adtya/configuration.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

all: add wireguard secrets

Browse source
This commit is contained in:
Adithya 2024-06-30 17:53:43 +05:30
parent 0ee02ffe3d
commit feeb2dba32
Signed by: adtya
GPG key ID: B8857BFBA2C47B9C
3 changed files with 24 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
common/secrets.nix
View file

@ -14,7 +14,22 @@
group = config.users.users.root.group; group = config.users.users.root.group;
neededForUsers = true; neededForUsers = true;
}; };
"wireguard/psk" = { "wireguard/psk/skipper" = {
mode = "400";
owner = config.users.users.root.name;
group = config.users.users.root.group;
};
"wireguard/psk/rico0" = {
mode = "400";
owner = config.users.users.root.name;
group = config.users.users.root.group;
};
"wireguard/psk/rico1" = {
mode = "400";
owner = config.users.users.root.name;
group = config.users.users.root.group;
};
"wireguard/psk/rico2" = {
mode = "400"; mode = "400";
owner = config.users.users.root.name; owner = config.users.users.root.name;
group = config.users.users.root.group; group = config.users.users.root.group;

2
hosts/skipper/wireguard.nix
View file

@ -16,7 +16,7 @@
name = "Proxy"; name = "Proxy";
endpoint = "165.232.180.97:51821"; endpoint = "165.232.180.97:51821";
publicKey = "NNw/iDMCTq8mpHncrecEh4UlvtINX/UUDtCJf2ToFR4="; publicKey = "NNw/iDMCTq8mpHncrecEh4UlvtINX/UUDtCJf2ToFR4=";
presharedKeyFile = config.sops.secrets."wireguard/psk".path; presharedKeyFile = config.sops.secrets."wireguard/psk/skipper".path;
persistentKeepalive = 20; persistentKeepalive = 20;
allowedIPs = [ allowedIPs = [
"10.10.10.0/24" "10.10.10.0/24"

