feat(wg-agb02): connecting to wireguard
This commit is contained in:
parent
891b02e96d
commit
af71fc1063
8 changed files with 79 additions and 2 deletions
|
@ -3,6 +3,8 @@
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
"${modulesPath}/installer/sd-card/sd-image-aarch64.nix"
|
"${modulesPath}/installer/sd-card/sd-image-aarch64.nix"
|
||||||
|
./secrets
|
||||||
|
./networking.nix
|
||||||
./users.nix
|
./users.nix
|
||||||
];
|
];
|
||||||
sdImage.compressImage = false;
|
sdImage.compressImage = false;
|
||||||
|
|
47
machines/agb02/networking.nix
Normal file
47
machines/agb02/networking.nix
Normal file
|
@ -0,0 +1,47 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
systemd.network = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
networks = {
|
||||||
|
"50-wg0" = {
|
||||||
|
name = "wg0";
|
||||||
|
address = [
|
||||||
|
"10.10.10.6/24"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
netdevs = {
|
||||||
|
"50-wg0" = {
|
||||||
|
netdevConfig = {
|
||||||
|
Name = "wg0";
|
||||||
|
Kind = "wireguard";
|
||||||
|
};
|
||||||
|
wireguardConfig.PrivateKeyFile = config.age.secrets."wg".path;
|
||||||
|
|
||||||
|
wireguardPeers = [
|
||||||
|
{
|
||||||
|
AllowedIPs = [
|
||||||
|
"10.10.10.0/24"
|
||||||
|
];
|
||||||
|
PublicKey = lib.trim (builtins.readFile ../../wg-keys/hackens-org.pub);
|
||||||
|
Endpoint = "129.199.129.76:1194";
|
||||||
|
PersistentKeepalive = 5;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
networking = {
|
||||||
|
nameservers = [
|
||||||
|
"2620:fe::fe"
|
||||||
|
"2620:fe::9"
|
||||||
|
"9.9.9.9"
|
||||||
|
"149.112.112.112"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
11
machines/agb02/secrets/default.nix
Normal file
11
machines/agb02/secrets/default.nix
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
{
|
||||||
|
pkgs,
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
age.secrets."wg" = {
|
||||||
|
file = ./wg.age;
|
||||||
|
owner = "systemd-network";
|
||||||
|
};
|
||||||
|
}
|
8
machines/agb02/secrets/secrets.nix
Normal file
8
machines/agb02/secrets/secrets.nix
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
let
|
||||||
|
lib = (import <nixpkgs> {}).lib;
|
||||||
|
readPubkeys = user:
|
||||||
|
builtins.filter (k: k != "") (lib.splitString "\n"
|
||||||
|
(builtins.readFile (../../../pubkeys + "/${user}.keys")));
|
||||||
|
in {
|
||||||
|
"wg.age".publicKeys = (readPubkeys "catvayor") ++ (readPubkeys "sinavir") ++ (readPubkeys "agb02");
|
||||||
|
}
|
BIN
machines/agb02/secrets/wg.age
Normal file
BIN
machines/agb02/secrets/wg.age
Normal file
Binary file not shown.
|
@ -51,11 +51,18 @@
|
||||||
PublicKey = lib.trim (builtins.readFile ../../wg-keys/hackens-milieu.pub);
|
PublicKey = lib.trim (builtins.readFile ../../wg-keys/hackens-milieu.pub);
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
# bakham (AGB)
|
# agb01
|
||||||
AllowedIPs = [
|
AllowedIPs = [
|
||||||
"10.10.10.5/32"
|
"10.10.10.5/32"
|
||||||
];
|
];
|
||||||
PublicKey = "JpUHFiavhlQfiHfOdUffQP3HLLeStttheACCaqlXAF8=";
|
PublicKey = lib.trim (builtins.readFile ../../wg-keys/agb01.pub);
|
||||||
|
}
|
||||||
|
{
|
||||||
|
# agb02
|
||||||
|
AllowedIPs = [
|
||||||
|
"10.10.10.6/32"
|
||||||
|
];
|
||||||
|
PublicKey = lib.trim (builtins.readFile ../../wg-keys/agb02.pub);
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
# soyouzpanda
|
# soyouzpanda
|
||||||
|
|
1
pubkeys/agb02.keys
Normal file
1
pubkeys/agb02.keys
Normal file
|
@ -0,0 +1 @@
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM9857OPKpc9JfsoXSFXjV5gFIU60vWLRkMncYrgDyj3 root@agb02
|
1
wg-keys/agb02.pub
Normal file
1
wg-keys/agb02.pub
Normal file
|
@ -0,0 +1 @@
|
||||||
|
CGdgPLO9HbrOawLJFl8YENbf55ECZSVQp5JBlRjokCA=
|
Loading…
Reference in a new issue