From 74326d522a40fa3d2116c737f7e9321428d36ab2 Mon Sep 17 00:00:00 2001 From: yunfachi Date: Fri, 29 Dec 2023 07:53:05 +0000 Subject: [PATCH] feat: add wireguard configuration --- flake.lock | 15 ++++++++------- hosts/dekomori/config.nix | 1 + hosts/dekomori/secrets.nix | 6 +++--- hosts/dekomori/shared.nix | 26 +++++++++++++++++++++++++- hosts/mitama/shared.nix | 10 +++++++++- 5 files changed, 46 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 07fe6e1..2f40708 100644 --- a/flake.lock +++ b/flake.lock @@ -221,16 +221,17 @@ ] }, "locked": { - "dirtyRev": "bbe78e8cb9c30fb4e93edf1dfef70b9bbc9646c1-dirty", - "dirtyShortRev": "bbe78e8-dirty", "lastModified": 1703792201, - "narHash": "sha256-pX09IgaUW7VYGzB6IzQHR42ieBEN+mb/qbtDoT4/KE4=", - "type": "git", - "url": "file:///home/yunfachi/git/nixpkgs-yunfachi" + "narHash": "sha256-EVXt/1gJ4kc8Dor1hE21Hd2ve1EhwK5QRzWurJXrqm8=", + "owner": "yunfachi", + "repo": "nixpkgs-yunfachi", + "rev": "7d239e8a906009f0ed758bd4011bbefea010dfa5", + "type": "github" }, "original": { - "type": "git", - "url": "file:///home/yunfachi/git/nixpkgs-yunfachi" + "owner": "yunfachi", + "repo": "nixpkgs-yunfachi", + "type": "github" } }, "pre-commit-hooks": { diff --git a/hosts/dekomori/config.nix b/hosts/dekomori/config.nix index 6308883..67ada02 100644 --- a/hosts/dekomori/config.nix +++ b/hosts/dekomori/config.nix @@ -3,5 +3,6 @@ type = "server"; archisteamfarm.enable = true; boot.mode = "legacy"; + wireguard.enable = true; }; } diff --git a/hosts/dekomori/secrets.nix b/hosts/dekomori/secrets.nix index c6fe97e..b2c134f 100644 --- a/hosts/dekomori/secrets.nix +++ b/hosts/dekomori/secrets.nix @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:NwxCohtXJ3TqGETzAJ6JhugeM6/lAD0E6i4yBg5Y7elvkfbkcQA7qie3wHIDAZdWUrbaZoexMnZKPFzCncsdF5K15K0p986N8R0gMllBHxzQO8/smIGf2rY8LLAwR5zu67fERVFKBb82GQTmxLdluE55/Mdocz3aTZf9UvMzFjEb5PHmCrJPWDyWadLy/qJ8rGKzW25TYVmzkdNVH7OomEW0Ty2YjrXezfsIXtNLz9TMeL2fT/SCOULbn9h9PGvCVXgRD4mvaI0yPeXK4lmxAfOrGbpN/k+jcbMg40Xbr0L5J1dV9FwugnIIMRNLXA8RoDxh26ij2ICknN6i879Gmyc2FOVGCRNl2c9r8feRxFue1Hhx5RVMjJglHNryvFCETizxvTklb8BhhDYruKMKsMNNlvKiMmqC3uxFXk9T780HcIPI/dCx86KlkarOdvqTcNHn+MSOr4l6Grc7bPAkUoYdT84Q8Zp2iW05sXO+KkaswiEJAErUEpjpZzmDk9Ffplr1FPqINBJrRiYCNrFbkEVQhHmv6sFWr966TrhL7ZRmftCiw34zRT0wOv3uJeg8,iv:yWShiBSmUqGIn0K07KlW8qbAQBmx3wP4Ucomc1Hij7Y=,tag:FepmSSE9pq3FBvxnRs6Y7Q==,type:str]", + "data": "ENC[AES256_GCM,data:xvJkQts8MMHL82YbQcE9KJTF5iPibY77XA7hg7sKaCuhK5YvReRludXhFAl/yMWMn+z8lrEW25PbLhh8egxZOnt4Cis4D2ooy4qPHJeZO8jGWUnV2PGaM1CPJyc0PnD7I57z61MXL9p/u5DbdgHGW4/fGJxmSRF6y+j23pkt+ftbz/sCvYjHFFK8wYjH1ysjJxwi5gMEjpkEJlnrtDNBGunBOQ8Xz2znDV0Dy0X0j7qH2FDctuNJI0sDg2b8vCD1Ko2Ro/+CMxV19WoTijfXgEcqpTbdXZ4XrEhq