10
secrets.yaml
View file

@ -2,7 +2,11 @@ passwd:
root: ENC[AES256_GCM,data:sT8S6EgqlUTOj8wx/FWde1ht/LCfhnnJW8aLNR3IawGcjbWh+JCKnlQ/1FpuGuVF7Qm8qScRcl7FPUZPFpBtj9OJ3984S9DtFJachwSNEJ2TRU+9YdYB1WsXx9ZunMQcTLK9MIyWfIVzqw==,iv:1qfkkj3NMvS50Q84BtqYTiNIMVjdxPh1k52MudEK/5A=,tag:HUwaVYDwjKmnHhEIejnfxg==,type:str] root: ENC[AES256_GCM,data:sT8S6EgqlUTOj8wx/FWde1ht/LCfhnnJW8aLNR3IawGcjbWh+JCKnlQ/1FpuGuVF7Qm8qScRcl7FPUZPFpBtj9OJ3984S9DtFJachwSNEJ2TRU+9YdYB1WsXx9ZunMQcTLK9MIyWfIVzqw==,iv:1qfkkj3NMvS50Q84BtqYTiNIMVjdxPh1k52MudEK/5A=,tag:HUwaVYDwjKmnHhEIejnfxg==,type:str]
adtya: ENC[AES256_GCM,data:xBr14ZVeblPbgO2YT+6DPrENsJElj+UkTJebv3/x0U/u+srx82G2Lloda5zZwVBIEc5f6ZPSS4Oko3dM2PW9KUNO7IjDa+Wsm5MQogSjGT+aNtjlub2PkVts5gp+TtCOd6bUQjnf95VXNQ==,iv:ytKVRBsQWJWwXn6DpCOTDYJOVI3N/KnWtyp/GkSs7UQ=,tag:zbPtMMH6MFE6LpBga5X1GQ==,type:str] adtya: ENC[AES256_GCM,data:xBr14ZVeblPbgO2YT+6DPrENsJElj+UkTJebv3/x0U/u+srx82G2Lloda5zZwVBIEc5f6ZPSS4Oko3dM2PW9KUNO7IjDa+Wsm5MQogSjGT+aNtjlub2PkVts5gp+TtCOd6bUQjnf95VXNQ==,iv:ytKVRBsQWJWwXn6DpCOTDYJOVI3N/KnWtyp/GkSs7UQ=,tag:zbPtMMH6MFE6LpBga5X1GQ==,type:str]
wireguard: wireguard:
psk: ENC[AES256_GCM,data:FYRtE7BAOLAnxj+S0kUZ9b6THxsJclpw22pdgmhbjbBBPWBJuEkXxcjm3CQ=,iv:Z6bgQwJDpAyF3eupUQmvjHZrxMSJrQyUYhsHaGEQRYs=,tag:+W4gBPrfsZjcUvUAx5AhYg==,type:str] psk:
skipper: ENC[AES256_GCM,data:9C94ZSteiLH/C5Q3QC/amN5QI9bSj5/xO+ClbQesE+DLrnz5ROD9jVwj0/c=,iv:PBJ5Bj169EhxBvxVJELbxGCFeaEHtPNNEsBqBp2XWg4=,tag:VRVqoF1il0/kRvFLv99V6A==,type:str]
rico0: ENC[AES256_GCM,data:ITH8jg35ut9hBCvf2UQL3IYuGL6pEBMzlMUYxfB0VpoGVbEaZprIA4vXm78=,iv:gDDxXf7GpOil4ujTQx/a9nBfHmUH8rgn9gDhmQ15q8w=,tag:U392BI5N4trOZ+0MynKY4g==,type:str]
rico1: ENC[AES256_GCM,data:7aH6lvmUXGOxjxhauvJq5kW3lx8VxH2nhtEnJgIlNcrEltW2G+0Rk7X1lQw=,iv:+Z5FvzvSItfY5wY6Y0c4fUZDKEEd1/hX4KFJSerMmzs=,tag:A1hJThrO2job0e68j/JorA==,type:str]
rico2: ENC[AES256_GCM,data:WGpDzfIbZhBXWI6K7Ra1ntDkQiKLQEnfYVWd8uM58fMSLHxJztt6rjV4msA=,iv:eLMDXe7sWCqFS0mifaJeHCkOyOnXnQ8rOg5bW74os3k=,tag:GBA8eLpkoeY4nqHFc99k0g==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -54,8 +58,8 @@ sops:
Yk9BeXR2dmdoYjJycGhFVFY2eU1BM0kKuYnQ88CjewMQ0JAs+H1/abBaWKldtSPm Yk9BeXR2dmdoYjJycGhFVFY2eU1BM0kKuYnQ88CjewMQ0JAs+H1/abBaWKldtSPm
ZyZ0ibyH0PdTeXwPIyngkl0c2z1ge96ntS1/rH+6NcTdS8z8WvJ0nQ== ZyZ0ibyH0PdTeXwPIyngkl0c2z1ge96ntS1/rH+6NcTdS8z8WvJ0nQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-27T16:53:21Z" lastmodified: "2024-06-30T12:15:56Z"
mac: ENC[AES256_GCM,data:pNp60XQOIITU0xFX3EkFVnbWywHjywwRyK6ud9RAnzcRFkJPgx5ZBZiNnSARu1LhpGY1k5PWrQ3/X1bpF60q5mDX2Tn0hr5qCksMKZ0RUIFtlVxeeepGnlqgMsG+4LFXA4IWn23fK3B8I5fQGtG0lzR+VvgzPfKa0xnr0hbd++s=,iv:ODaVMYF6FyRK8P2A22rLoWiHrdQlgiCvC7SkSye83GI=,tag:gGmZcd6wLMGWxFUAye0y9w==,type:str] mac: ENC[AES256_GCM,data:+Ir3XD2Pm1GLPXSd+xrWACDxmJjm+ZU1GQF3Jb1PyiKd4K4snvKcRTT8Esbxvef9Ge0hu5+id3d+jd4I6Kr/AXoZJ+UBCwzU9mQPPGhKKXxNufEEqFTxEBlFm9biSASwXLbdskQBoqln9g/qSl4D4AIvAqjrc77khr8SOY8XyZg=,iv:Hu8q8YhxKM/OhQWRCvFMQ3zZuwTOmOtgY3QeFrrnI9c=,tag:vi+K6ZWKlNM4taTDEaGlWQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1