo9k49QoKeRXC2GtC6WvBvn5E/AueE0pi
wmunjQY/Dq/6UL5pBgDkCuIfkZfTnnxfH5w87IZ6PBsbK1vpA5pPYNki9qLKJdXS
PkhUIxwS1tAFbJOnuD7WfHNI/8FCnCi7ljboLBXu7XtOW4BvCez3YcV3bs78E5jv
jH8r5gfubVLk/WxGiuNDhaIjFbtz+R792wQiZ500b0StQHJslDpiZqQPhCZWnKjj
JuWWB4OtGBFNt0g8raTp8JMDOT4sYJzxKPMlMFnRX6WWHpbX8OxAnXLtuen/ECbS
XgHPHKU/DDEyRG/w/Z3jyrJ7NnO9v0DkER7Q/Nti9mMQ1Mbin5rQ8HiCMuYeAdI0
px3XVZN9U/ViFEMv0GIaUhncZZwc4A7+QyQBeFX934Y84sJe1tPXyy9YVQ8QSog=
=5LF/
-----END PGP MESSAGE-----
fp: 3B398B086C410264A14FB353B1E6F03030A4AEAA
- created_at: "2022-08-02T09:15:13Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA1NKtoXYguTKAQ//c2EnhsGwXVxptUkpl31BouAvwh/IVz51wLXWMDnadMBH
jZe/oaYYRrlnoyVYkHMgs1WH+nReoa9KZ2SvmLUT84SagjKDL6mYeIDL93ui2w+E
29B5i7tEcpHiP8ENepSykAEdUZXaxkfhuFlhToTD0mDCBQVElsG9iIihXQOhqxbY
yOpPpXh6jTAOmpS0rAqR+0w2vhePapNRHr9M6YAUGrfW+cKAW0FZ403jAgRKFQdV
MKtHkFDv9GXYcV9T5N4IArfmljRuMtF7zBS4tVyCYSStMR9tY0/7qxsQIlapayeK
CLXU5b8XMXngOHq/C3w7LaBY1K79e/Q2COlH/pUH5uxG6PTlISguDbSsagW6IhYS
ysCU0fOg7vcPXesfimcoI6cmF+6glCGky+uNhIjAIhdd3GTtq8qYAv5xF2S65SWG
hwqmzXHeypMPG/28/j2Xajp3dOdc/RI/v6s8S2RmFWDxXt6LGz7z2nTaPCSyC8Q6
U3Oh5IxQfLnogEvM160HoEI/RnvXVEVUAjpKzVyyB0YWSy6A1n2JTQf2vCkq7z6s
iMIcqIB3Fc4OwQ9RYjFpxBYT/e61+xXApOtLTWis9Nd19pL9wgSuYW3vmntxTlhF
JAoLPL3/Cb/OvjdI//9YueizaH0cypuXa4JzqHkuVAxwecrYNI9tQlKVy0h9DArS
WAEnlputyr926wo0PStPNp3oAAjFNsKaMn1kWw29hbWpmXm/gogsKUkjRFQPMlnm
SUJZldj7PHj8MF+m8eWZd7cuTxviCVuSnNHancsnoOH03wgF8mkr5j4=
=mi+7
-----END PGP MESSAGE-----
fp: e8dfcfbac0c3e65bbdfd62ab534ab685d882e4ca
unencrypted_suffix: _unencrypted
version: 3.7.3

6
modules/wireguard.nix
View File

@ -148,8 +148,12 @@
dnsServers = lib.concatLists (lib.mapAttrsToList serverIps servers);
in
lib.concatStrings ([
# will be needed for nsd
# ''
# ${pkgs.systemd}/bin/resolvectl domain ${ifName} ${name}.${config.elss.dns.wgZone}
# ${pkgs.systemd}/bin/resolvectl default-route ${ifName} true
# ''
''
${pkgs.systemd}/bin/resolvectl domain ${ifName} ${name}.${config.elss.dns.wgZone}
${pkgs.systemd}/bin/resolvectl default-route ${ifName} true
''
] ++ (map