aboutsummaryrefslogtreecommitdiffstats
path: root/hosts
diff options
context:
space:
mode:
authorMark Nipper <nipsy@bitgnome.net>2024-10-13 01:42:13 -0700
committerMark Nipper <nipsy@bitgnome.net>2024-10-13 01:42:13 -0700
commit1808cc6ff71511708f508f61018196cd781d6b7b (patch)
tree5e6c240aafe3d565321b357973989c0bf41aa4a4 /hosts
parent740b45d77a7239b7cae8e01c5d0d68d7e82124e6 (diff)
downloadnix-1808cc6ff71511708f508f61018196cd781d6b7b.tar
nix-1808cc6ff71511708f508f61018196cd781d6b7b.tar.gz
nix-1808cc6ff71511708f508f61018196cd781d6b7b.tar.bz2
nix-1808cc6ff71511708f508f61018196cd781d6b7b.tar.lz
nix-1808cc6ff71511708f508f61018196cd781d6b7b.tar.xz
nix-1808cc6ff71511708f508f61018196cd781d6b7b.tar.zst
nix-1808cc6ff71511708f508f61018196cd781d6b7b.zip
Add wireguard server @arrakis
Diffstat (limited to '')
-rw-r--r--hosts/arrakis/default.nix62
-rw-r--r--hosts/secrets/arrakis.yaml14
2 files changed, 73 insertions, 3 deletions
diff --git a/hosts/arrakis/default.nix b/hosts/arrakis/default.nix
index 06b1f2b..f9277f8 100644
--- a/hosts/arrakis/default.nix
+++ b/hosts/arrakis/default.nix
@@ -63,6 +63,57 @@
nameservers = [ "192.168.1.1" ];
nftables.enable = true;
useDHCP = false;
+ wg-quick.interfaces = {
+ wg0 = {
+ address = [
+ "10.4.20.1/24"
+ ];
+ ListenPort = 51820;
+ peers = [
+ { # black-sheep
+ allowedIPs = [ "10.4.20.2/32" ];
+ presharedKeyFile = "${config.sops.secrets."wireguard/black-sheep_psk".path}";
+ publicKey = "wQsGWsfXI2+GmKHdCH2V2xIeTyV2YlH/IFp6gerxcW8=";
+ }
+ { # lilnasx
+ allowedIPs = [ "10.4.20.3/32" ];
+ presharedKeyFile = "${config.sops.secrets."wireguard/lilnasx_psk".path}";
+ publicKey = "87cANtuPf28vGrB0uL69/tXgsD/30FUYt/XevQjpz3o=";
+ }
+ { # ramped
+ allowedIPs = [ "10.4.20.4/32" ];
+ presharedKeyFile = "${config.sops.secrets."wireguard/ramped_psk".path}";
+ publicKey = "TvE3f0QKJXUn8pxmKMaztFvRIdi9z9dxNDN2KNdtRXQ=";
+ }
+ { # homer
+ allowedIPs = [ "10.4.20.5/32" ];
+ presharedKeyFile = "${config.sops.secrets."wireguard/homer_psk".path}";
+ publicKey = "FBc2ZnypwHgjLQcZrwzPR35gax8JsXLa1ZcZy6iAc3Q=";
+ }
+ { # treebeard
+ allowedIPs = [ "10.4.20.6/32" ];
+ presharedKeyFile = "${config.sops.secrets."wireguard/treebeard_psk".path}";
+ publicKey = "aYh7q1QNmz6TLYx5OsZcyHQe45Dv0SyIOCtRp1NHDU8=";
+ }
+ { # lolli
+ allowedIPs = [ "10.4.20.7/32" ];
+ presharedKeyFile = "${config.sops.secrets."wireguard/lolli_psk".path}";
+ publicKey = "npt86Lt/f/9J3qS6u6C0X1MFHIONaA5PKE6lzwwUxTc=";
+ }
+ { # timetrad
+ allowedIPs = [ "10.4.20.8/32" ];
+ presharedKeyFile = "${config.sops.secrets."wireguard/timetrad_psk".path}";
+ publicKey = "/lWCEMGRIr3Gl/3GQYuweAKylhH5H2KqamiXeocYFVM=";
+ }
+ { # ginaz
+ allowedIPs = [ "10.4.20.254/32" ];
+ presharedKeyFile = "${config.sops.secrets."wireguard/ginaz_psk".path}";
+ publicKey = "GuE9PVeS0IDTcaBxOSJmKlvEx2xflxwVGOU+uM0HhBk=";
+ }
+ ];
+ privateKeyFile = "${config.sops.secrets."wireguard/arrakis_key".path}";
+ };
+ };
wireless = {
enable = true;
networks = {
@@ -70,7 +121,7 @@
pskRaw = "ext:psk_crystal_palace";
};
};
- secretsFile = "/run/secrets/wpa_supplicant";
+ secretsFile = "${config.sops.secrets."wpa_supplicant".path}";
};
};
@@ -83,6 +134,15 @@
secrets = {
"nftables/ssh" = {};
+ "wireguard/arrakis_key" = {};
+ "wireguard/black-sheep_psk" = {};
+ "wireguard/ginaz_psk" = {};
+ "wireguard/homer_psk" = {};
+ "wireguard/lilnasx_psk" = {};
+ "wireguard/lolli_psk" = {};
+ "wireguard/ramped_psk" = {};
+ "wireguard/timetrad_psk" = {};
+ "wireguard/treebeard_psk" = {};
"wpa_supplicant" = {};
};
};
diff --git a/hosts/secrets/arrakis.yaml b/hosts/secrets/arrakis.yaml
index 54fb561..57cb20d 100644
--- a/hosts/secrets/arrakis.yaml
+++ b/hosts/secrets/arrakis.yaml
@@ -1,5 +1,15 @@
nftables:
ssh: ENC[AES256_GCM,data:7XB18w9GPsqxT3MOjfxOyYIjgDZoPzWhKTJIGkhcRGXpf68OekCA0Jv3v5g81pxYNHQz5ky1//T5eEEhskBNT1dalScYXMm90CUOlYKHF975SW46p9ht357vUHngxnu4/Dh36Zmn7u4CMxUIeYsVXXVqujCFH+Ypuy7702hwyNJWa/u5Ik8rlsMMtO8aO+31xMf8MaCGVghDzXqXWaV9FJuuH69TJW0tW1Td2QD9yaMkH1kVSRXYi34Zbgcmf6MzGtWkytexjLqejegFUZ/7D6vQrGQIwYkTmtBvqlf0UUOKkZzXRp9e0ScWNnGJKbQSMes1ablDzwcuTzF6HS04Aykf0/CN8k71PxojWdd8HJEEKp1rL2CFW8LB/7CY8MD5zP4JcUilNiyzaFFQU93BRPg+7T6Dhk+qNIYCRaG/xLxzi4SxVSfMhI++/JwhOFatk9hOs3z8d4JgvMgTN0gKZJftt17CJMlAq3iDNvQC8aiIVaGHKoCSDUBBGS4zI75b8AcWRcSUNTixWnCx89KBBzQYTy4h3ZO0n6SsQvKyKdPWcVpnQtRqcToEJcCwvdwZXW3RfuRutmJb19yxIIagKEqWVYvgxIEZ19aV6HLJwUEnP761VsnskTVXbdPIctl4H5Mdg++K919ZVNZ56I0sE3c4TKukVsT+bn84ymoF/BUO+yvszptiCtpoJMLM/MPBbDT+3HB/rdi3gZKi1/MS3uj9cDTQJa6HeXd0PxxRXrBZnMJouUhMdrfVeUdLRpzZbVEcL7BYy3IBWAT5UUsJ+UrkOgK9nySe0NQ27gxSpooOIaxg8QRH0KB5p6hn2cwIHXT6GqbWdxE9T0G3hQmAvab7xpPA0oDRW4jb236vzBvBt7dWlw3QxRZXClaa2f1tYY7e499xQ+KqgC/zaBHJy74dStbc+aVQQwUyy8PqQ3OkaKL4uAsJHbjNmomTtt4OLwWfJvPY1QprfrbyXpFF5hNupi7aiItluKVpTvw+Sou7N1gmcNsbYunVJC6MMN7TGw+YL9kQ6h+5hDnyOt3sa31mZpIU95+PV6vpdxxkT1NC/HskJDPfcnoYnVj7PuyaRij2yRdmL+o6bN1NhEGl6dDuGy3gW5wos03bb9voMlhStuxrvRjUr/db3U1Z1O5winpWyRsDxkZR2EA4MweNbkWSS3FrZkuY1pYJd2RClrUIfuviB9gBXwntkaD06NJlXYlHr989cWuqrxIJ+tjHwThwozQ8knYs+Aa8bIFiw6BoBeOxl2d4QHml+4LmuWxaRSx4RLprgXCvJewqClbxk+4oyW5NqXxtXIHCQawCW+Z8my9j1hfNgM6Ct4L3hH0IRE2wZML3URRlkPI/FpvjitR0IauPl090mQa/kSfAjd0pcdJy37garUh9xIxkwmoyF6i2lmb3KSrK9G0rYmVMYIM2BVFTICr7yEguX/azw8uSLNdjENZ0D8bLvFhjoYrBf2WryqPrvtwh8nH2Q6XBGvPMgO2Aj9x0UgxVoHFrFi1qsoKqJpDrrIGGqYMKDS+m3VorQ3DAoCOMS6A739rOzjxFvi6ZtA03v1W4bDtldmydiMYpBEIA+ZVw0+1NwsSq+vEEIuyhiA05ev8KrexFyixmMvmqS2iGoJ/0MqpYPDnXwbQS66HY+ipn3Ds0RyZdH1cQEgi89p77nb6tjMLBRdsvkoVGwXQqVsmbMbtDsBX8wyzc5GMjG5oY5nO0FQcnudQuA3BBHWFL4Q+eaPGDx27s9sQxKBRaPfMgBBMV63/nmAcSYaqN8S4lVHWrpZvUCxehZ+5rx5tmI0625JODfN0GWK/ef0XRGNBW1I1KZAw3XmhAo+a0jaWTMaQz++JuV0MpVD8/xViOMBQdNHlBoWyUb9ArdkF2gzjOsWW1zeAFT+KPVPFXu/fQ1ZTN4aUnomC2uLpfKBYkQp1qkXx+BNAWFfzEmv6BJbtJaT432S7KnRJTCyQVyATlnMI1hOgkZO+y1OTXguhy4OBbxjmkib3OpUt0yLGI4cb1s8JtA1T4ZDlK6u70+rE1AlYtRAc3OotAhbOv9Uo071Pr8CA6eCzAt4Y/gGcss/AJ7LB0rG4OCXw/N+ic5N9n0YGn3Zp2XRqheLVWrgZiuN7gj+rORS3EpLUb6JnkanXWM5dAY/gWbRd8+iF7cCRCtnkaARp9Uch77SntUdllX+AGIMnRtcAU1cYkEBzKsDLF0PPZQzPXE4z5cRH7rnDSTLixATHS70vwGkBOe7NukiXBVzK7GBCXP1nzJevb7BeeUg9rDcsCxyejoc7YA8+pczMNxl4wjx3H2/x+JhMWrYcZQdhi8Vzaeoz0ulW8xZ6tO4JhLPA/Cb66B0tq9Za6f+uaJOIfqnl0xem6Rif2qUiKkSAZ4rN/2j8pRj9BMXCvKSttvG6hTTaprCe9Jn9rGi84rnIwZmN98C9KyHaTeKPC2NC4ooCsxOZtpeCCXNfFhqDVGL15NhwCravL/8pKf9bFhKW8DOkZRPy7jWtCCfIu0kkuZUkBLfT1lQ6eXKB6P6sC04IgBPV8Euw3woPOgGkJXCfLnxLljgvn70P3VQ==,iv:OnEBPu/havLABMuANjiKMEmhPX2tk/PlyDY0FwvQnsI=,tag:Qny6XbCXMhAr1AjZjr0ucw==,type:str]
+wireguard:
+ arrakis_key: ENC[AES256_GCM,data:jJxltF+jMKMchavpXWKGFmFI3K/Qkgmroc68nUzYL71kKR+WFMPUzDjXW0Y=,iv:RESrP6zChCIMeDn65mu7ULvfeT5QRRX76TdyOAjE/fw=,tag:0QXp38YwTJZS8phv9ObrhQ==,type:str]
+ black-sheep_psk: ENC[AES256_GCM,data:ZBR7CQJLBltt9lTeN16SUte0xt90oVoJfvWrdF8gVAPQgvGIp/t3i5L2+eA=,iv:ilqCFzHhjgxU7FRcj0Ymi/t53NPt8QMJD56azsNQMe4=,tag:i4TIQryxzJpGaM8KGCVXQA==,type:str]