4EuUinIaHtm2jQnhFNIebJJ6G3n5Awg2nEVpJOnLdWheNkbkG7nOJKTIfPkJv8gUTCuDJsTY2aUKQvop+l+Zpz9y2rf4zYlw0lSA2dWNot4DgVteg8izmH5w0oc8EmsMoRUkMnFgQ82HQTwKFYlrtCAyTwAcI2DzfxWZAzHgpqVRfWRKsroMNKQwxqp8Km/fRSUIR0iqDnhHULTMena+UzXtDJGpaxu6KTA1wtdp3BMdgKExRsch6fmy8ekiArL1FiRWoO+d42M/eTuaZsvIdXLHiVnQ,iv:HrVkTfcwxTAHJG+oHWiVP8WQd6NgiC2ggMTUjAzqYn8=,tag:cToAkZPArG4CR290eWtd0A==,type:str]", "sops": { "kms": null, "gcp_kms": null, @@ -11,8 +11,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGYjg5S0RsVUlBQngvQ2Rt\nZ2R4cW1sMHl0WWJoaTdKb1ppL0JhQ1hoTkQwClRmaW1pc25NODNLZ25XWGc5MlZE\nVG1zUmNSTTdLQmU3UFpSOXo0dCtwejQKLS0tIGZZUDlSbTdBSkcrOEQyU2JjOGRh\nOUN4VWRrRkpsK3B6aW9KY25uaGJZWE0K4DpDEQA/Re3AzCJK8xOY13MZC0L8PxWc\nodj2afo/uToZPZKpAyhudsRO5/O7xCD4RVaoNVmkS7Mz/P7LjHrUTg==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2023-12-28T19:32:46Z", - "mac": "ENC[AES256_GCM,data:56GYFdOurMjsjALZTLDYPsUTpwptW7Gsv/jq0T0d2D34DkHWSoTTgfKMhtbBaFldyjRV8RmLFiGfS+j4swi4jxCghS24He194Cvrj+dikjLvpRc+JBgdYQUl/mn45mHVvrzkFrM9XzVF7ebFqJjmN/SSuf++VSLQqnBDnQbwrHg=,iv:5cdPW+tU+6of8Ix9rC/ry7cS4C6sBz0qaEemJVNLGEs=,tag:6tCaHlD8Vx7roHOg52AAyQ==,type:str]", + "lastmodified": "2023-12-29T07:50:33Z", + "mac": "ENC[AES256_GCM,data:TLnhEXtzaN9hQ9sj8bI/z1KXEqUvXaXPQ6CE2SMC0uD+lXA5GXghtjD7s4u+G92/qBxHvyPqO+AZS91orrq1dYkZope6rIRIGPUp4OIougBgC91Nzo9kI0bE5+UPI6dEUheE/2FJzsVE8kaf1FOiMKQXTjcz5oxF+n8a/e9wnjA=,iv:pGN57/UDV+YptpAiBSd/f8FW4s0KZpERJg8P1F2L7ts=,tag:ZJnfnG7FylBbdpwn1hrtKg==,type:str]", "pgp": null, "unencrypted_suffix": "_unencrypted", "version": "3.7.3" diff --git a/hosts/dekomori/shared.nix b/hosts/dekomori/shared.nix index e3711d3..f0820a2 100644 --- a/hosts/dekomori/shared.nix +++ b/hosts/dekomori/shared.nix @@ -1,4 +1,28 @@ -{...}: { +{secrets, ...}: { yunfachi = { + wireguard = { + server = { + ip = secrets.yunfachi.wireguard.server.ip; + port = secrets.yunfachi.wireguard.server.port; + interface = "ens3"; + tunnel = "10.0.0.1"; + publicKey = secrets.yunfachi.wireguard.server.publicKey; + }; + + clients = { + "a52" = { + ip = "10.0.0.101"; + publicKey = secrets.yunfachi.wireguard.clients."a52".publicKey; + }; + "p11" = { + ip = "10.0.0.102"; + publicKey = secrets.yunfachi.wireguard.clients."p11".publicKey; + }; + "t12" = { + ip = "10.0.0.103"; + publicKey = secrets.yunfachi.wireguard.clients."t12".publicKey; + }; + }; + }; }; } diff --git a/hosts/mitama/shared.nix b/hosts/mitama/shared.nix index e3711d3..e253110 100644 --- a/hosts/mitama/shared.nix +++ b/hosts/mitama/shared.nix @@ -1,4 +1,12 @@ -{...}: { +{ + host, + secrets, + ... +}: { yunfachi = { + wireguard.clients."${host}" = { + ip = "10.0.0.2"; + publicKey = secrets.yunfachi.wireguard.clients."${host}".publicKey; + }; }; }