all: refactor host specific secrets
This commit is contained in:
parent
95c3317490
commit
5a8b7d4c74
GPG key ID:
B8857BFBA2C47B9C
5 changed files with 22 additions and 20 deletions
|
|
@ -14,26 +14,6 @@
|
||||||
group = config.users.users.root.group;
|
group = config.users.users.root.group;
|
||||||
neededForUsers = true;
|
neededForUsers = true;
|
||||||
};
|
};
|
||||||
"wireguard/psk/skipper" = {
|
|
||||||
mode = "400";
|
|
||||||
owner = config.users.users.root.name;
|
|
||||||
group = config.users.users.root.group;
|
|
||||||
};
|
|
||||||
"wireguard/psk/rico0" = {
|
|
||||||
mode = "400";
|
|
||||||
owner = config.users.users.root.name;
|
|
||||||
group = config.users.users.root.group;
|
|
||||||
};
|
|
||||||
"wireguard/psk/rico1" = {
|
|
||||||
mode = "400";
|
|
||||||
owner = config.users.users.root.name;
|
|
||||||
group = config.users.users.root.group;
|
|
||||||
};
|
|
||||||
"wireguard/psk/rico2" = {
|
|
||||||
mode = "400";
|
|
||||||
owner = config.users.users.root.name;
|
|
||||||
group = config.users.users.root.group;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,10 @@
|
||||||
{ config, ... }: {
|
{ config, ... }: {
|
||||||
|
sops.secrets."wireguard/psk/rico0" = {
|
||||||
|
mode = "400";
|
||||||
|
owner = config.users.users.root.name;
|
||||||
|
group = config.users.users.root.group;
|
||||||
|
};
|
||||||
|
|
||||||
networking.firewall.trustedInterfaces = [ "wg0" ];
|
networking.firewall.trustedInterfaces = [ "wg0" ];
|
||||||
networking.wireguard = {
|
networking.wireguard = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,10 @@
|
||||||
{ config, ... }: {
|
{ config, ... }: {
|
||||||
|
sops.secrets."wireguard/psk/rico1" = {
|
||||||
|
mode = "400";
|
||||||
|
owner = config.users.users.root.name;
|
||||||
|
group = config.users.users.root.group;
|
||||||
|
};
|
||||||
|
|
||||||
networking.firewall.trustedInterfaces = [ "wg0" ];
|
networking.firewall.trustedInterfaces = [ "wg0" ];
|
||||||
networking.wireguard = {
|
networking.wireguard = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,9 @@
|
||||||
{ config, ... }: {
|
{ config, ... }: {
|
||||||
|
sops.secrets."wireguard/psk/rico2" = {
|
||||||
|
mode = "400";
|
||||||
|
owner = config.users.users.root.name;
|
||||||
|
group = config.users.users.root.group;
|
||||||
|
};
|
||||||
networking.firewall.trustedInterfaces = [ "wg0" ];
|
networking.firewall.trustedInterfaces = [ "wg0" ];
|
||||||
networking.wireguard = {
|
networking.wireguard = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,9 @@
|
||||||
{ config, ... }: {
|
{ config, ... }: {
|
||||||
|
sops.secrets."wireguard/psk/skipper" = {
|
||||||
|
mode = "400";
|
||||||
|
owner = config.users.users.root.name;
|
||||||
|
group = config.users.users.root.group;
|
||||||
|
};
|
||||||
networking.firewall.trustedInterfaces = [ "wg0" ];
|
networking.firewall.trustedInterfaces = [ "wg0" ];
|
||||||
networking.wireguard = {
|
networking.wireguard = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue