diff --git a/flake.nix b/flake.nix index 1e52b1b..01706b7 100644 --- a/flake.nix +++ b/flake.nix @@ -83,6 +83,7 @@ lanzaboote.nixosModules.lanzaboote impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager + self.nixosModules.default ./common ./hosts/skipper ./home @@ -129,9 +130,9 @@ } lix-module.nixosModules.default sops-nix.nixosModules.sops + self.nixosModules.default ./common ./hosts/rico1 - self.nixosModules.default ]; }; Rico2 = diff --git a/hosts/rico0/wireguard.nix b/hosts/rico0/wireguard.nix index 73a2c15..0c8b568 100644 --- a/hosts/rico0/wireguard.nix +++ b/hosts/rico0/wireguard.nix @@ -1,4 +1,6 @@ { config, ... }: { + imports = [ ../shared/wireguard.nix ]; + sops.secrets = { "wireguard/rico0/pk" = { mode = "400"; @@ -12,31 +14,14 @@ }; }; - networking.firewall.trustedInterfaces = [ "wg0" ]; - networking.wireguard = { + nodeconfig.wireguard = { enable = true; - interfaces = { - wg0 = { - ips = [ - "10.10.10.10/24" - "fd7c:585c:c4ae::10/64" - ]; - listenPort = 51830; - privateKeyFile = config.sops.secrets."wireguard/rico0/pk".path; - peers = [ - { - name = "Proxy"; - endpoint = "165.232.180.97:51821"; - publicKey = "NNw/iDMCTq8mpHncrecEh4UlvtINX/UUDtCJf2ToFR4="; - presharedKeyFile = config.sops.secrets."wireguard/rico0/psk".path; - persistentKeepalive = 20; - allowedIPs = [ - "10.10.10.0/24" - "fd7c:585c:c4ae::0/64" - ]; - } - ]; - }; - }; + listen-port = 51830; + pk-file = config.sops.secrets."wireguard/rico0/pk".path; + psk-file = config.sops.secrets."wireguard/rico0/psk".path; + node-ips = [ + "10.10.10.10/24" + "fd7c:585c:c4ae::10/64" + ]; }; } diff --git a/hosts/rico1/wireguard.nix b/hosts/rico1/wireguard.nix index cc1a913..60044ef 100644 --- a/hosts/rico1/wireguard.nix +++ b/hosts/rico1/wireguard.nix @@ -1,4 +1,6 @@ { config, ... }: { + imports = [ ../shared/wireguard.nix ]; + sops.secrets = { "wireguard/rico1/pk" = { mode = "400"; @@ -12,31 +14,14 @@ }; }; - networking.firewall.trustedInterfaces = [ "wg0" ]; - networking.wireguard = { + nodeconfig.wireguard = { enable = true; - interfaces = { - wg0 = { - ips = [ - "10.10.10.11/24" - "fd7c:585c:c4ae::11/64" - ]; - listenPort = 51831; - privateKeyFile = config.sops.secrets."wireguard/rico1/pk".path; - peers = [ - { - name = "Proxy"; - endpoint = "165.232.180.97:51821"; - publicKey = "NNw/iDMCTq8mpHncrecEh4UlvtINX/UUDtCJf2ToFR4="; - presharedKeyFile = config.sops.secrets."wireguard/rico1/psk".path; - persistentKeepalive = 20; - allowedIPs = [ - "10.10.10.0/24" - "fd7c:585c:c4ae::0/64" - ]; - } - ]; - }; - }; + listen-port = 51831; + pk-file = config.sops.secrets."wireguard/rico1/pk".path; + psk-file = config.sops.secrets."wireguard/rico1/psk".path; + node-ips = [ + "10.10.10.11/24" + "fd7c:585c:c4ae::11/64" + ]; }; } diff --git a/hosts/rico2/wireguard.nix b/hosts/rico2/wireguard.nix index b65f71f..d2af87f 100644 --- a/hosts/rico2/wireguard.nix +++ b/hosts/rico2/wireguard.nix @@ -1,4 +1,6 @@ { config, ... }: { + imports = [ ../shared/wireguard.nix ]; + sops.secrets = { "wireguard/rico2/pk" = { mode = "400"; @@ -12,31 +14,14 @@ }; }; - networking.firewall.trustedInterfaces = [ "wg0" ]; - networking.wireguard = { + nodeconfig.wireguard = { enable = true; - interfaces = { - wg0 = { - ips = [ - "10.10.10.12/24" - "fd7c:585c:c4ae::12/64" - ]; - listenPort = 51832; - privateKeyFile = config.sops.secrets."wireguard/rico2/pk".path; - peers = [ - { - name = "Proxy"; - endpoint = "165.232.180.97:51821"; - publicKey = "NNw/iDMCTq8mpHncrecEh4UlvtINX/UUDtCJf2ToFR4="; - presharedKeyFile = config.sops.secrets."wireguard/rico2/psk".path; - persistentKeepalive = 20; - allowedIPs = [ - "10.10.10.0/24" - "fd7c:585c:c4ae::0/64" - ]; - } - ]; - }; - }; + listen-port = 51832; + pk-file = config.sops.secrets."wireguard/rico2/pk".path; + psk-file = config.sops.secrets."wireguard/rico2/psk".path; + node-ips = [ + "10.10.10.12/24" + "fd7c:585c:c4ae::12/64" + ]; }; } diff --git a/hosts/skipper/network/wireguard.nix b/hosts/skipper/network/wireguard.nix index 1e36c60..0bf0aee 100644 --- a/hosts/skipper/network/wireguard.nix +++ b/hosts/skipper/network/wireguard.nix @@ -1,4 +1,6 @@ { config, ... }: { + imports = [ ../../shared/wireguard.nix ]; + sops.secrets = { "wireguard/skipper/pk" = { mode = "400"; @@ -11,31 +13,15 @@ group = config.users.users.root.group; }; }; - networking.firewall.trustedInterfaces = [ "wg0" ]; - networking.wireguard = { + + nodeconfig.wireguard = { enable = true; - interfaces = { - wg0 = { - ips = [ - "10.10.10.2/24" - "fd7c:585c:c4ae::2/64" - ]; - listenPort = 51822; - privateKeyFile = config.sops.secrets."wireguard/skipper/pk".path; - peers = [ - { - name = "Proxy"; - endpoint = "165.232.180.97:51821"; - publicKey = "NNw/iDMCTq8mpHncrecEh4UlvtINX/UUDtCJf2ToFR4="; - presharedKeyFile = config.sops.secrets."wireguard/skipper/psk".path; - persistentKeepalive = 20; - allowedIPs = [ - "10.10.10.0/24" - "fd7c:585c:c4ae::0/64" - ]; - } - ]; - }; - }; + listen-port = 51822; + pk-file = config.sops.secrets."wireguard/skipper/pk".path; + psk-file = config.sops.secrets."wireguard/skipper/psk".path; + node-ips = [ + "10.10.10.2/24" + "fd7c:585c:c4ae::2/64" + ]; }; }