From feeb2dba3210a9ae5af9dcc0a5c781f9907e4a93 Mon Sep 17 00:00:00 2001 From: Adithya Nair Date: Sun, 30 Jun 2024 17:53:43 +0530 Subject: [PATCH] all: add wireguard secrets --- common/secrets.nix | 17 ++++++++++++++++- hosts/skipper/wireguard.nix | 2 +- secrets.yaml | 10 +++++++--- 3 files changed, 24 insertions(+), 5 deletions(-) diff --git a/common/secrets.nix b/common/secrets.nix index 668e749..64d8b3f 100644 --- a/common/secrets.nix +++ b/common/secrets.nix @@ -14,7 +14,22 @@ group = config.users.users.root.group; neededForUsers = true; }; - "wireguard/psk" = { + "wireguard/psk/skipper" = { + mode = "400"; + owner = config.users.users.root.name; + group = config.users.users.root.group; + }; + "wireguard/psk/rico0" = { + mode = "400"; + owner = config.users.users.root.name; + group = config.users.users.root.group; + }; + "wireguard/psk/rico1" = { + mode = "400"; + owner = config.users.users.root.name; + group = config.users.users.root.group; + }; + "wireguard/psk/rico2" = { mode = "400"; owner = config.users.users.root.name; group = config.users.users.root.group; diff --git a/hosts/skipper/wireguard.nix b/hosts/skipper/wireguard.nix index 27bea73..f42ce02 100644 --- a/hosts/skipper/wireguard.nix +++ b/hosts/skipper/wireguard.nix @@ -16,7 +16,7 @@ name = "Proxy"; endpoint = "165.232.180.97:51821"; publicKey = "NNw/iDMCTq8mpHncrecEh4UlvtINX/UUDtCJf2ToFR4="; - presharedKeyFile = config.sops.secrets."wireguard/psk".path; + presharedKeyFile = config.sops.secrets."wireguard/psk/skipper".path; persistentKeepalive = 20; allowedIPs = [ "10.10.10.0/24" diff --git a/secrets.yaml b/secrets.yaml index 8581dbc..d64bd08 100644 --- a/secrets.yaml +++ b/secrets.yaml @@ -2,7 +2,11 @@ passwd: root: ENC[AES256_GCM,data:sT8S6EgqlUTOj8wx/FWde1ht/LCfhnnJW8aLNR3IawGcjbWh+JCKnlQ/1FpuGuVF7Qm8qScRcl7FPUZPFpBtj9OJ3984S9DtFJachwSNEJ2TRU+9YdYB1WsXx9ZunMQcTLK9MIyWfIVzqw==,iv:1qfkkj3NMvS50Q84BtqYTiNIMVjdxPh1k52MudEK/5A=,tag:HUwaVYDwjKmnHhEIejnfxg==,type:str] adtya: ENC[AES256_GCM,data:xBr14ZVeblPbgO2YT+6DPrENsJElj+UkTJebv3/x0U/u+srx82G2Lloda5zZwVBIEc5f6ZPSS4Oko3dM2PW9KUNO7IjDa+Wsm5MQogSjGT+aNtjlub2PkVts5gp+TtCOd6bUQjnf95VXNQ==,iv:ytKVRBsQWJWwXn6DpCOTDYJOVI3N/KnWtyp/GkSs7UQ=,tag:zbPtMMH6MFE6LpBga5X1GQ==,type:str] wireguard: - psk: ENC[AES256_GCM,data:FYRtE7BAOLAnxj+S0kUZ9b6THxsJclpw22pdgmhbjbBBPWBJuEkXxcjm3CQ=,iv:Z6bgQwJDpAyF3eupUQmvjHZrxMSJrQyUYhsHaGEQRYs=,tag:+W4gBPrfsZjcUvUAx5AhYg==,type:str] + psk: + skipper: ENC[AES256_GCM,data:9C94ZSteiLH/C5Q3QC/amN5QI9bSj5/xO+ClbQesE+DLrnz5ROD9jVwj0/c=,iv:PBJ5Bj169EhxBvxVJELbxGCFeaEHtPNNEsBqBp2XWg4=,tag:VRVqoF1il0/kRvFLv99V6A==,type:str] + rico0: ENC[AES256_GCM,data:ITH8jg35ut9hBCvf2UQL3IYuGL6pEBMzlMUYxfB0VpoGVbEaZprIA4vXm78=,iv:gDDxXf7GpOil4ujTQx/a9nBfHmUH8rgn9gDhmQ15q8w=,tag:U392BI5N4trOZ+0MynKY4g==,type:str] + rico1: ENC[AES256_GCM,data:7aH6lvmUXGOxjxhauvJq5kW3lx8VxH2nhtEnJgIlNcrEltW2G+0Rk7X1lQw=,iv:+Z5FvzvSItfY5wY6Y0c4fUZDKEEd1/hX4KFJSerMmzs=,tag:A1hJThrO2job0e68j/JorA==,type:str] + rico2: ENC[AES256_GCM,data:WGpDzfIbZhBXWI6K7Ra1ntDkQiKLQEnfYVWd8uM58fMSLHxJztt6rjV4msA=,iv:eLMDXe7sWCqFS0mifaJeHCkOyOnXnQ8rOg5bW74os3k=,tag:GBA8eLpkoeY4nqHFc99k0g==,type:str] sops: kms: [] gcp_kms: [] @@ -54,8 +58,8 @@ sops: Yk9BeXR2dmdoYjJycGhFVFY2eU1BM0kKuYnQ88CjewMQ0JAs+H1/abBaWKldtSPm ZyZ0ibyH0PdTeXwPIyngkl0c2z1ge96ntS1/rH+6NcTdS8z8WvJ0nQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-06-27T16:53:21Z" - mac: ENC[AES256_GCM,data:pNp60XQOIITU0xFX3EkFVnbWywHjywwRyK6ud9RAnzcRFkJPgx5ZBZiNnSARu1LhpGY1k5PWrQ3/X1bpF60q5mDX2Tn0hr5qCksMKZ0RUIFtlVxeeepGnlqgMsG+4LFXA4IWn23fK3B8I5fQGtG0lzR+VvgzPfKa0xnr0hbd++s=,iv:ODaVMYF6FyRK8P2A22rLoWiHrdQlgiCvC7SkSye83GI=,tag:gGmZcd6wLMGWxFUAye0y9w==,type:str] + lastmodified: "2024-06-30T12:15:56Z" + mac: ENC[AES256_GCM,data:+Ir3XD2Pm1GLPXSd+xrWACDxmJjm+ZU1GQF3Jb1PyiKd4K4snvKcRTT8Esbxvef9Ge0hu5+id3d+jd4I6Kr/AXoZJ+UBCwzU9mQPPGhKKXxNufEEqFTxEBlFm9biSASwXLbdskQBoqln9g/qSl4D4AIvAqjrc77khr8SOY8XyZg=,iv:Hu8q8YhxKM/OhQWRCvFMQ3zZuwTOmOtgY3QeFrrnI9c=,tag:vi+K6ZWKlNM4taTDEaGlWQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1