From c034a10aefba194f7345a3984b30b2361e72c10a Mon Sep 17 00:00:00 2001 From: Adithya Nair Date: Tue, 10 Oct 2023 18:25:21 +0530 Subject: [PATCH] Revert "remove wireguard stuff" This reverts commit 9b8ec24c634efe5e0f1a22217e9665b79c297f7b. This reverts commit ec04addf62a3cd0e1a57385a49b5b687ddcbca35. --- hosts/rico2/network.nix | 1 + hosts/rico2/wireguard.nix | 23 +++++++++++++++++++++++ hosts/skipper/network.nix | 1 + hosts/skipper/persistence.nix | 1 + hosts/skipper/wireguard.nix | 23 +++++++++++++++++++++++ secrets.nix | Bin 1593 -> 2294 bytes 6 files changed, 49 insertions(+) create mode 100644 hosts/rico2/wireguard.nix create mode 100644 hosts/skipper/wireguard.nix diff --git a/hosts/rico2/network.nix b/hosts/rico2/network.nix index 6767bbe..960ada2 100644 --- a/hosts/rico2/network.nix +++ b/hosts/rico2/network.nix @@ -1,4 +1,5 @@ {lib, ...}: { + imports = [./wireguard.nix]; networking = { hostName = "Rico2"; useDHCP = lib.mkDefault false; diff --git a/hosts/rico2/wireguard.nix b/hosts/rico2/wireguard.nix new file mode 100644 index 0000000..f417e87 --- /dev/null +++ b/hosts/rico2/wireguard.nix @@ -0,0 +1,23 @@ +{ + config, + secrets, + ... +}: let + inherit (secrets.wireguard_config) peers; +in { + networking.wireguard = { + enable = true; + interfaces = { + wg0 = { + ips = peers."${config.networking.hostName}".allowedIPs; + privateKeyFile = "/etc/wireguard/private.key"; + generatePrivateKeyFile = true; + listenPort = 51820; + peers = with peers; [ + Proxy + Skipper + ]; + }; + }; + }; +} diff --git a/hosts/skipper/network.nix b/hosts/skipper/network.nix index 788fba3..80f6208 100644 --- a/hosts/skipper/network.nix +++ b/hosts/skipper/network.nix @@ -1,4 +1,5 @@ {lib, ...}: { + imports = [./wireguard.nix]; networking = { hostName = "Skipper"; networkmanager = { diff --git a/hosts/skipper/persistence.nix b/hosts/skipper/persistence.nix index c59e3cd..bde026b 100644 --- a/hosts/skipper/persistence.nix +++ b/hosts/skipper/persistence.nix @@ -5,6 +5,7 @@ _: { "/etc/secureboot" "/etc/ssh/keys" "/etc/systemd/nspawn" + "/etc/wireguard" "/root/.cache/nix" "/var/cache/apparmor" "/var/cache/fwupd" diff --git a/hosts/skipper/wireguard.nix b/hosts/skipper/wireguard.nix new file mode 100644 index 0000000..0e13f4d --- /dev/null +++ b/hosts/skipper/wireguard.nix @@ -0,0 +1,23 @@ +{ + config, + secrets, + ... +}: let + inherit (secrets.wireguard_config) peers; +in { + networking.wireguard = { + enable = true; + interfaces = { + wg0 = { + ips = peers."