move wireguard keys and add to age

2025-02-18 18:57:32 -08:00 · 2024-07-21 13:07:07 -07:00 · 2024-07-21 13:07:07 -07:00 · 45d46be928
commit 45d46be928
parent 5d13a7aa05
7 changed files with 18 additions and 7 deletions
--- a/provision/age-secrets/secrets.nix
+++ b/provision/age-secrets/secrets.nix
@ -10,6 +10,8 @@ in
 {
  "git/github_personal.age".publicKeys = users ++ systems;
  "wireguard/kestrel.age".publicKeys = users ++ systems;
+  "wireguard/torus.age".publicKeys = systems;
+  "wireguard/bulwark.age".publicKeys = systems;
  "git/gitea-runner-1.age".publicKeys = systems;
  "nextcloud/password.age".publicKeys = systems;
 }
--- a/provision/age-secrets/wireguard/bulwark.age
+++ b/provision/age-secrets/wireguard/bulwark.age
@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 Fz/sQw yxwMTsp4T8/0jQd/epX7CixYs0lU1UsGZovNr5hlWhM
+XzKWVFgT131qf2jXfG3VP7n78vf7wySkj4ds6JZNguo
+-> ssh-ed25519 47GzQA rbcR3Scal1cbF5jkIvEVp0BnChrgrD6QTRVwAbKRv0o
+cUlM7OtA9TpiNOoM7LjMaiQIddHC6+bROBq9B7qGR64
+--- TxdiaR51NWXpRxklcJ2eIDJn/kDS7LqduNbB3Og6N+0
+eZ¹°æ¸€x<EFBFBD>wùNh<18>±_ŒüÇSÚ¯t°xÀ7ìä'L»›aÇbŽqÃÔ‘¾*MPÀWOÊ¾òÓ+Ýè%G¶r;Í7¢5bé¿k
--- a/provision/age-secrets/wireguard/torus.age
+++ b/provision/age-secrets/wireguard/torus.age
--- a/provision/hosts/bulwark/configuration.nix
+++ b/provision/hosts/bulwark/configuration.nix
@ -64,6 +64,9 @@
  environment.systemPackages = with pkgs; [
  ];

+  # host secrets
+  age.secrets."wireguard/bulwark".file = ../../age-secrets/wireguard/bulwark.age;
+
  # Enable modules
  modules = {
    desktop = {
--- a/provision/hosts/kestrel/configuration.nix
+++ b/provision/hosts/kestrel/configuration.nix
@ -71,6 +71,9 @@
      distrobox # Platform for creating and managing Linux distribution images.
  ];

+  # host secrets
+  age.secrets."wireguard/kestrel".file = ../../age-secrets/wireguard/kestrel.age;
+
  # Enable modules
  modules = {
    desktop = {
--- a/provision/hosts/torus/wireguard-server.nix
+++ b/provision/hosts/torus/wireguard-server.nix
@ -14,6 +14,8 @@
    allowedUDPPorts = [ 53 51820 ];
  };
    
+  age.secrets."wireguard/torus".file = ../../age-secrets/wireguard/torus.age;
+
  networking.wg-quick.interfaces = {
    # "wg0" is the network interface name. You can name the interface arbitrarily.
    wg0 = {
@ -22,7 +24,7 @@
      # The port that WireGuard listens to - recommended that this be changed from default
      listenPort = 51820;
      # Path to the server's private key
-      privateKeyFile = "/run/secrets/wireguard/torus";
+      privateKeyFile = "/run/agenix/wireguard/torus";
  
      # This allows the wireguard server to route your traffic to the internet and hence be like a VPN
      postUp = ''
--- a/provision/modules/system/secrets.nix
+++ b/provision/modules/system/secrets.nix
@ -15,11 +15,5 @@ in {
      owner = "${user}";
      group = "users";
    };
-
-    # wireguard secrets
-    age.secrets."wireguard/kestrel".file = ../../age-secrets/wireguard/kestrel.age;
-    #age.secrets."wireguard/bulwark".file = ../../age-secrets/wireguard/bulwark.age;
-    #age.secrets."wireguard/adjudicator".file = ../../age-secrets/wireguard/adjudicator.age;
-    #age.secrets."wireguard/torus".file = ../../age-secrets/wireguard/torus.age;
  };
 }