tstarr/dotfiles
1
0
Fork 0
mirror of https://github.com/starr-dusT/dotfiles.git synced 2025-02-19 19:27:31 -08:00
Code Issues Packages Projects Releases Wiki Activity

move wireguard keys and add to age

Browse Source
This commit is contained in:
Tyler Starr 2024-07-21 13:07:07 -07:00
parent 5d13a7aa05
commit 45d46be928
7 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
provision/age-secrets/secrets.nix
View File

@ -10,6 +10,8 @@ in
{ {
"git/github_personal.age".publicKeys = users ++ systems; "git/github_personal.age".publicKeys = users ++ systems;
"wireguard/kestrel.age".publicKeys = users ++ systems; "wireguard/kestrel.age".publicKeys = users ++ systems;
"wireguard/torus.age".publicKeys = systems;
"wireguard/bulwark.age".publicKeys = systems;
"git/gitea-runner-1.age".publicKeys = systems; "git/gitea-runner-1.age".publicKeys = systems;
"nextcloud/password.age".publicKeys = systems; "nextcloud/password.age".publicKeys = systems;
} }

7
provision/age-secrets/wireguard/bulwark.age Normal file
View File

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 Fz/sQw yxwMTsp4T8/0jQd/epX7CixYs0lU1UsGZovNr5hlWhM
XzKWVFgT131qf2jXfG3VP7n78vf7wySkj4ds6JZNguo
-> ssh-ed25519 47GzQA rbcR3Scal1cbF5jkIvEVp0BnChrgrD6QTRVwAbKRv0o
cUlM7OtA9TpiNOoM7LjMaiQIddHC6+bROBq9B7qGR64
--- TxdiaR51NWXpRxklcJ2eIDJn/kDS7LqduNbB3Og6N+0
eZ¹°æ¸€x<EFBFBD>wùNh<18>±_ŒüÇSÚ¯t°xÀ7ìä'L»aÇbŽqÃÔ¾*MPÀWOʾòÓ+Ýè%G¶r;Í7¢5bé¿k

BIN
provision/age-secrets/wireguard/torus.age Normal file
View File

Binary file not shown.

3
provision/hosts/bulwark/configuration.nix
View File

@ -64,6 +64,9 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
]; ];
# host secrets
age.secrets."wireguard/bulwark".file = ../../age-secrets/wireguard/bulwark.age;
# Enable modules # Enable modules
modules = { modules = {
desktop = { desktop = {

3
provision/hosts/kestrel/configuration.nix
View File

@ -71,6 +71,9 @@
distrobox # Platform for creating and managing Linux distribution images. distrobox # Platform for creating and managing Linux distribution images.
]; ];
# host secrets
age.secrets."wireguard/kestrel".file = ../../age-secrets/wireguard/kestrel.age;
# Enable modules # Enable modules
modules = { modules = {
desktop = { desktop = {

4
provision/hosts/torus/wireguard-server.nix
View File

@ -14,6 +14,8 @@
allowedUDPPorts = [ 53 51820 ]; allowedUDPPorts = [ 53 51820 ];
}; };
age.secrets."wireguard/torus".file = ../../age-secrets/wireguard/torus.age;
networking.wg-quick.interfaces = { networking.wg-quick.interfaces = {
# "wg0" is the network interface name. You can name the interface arbitrarily. # "wg0" is the network interface name. You can name the interface arbitrarily.
wg0 = { wg0 = {
@ -22,7 +24,7 @@
# The port that WireGuard listens to - recommended that this be changed from default # The port that WireGuard listens to - recommended that this be changed from default
listenPort = 51820; listenPort = 51820;
# Path to the server's private key # Path to the server's private key
privateKeyFile = "/run/secrets/wireguard/torus"; privateKeyFile = "/run/agenix/wireguard/torus";
# This allows the wireguard server to route your traffic to the internet and hence be like a VPN # This allows the wireguard server to route your traffic to the internet and hence be like a VPN
postUp = '' postUp = ''

6
provision/modules/system/secrets.nix
View File

@ -15,11 +15,5 @@ in {
owner = "${user}"; owner = "${user}";
group = "users"; group = "users";
}; };
# wireguard secrets
age.secrets."wireguard/kestrel".file = ../../age-secrets/wireguard/kestrel.age;
#age.secrets."wireguard/bulwark".file = ../../age-secrets/wireguard/bulwark.age;
#age.secrets."wireguard/adjudicator".file = ../../age-secrets/wireguard/adjudicator.age;
#age.secrets."wireguard/torus".file = ../../age-secrets/wireguard/torus.age;
}; };
} }