${config.networking.hostName}".allowedIPs; + privateKeyFile = "/etc/wireguard/private.key"; + generatePrivateKeyFile = true; + listenPort = 51820; + peers = with peers; [ + Proxy + Rico2 + ]; + }; + }; + }; +} diff --git a/secrets.nix b/secrets.nix index 3be8ef4634c5eaaffa799c710212d0a97a101248..1e7fda53ca51b4a687a3a84fe17785bde8f10685 100644 GIT binary patch literal 2294 zcmVDeop>cr|0>ynC%o~-+tWu7XGb&u*-MDY3 z5Q$^QO)>YCS#S63+LEC;(20?oWWtkyP_xmyxPfPrPnQ+LYs`g)rqgMWm`6EC(qev1 z75k1h?flhVGVGKw>t)-E*BlD*ke4-;nbZOOLaS0_c-@B2LyEhcw8X3t6jq-iiPQzZ zlio6mn{}VaC(c)HLjOOA$I;+C6&}R7cXtJz40ljx;*qNHl+G{9BFV5eB}=)}PT-~~SK9+7)WdquE)pFt$WAVwCfqMI%-ubk}~v0OCb8{OM% zY8Uq=RkO1l8scrl9nxJr%c<8&%irI4mU~Pt!0PWWL`Y(ltil;h9#8m)Skv8vo06kB zmacv%;Qh;}8*J@Ex|%9{m}PSv;B;vSYB>*W(!m)@g;1iV{<`|Himmqt4O}+vnh`L6UCZ_#UN)fsqAK0tI z9PUh$UuaA4X+_P<+!Vy0Z6e=DHu6Lg7%l+^?~cqQ5-aO(001(WgMg8*;_*lrXCs(> zT$*jcDF^sY0-HN59uhaBMHQrsvHA5g&mE*q5))tn`uzZ7V zBlUuh-S{VpMtMSS6aFR@2_J+HB{Zxx`25Y327FXAy8fMeBK{*)y=(%6w6Yr3ZfW!+DfYY z9$57pyN*a{o&nF<41VrNDgZ^Yj&QzvE811|>j+!gilN?CEclE8KU=V1hDAuZ1)c; zk+93#>TPt10P~oJZehM#1`_|Ml@FXXEi3h4Ql5-)WwDwWg}Bp3IqR#laf?Cn^x1}_ zjWMaovk|6It(<8ZGxJsy)3$(C)?ONc{TII-Gw(H(SF>*N5KctNCVwW4Jj;~fsZ9t| zZ>7<^uLv6SSMH6wwp-#+{KLYcsZ{^1)*;olhML-gQs}U4 z_}(ouCLHtAY)Ev~Clpds_%7x5kQl7yJ|TDVBZ@%J{aVhD+mzI>w-4IHpZ9? zUhr2{d$vJod*x3L0V?&7UH}ua)2B8!_8(>sRMK!X0tg=5K(=W&C1>@7&nS}7eg1{4 zLAHM>&9HnFo^g-7!bF9-_cxap0n9ax_bafV}Tg zSkZ@e1PkUo*T0K-}Ve<4H z9_RqVi2~i>O(a+RijLZbWafkHk0<~d3}2M#jZJ@lB#`dN3GY}sX68N zl;xJS;p$rhP0HaqqM>nM_Z-e;b|j^*=K9Y4JX;q7zD>7BuO50_;9pIJV_G!DJDNIuZVPnVd;55yUy7Coay0`~5^!`p?m{Fdu zTp+3QEjvV~NAH2;)<~M0MMcm#-U~d9>7Gu);&!h?^?~n}dJKrPo4zajQrnuhlgcLx zB;QMd?ts3H#eo00 zLBt*S1)VE@^hV&%3y`iWAD_9{0g QqPhaVob}GAWoD*z%H5}Np#T5? literal 1593 zcmV-92FCdSM@dveQdv+`0NdBLfS0n>y-!#F5w(F01_irb(o-GxB4V|z9+tv;G{HLSQZANZ)H5j4Vw6eB8iCC3^I=to%F|!kW zX@}K5vpSeg6@62r?SD6*Ln>qiHpM&rxurd7Uj-E+eIgfLz@lD}F)##*EdoicOqKxI z%Pj6M)5GG*#u_Ul6B#G%$u3s{!{e&9ORZJ_hncj~d~DVu?W-X?VSL|DEcQtoOg7ex z9_Subw+(7Lj zcfxLgFcf^s7HR*3m*CjOZ%kyR_;@YYrEo#9R307fkXuaoRH*-@v9t@N?UZ|^J~}Q@ z&6qHh$bjpY%+b#(;u&~Gh0m(WQ|74s7LFhL2tjlj6uhMk%ra<2_4Yn#Tl#?=8=xlL zjc68PKNUG|bNAG}i112MQ34jq3@6Yd1rpIEVYGliqccYZ4#xdGy%=yvU_s|XN1>g* zvaY%eqYIEHYhV6#e&wH&?6FU%Pu=MUn2;aunL`!t3Y-d@M!;==Z7 zhe!d56gCxbF|Hf$zGjegKUjI;z@t7gy_EToh)eyKz9ScPTT-F}2>AWsr82a!RPoVa zxBJz0tBH{6%B3YcAeIJ?U)vm4(z`Swm>~CSKs~4)`3w`QZMlR#qrgwUYlSRebW#2i zV=O%o0RZY7%kA>7 zN?4?BFxvvjYpSKLhc@VN-D8nU$o9{bTNv)jCiG=uzdZg!bD-|~v_{JX?AuXR8!>Agm_A{g4fK3t@{GR?dD#wH^LR5I4BvZ`d zD~g()h|Ze^7OU9+Q!Bu{s^I3T6VHy0QroH|;N*4F?l`T{_w&@#?Tm@R1<`#d!0Pv5 z_4MYGNrpzeFCrA9>9S9OVkw@G5yww93K$c(CSzNk_a7vrmy!?j+H((Zv_W2E0{!nu zXnvKZC>1=IL#7)>u<)x3m595z0cJR$I+D?$cPhGH5p)5Qt8Av@AmXo1i^Ly}ONhE0 zthfzQzS|9qfVpG2;Bry8Z$+UwUMqHMdL_MvA*g;9H*8WW{KlES1Y2LCci6 z{6Zz}%Cq{$G~0-zjw?+tw}Ad@C)rP!>Yz$IGjkuK%>cj=bYt)IDnjB#>$Nd6CdQtO1$;0r1<>-JfxPCpUS>J4s z6(aBzBl6Ncq2=!?RRL0BXDiBNyLz$VW$~e9gOl~!V@$A3xh0RUlu~gTrp5Fc1!C-J r8C8Kcrbtk<+)C&1d=mw@i;z!*PndYywdjsA?QdK~P;*G^o8mp~-xd}J