dadada/nix-config
dadada/nix-config
1
0
Fork 0
Code Issues 2 Pull requests 5 Projects Releases Packages Wiki Activity Actions

pruflas: connect hydra to proxy

Browse source
This commit is contained in:
Tim Schubert 2022-10-08 12:25:09 +02:00
parent 103d849791
commit a7a49bff68
Signed by: dadada
GPG key ID: EEB8D1CE62C4DFEA
4 changed files with 28 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

16
nixos/pruflas/configuration.nix
View file

@ -7,6 +7,7 @@ with lib;
let let
secretsPath = config.dadada.secrets.path; secretsPath = config.dadada.secrets.path;
wg0PrivKey = "${config.networking.hostName}-wg0-key"; wg0PrivKey = "${config.networking.hostName}-wg0-key";
wgHydraPrivKey = "${config.networking.hostName}-wg-hydra-key";
wg0PresharedKey = "${config.networking.hostName}-wg0-preshared-key"; wg0PresharedKey = "${config.networking.hostName}-wg0-preshared-key";
in in
{ {
@ -67,6 +68,8 @@ in
age.secrets.${wg0PrivKey}.file = "${secretsPath}/${wg0PrivKey}.age"; age.secrets.${wg0PrivKey}.file = "${secretsPath}/${wg0PrivKey}.age";
age.secrets.${wg0PresharedKey}.file = "${secretsPath}/${wg0PresharedKey}.age"; age.secrets.${wg0PresharedKey}.file = "${secretsPath}/${wg0PresharedKey}.age";
age.secrets.${wgHydraPrivKey}.file = "${secretsPath}/${wgHydraPrivKey}.age";
networking.wireguard = { networking.wireguard = {
enable = true; enable = true;
interfaces.uwupn = { interfaces.uwupn = {
@ -83,6 +86,19 @@ in
} }
]; ];
}; };
interfaces.hydra = {
allowedIPsAsRoutes = true;
privateKeyFile = config.age.secrets.${wgHydraPrivKey}.path;
ips = [ "10.3.3.3/32" ];
peers = [
{
publicKey = "KzL+PKlv4LktIqqTqC9Esw8dkSZN2qSn/vq76UHbOlY=";
allowedIPs = [ "10.3.3.1/32" ];
endpoint = "hydra.dadada.li:51235";
persistentKeepalive = 25;
}
];
};
}; };
networking.useDHCP = false; networking.useDHCP = false;

2
nixos/surgat/configuration.nix
View file

@ -110,7 +110,7 @@ in
peers = [ peers = [
{ {
publicKey = "CTKwL6+SJIqKXr1DIHejMDgjoxlWPaT78Pz3+JqcNlw="; publicKey = "MEFz5bbCtUX/v6pMwRf/H3q3Wo8dG1XwcKzJKXi4VGU=";
allowedIPs = [ "10.3.3.3/32" ]; allowedIPs = [ "10.3.3.3/32" ];
persistentKeepalive = 25; persistentKeepalive = 25;
} }

10
secrets/pruflas-wg-hydra-key.age Normal file
View file

@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 IXCPDQ 6+CrklvnvWtZDN5Z4rHu8tgyB2+TJtZqu2TbA4TuzBE
XmCvEAgEEL3z1gFqQ8r6pUuQTYWjhQK+ZsSWWMUZ6n4
-> ssh-ed25519 Otklkw B61xlgJCn+y0KsFH0wLTsD2L/sVBocuW2+hXfm+iAng
0aDLbZysdaynxHDVEAas9aUQqTN2nYCzM4Wm60YRda8
-> ]duY0-grease ZVwc .o`(
itvofJfdMKtJwMY8RclR6vNkAZgLUIS56Oi2Yvp+fgGzOhK2doc/MeX05HuU36kh
O6icXsIueao
--- 7IihWX7WhSQG5LSVdt/nq3JnKpiojHTKpNOgm+WVU4o
©?æüCƒ@Ã8haöL¢u1'6TN[4É<34>-  Å~*¢ð4 ØÏÿ²þKG—Ú«X´Ô'73²` k“r­HWÕ%P<>~ ¹–

1
secrets/secrets.nix
View file

@ -15,6 +15,7 @@ in
{ {
"pruflas-wg0-key.age".publicKeys = [ systems.pruflas dadada ]; "pruflas-wg0-key.age".publicKeys = [ systems.pruflas dadada ];
"pruflas-wg0-preshared-key.age".publicKeys = [ systems.pruflas dadada ]; "pruflas-wg0-preshared-key.age".publicKeys = [ systems.pruflas dadada ];
"pruflas-wg-hydra-key.age".publicKeys = [ systems.pruflas dadada ];
} // } //
backupSecrets "gorgon" // backupSecrets "gorgon" //
backupSecrets "ifrit" // backupSecrets "ifrit" //