+ ginaz_psk: ENC[AES256_GCM,data:Iy/jyCcXl5VnSArA+Uazww/refw+Flopi2CnUgXyB/lnL6ykqawztK6KSBU=,iv:rB9eeMXqa+ZptLenJs/x9yffu4s10YwI11A1EPUHY54=,tag:1rw8SyfXyKA9IW3SUfYbTg==,type:str]
+ homer_psk: ENC[AES256_GCM,data:JaUJEWlcEhWeT+g5J+ysQ7rHFW8bxyDiciqrwL4JH493fQNCBnIkfJXtjfg=,iv:l95W7lVeBZhS2YwWN8biyFHBlAUwP7+DrSOVAhowC+I=,tag:q+wDpSGlT3nb+88yYMNzhQ==,type:str]
+ lilnasx_psk: ENC[AES256_GCM,data:wssUtPGQfs2Gt63Iq+QD7nQsAaua/OP0tcTmxlWFPTjPF3PzU2Y8m/76B3w=,iv:1jSwB0XkC+Gcn2JRNcaGd3hhJebmdfaF1N6PNDEdkSU=,tag:GVigw9hi66q2+q06g+WumA==,type:str]
+ lolli_psk: ENC[AES256_GCM,data:Qfwx/B44ptl/Rd2WzA1TN9ueCODooWUaDmOPfZLQ3F9NBDX/bdNebd0KS8M=,iv:YUWJg3OVcOA2v4XTxNUfmzNUXsgdrKxujde7xYIaQUg=,tag:UJU98dTeniaBjl/M0A9UuA==,type:str]
+ ramped_psk: ENC[AES256_GCM,data:TCeXW9SWFEq7H7YdEE4E7gLoMC8F4GwSPBtvh8Zv6OQ3Ni0LdZBH9IHmPT4=,iv:U33J1eusuCiC41zla2ieIFKzmmgL/TlkLmH/5El3u4s=,tag:Z4QzImR0T2XzdI26nlX+/Q==,type:str]
+ timetrad_psk: ENC[AES256_GCM,data:zAOHUlk6VJd+w6ePcDAPhpmPmlogwqUh5zhDpnW7cbXflIdLtFN9YQbOYtc=,iv:DpqIP+uTxRY7Dl0WwOvAr/dDFeARCVZKNKKKCrgOkYA=,tag:IP+nUZS3klUvHNzbgS4IjQ==,type:str]
+ treebeard_psk: ENC[AES256_GCM,data:EjzdD4siZfCkwd6pX82C2HP8I0avKjStv6fleURD2cPkGmBFDH//MLYcY/k=,iv:yCc+U3+kAzOroOxO04EKVrbuqr85Y8cZ343UN4s3nBg=,tag:r5piVnM+Q5+0HRRMpVwmSA==,type:str]
wpa_supplicant: ENC[AES256_GCM,data:HHs6g3qaaeinVGgteExQvhE0CEC94WjJ0tV7pyI=,iv:6F+DYHieaWWo+V1F9yjwWT7PcdiIpH48nv1SUrFHePk=,tag:cpimCP+YNmCI+t+wpuXwHg==,type:str]
sops:
kms: []
@@ -25,8 +35,8 @@ sops:
ejRLb2Vkd1B3QmxLSE1wUzgrazZJT0UKz1IQxYm7hagYtBsWTpk+f6/79ArRUgNL
MfhHMQAwuuXjBSmuFolyU3UoWnDYK6uGAv5nlTJxESqj5eQBafItSw==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2024-10-13T06:55:41Z"
- mac: ENC[AES256_GCM,data:71ifeYVwz7jt6Cv19MS2g9VYmQVhygEVAW5xLdblTAofUcNQsEO3JOJyhqICJqdU1nmy1/BlD0pM8hgyqLu96fL24b5N9uZb7S0B2hStlP7TOCot6UoX4Hmb5n2CRiKBgvdtDz86T4EOLfNXBPxSKr1W+mluSYtMJa+aNl0PXqA=,iv:EvwQkyyKybKDo1kMuzFb5FNs6ffoh9qnA3iiXLLyXMo=,tag:AmfdT6lxvbub3PvPKCAwsA==,type:str]
+ lastmodified: "2024-10-13T08:39:41Z"
+ mac: ENC[AES256_GCM,data:+MnJGp0Oi3eXCDgFa6Jl7v+U1X8iSvBTiZT/Et2O3Z5YKKSpjSyuOUp4wxvUKC1w7lwLCPil3TuanEmB5j9fCPFLd4vRqb1bwPy4x9AoJGCut1jDIT+ywSVjhN2jV4Mg1RbCXHRJN/QhSylXuBhDYIVF9mriGamY2ZiRra+Z7Is=,iv:STqOryc9DWJETRLYy6A1Z6DRdxK6/cDRurpmUYml3JU=,tag:rH+NLwBOiIoHc9HmzXthvA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1