dadada/nix-config
dadada/nix-config
1
0
Fork 0
Code Issues 2 Pull requests 5 Projects Releases Packages Wiki Activity Actions 1

add pruflas vpn

Browse source
This commit is contained in:
Tim Schubert 2022-10-07 19:18:48 +02:00
parent fda6dd5da2
commit 7f36dee66b
Signed by: dadada
GPG key ID: EEB8D1CE62C4DFEA
4 changed files with 53 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

31
nixos/pruflas/configuration.nix
View file

@ -3,7 +3,13 @@
, lib , lib
, ... , ...
}: }:
with lib; { with lib;
let
secretsPath = config.dadada.secrets.path;
wg0PrivKey = "${config.networking.hostName}-wg0-key";
wg0PresharedKey = "${config.networking.hostName}-wg0-preshared-key";
in
{
imports = [ ./hardware-configuration.nix ]; imports = [ ./hardware-configuration.nix ];
networking.hostName = "pruflas"; networking.hostName = "pruflas";
@ -46,6 +52,27 @@ with lib; {
bs.enable = true; bs.enable = true;
}; };
age.secrets.${wg0PrivKey}.file = "${secretsPath}/${wg0PrivKey}.age";
age.secrets.${wg0PresharedKey}.file = "${secretsPath}/${wg0PresharedKey}.age";
networking.wireguard = {
enable = true;
interfaces.uwupn = {
allowedIPsAsRoutes = true;
privateKeyFile = config.age.secrets.${wg0PrivKey}.path;
ips = [ "10.11.0.39/32" "fc00:1337:dead:beef::10.11.0.39/128" ];
peers = [
{
publicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8=";
allowedIPs = [ "10.11.0.0/22" "fc00:1337:dead:beef::10.11.0.0/118" "192.168.178.0/23" ];
endpoint = "53c70r.de:51820";
persistentKeepalive = 25;
presharedKeyFile = config.age.secrets.${wg0PresharedKey}.path;
}
];
};
};
networking.useDHCP = false; networking.useDHCP = false;
networking.interfaces."enp0s25".useDHCP = true; networking.interfaces."enp0s25".useDHCP = true;
@ -105,6 +132,8 @@ with lib; {
users.mutableUsers = true; users.mutableUsers = true;
dadada.networking.localResolver.enable = true; dadada.networking.localResolver.enable = true;
dadada.networking.localResolver.uwu = true;
dadada.networking.localResolver.s0 = true;
dadada.autoUpgrade.enable = mkDefault true; dadada.autoUpgrade.enable = mkDefault true;

9
secrets/pruflas-wg0-key.age Normal file
View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 IXCPDQ yZsU7q89HVxP6Ldup2noEaGy5+SzFzuMtA4/+4mQfUU
w1cM4NXL+M9RjRjuYswEWYhtiWPgjlJEdwm9wQ9GF5Q
-> ssh-ed25519 Otklkw O8jQnBDmaBnKLHU4nAIeRwkXE3ovdw7Y6vmZcmwqpUc
rM5wbfCSQhA0wxfRPVLB7dVl8L8aiB9eWhTX/ARV1YE
-> pJ-grease ~4C{og l_
pXTBa1xB/KJU5w
--- +w4Zc/+fVRky0Nzu0R9cc1MKAOgig1swtCLDrb6M4WM
³_Í LJ ´îŽî Õï ú²pÆB„´ûÓ$Ÿ£fÓx<>w}îAÕÎ6Þ¤6°P²Æ-{+öE±þÜ[FßÖaýWœ,ØÂ…Žl¶­Ž&

10
secrets/pruflas-wg0-preshared-key.age Normal file
View file

@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 IXCPDQ Q0ETN6DFshfo+YouSf/YWX7u8otnnAqZr/Y7qxCRiTI
5LVB4bzpysObZJkmJJw2kgE57lZKs2XA8BVSwS7y/VM
-> ssh-ed25519 Otklkw Lgo+x/ODCP6e3SHg2rZVNNLZkHCCT7YMC7MT0Fa4dHc
bX+Bja0SeGBzNQS3vUGj+GVDAYVTgyGQtPw5I0DWPdU
-> 7&'U\;\-grease ot 7f'PU3CA
O2UHtKXSTN5TrfVh7ROQ8x9YLynOFvrxK+1kSW42hGbTstOdhBAlNfKMdiIM4Itn
k7Jshx6UTqa8dF8QIw2cme0jFkF8JUioj7uQuusGBG/WZg
--- Wau438nNnP4srJ16gRGC/9jUdCB6TjBgxc2kZVRsvn0
´fÛ<>ð¯m7¬ºöÛã\ûÐVÚÚhðê¥ëMeöm¾^õ?EkfPû7ÔÄh¥ôäu]ÝnÅ+n.>†É<dOñ¡|Çn_k&»ÄÊ o

5
secrets/secrets.nix
View file

@ -12,7 +12,10 @@ let
"${hostName}-backup-ssh-key.age".publicKeys = [ systems.${hostName} dadada ]; "${hostName}-backup-ssh-key.age".publicKeys = [ systems.${hostName} dadada ];
}; };
in in
{ } // {
"pruflas-wg0-key.age".publicKeys = [ systems.pruflas dadada ];
"pruflas-wg0-preshared-key.age".publicKeys = [ systems.pruflas dadada ];
} //
backupSecrets "gorgon" // backupSecrets "gorgon" //
backupSecrets "ifrit" // backupSecrets "ifrit" //
backupSecrets "pruflas" // backupSecrets "pruflas" //