qenya/nixfiles
1
0
Fork 0
Code Issues 5 Pull requests Actions Activity

kalessin, kilgharrah: add to wireguard network

Browse source
This commit is contained in:
Katherina Walshe-Grey 2024-11-05 19:23:53 +00:00
parent 052b0c1c4f
commit b893da35be
8 changed files with 56 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
flake.lock
View file

@ -46,11 +46,11 @@
}, },
"birdsong": { "birdsong": {
"locked": { "locked": {
"lastModified": 1730826917, "lastModified": 1730833940,
"narHash": "sha256-KzpWqP+Cg0H2V036LgIHfuxnpVq2wZ+eGFjuXegRhLY=", "narHash": "sha256-rr2f5GAXLUY1XH2+Ow5Iju1mCmscAxY+tefnrzseDHA=",
"ref": "main", "ref": "main",
"rev": "8ca844c0d0ce3b8088c0a380ecdbf555015b0cd6", "rev": "b4e7b0ca3e466f3d211590ecc422bb74f61875e6",
"revCount": 9, "revCount": 10,
"type": "git", "type": "git",
"url": "https://git.qenya.tel/qenya/birdsong" "url": "https://git.qenya.tel/qenya/birdsong"
}, },

12
hosts/kalessin/networking.nix
View file

@ -3,4 +3,16 @@
{ {
networking.useNetworkd = true; networking.useNetworkd = true;
networking.interfaces.enp0s6.useDHCP = true; networking.interfaces.enp0s6.useDHCP = true;
age.secrets.wireguard-peer-kalessin = {
file = ../../secrets/wireguard-peer-kalessin.age;
owner = "root";
group = "systemd-network";
mode = "640";
};
birdsong.peering = {
enable = true;
privateKeyFile = config.age.secrets.wireguard-peer-kalessin.path;
};
} }

12
hosts/kilgharrah/networking.nix
View file

@ -13,5 +13,15 @@
linkConfig.RequiredForOnline = "routable"; linkConfig.RequiredForOnline = "routable";
}; };
systemd.services."systemd-networkd".environment.SYSTEMD_LOG_LEVEL = "debug"; age.secrets.wireguard-peer-kilgharrah = {
file = ../../secrets/wireguard-peer-kilgharrah.age;
owner = "root";
group = "systemd-network";
mode = "640";
};
birdsong.peering = {
enable = true;
privateKeyFile = config.age.secrets.wireguard-peer-kilgharrah.path;
};
} }

18
secrets.nix
View file

@ -1,22 +1,22 @@
let let
keys = import ./keys.nix; keys = import ./keys.nix;
commonKeys = keys.users.qenya;
secrets = with keys; { secrets = with keys; {
ftp-userDb-qenya = [ machines.kilgharrah ]; ftp-userDb-qenya = [ machines.kilgharrah ] ++ keys.users.qenya;
user-password-kilgharrah-qenya = [ machines.kilgharrah ]; user-password-kilgharrah-qenya = [ machines.kilgharrah ] ++ keys.users.qenya;
user-password-tohru-qenya = [ machines.tohru ]; user-password-tohru-qenya = [ machines.tohru ] ++ keys.users.qenya;
wireguard-peer-orm = [ machines.orm ]; wireguard-peer-orm = [ machines.orm ] ++ keys.users.qenya;
wireguard-peer-tohru = [ machines.tohru ]; wireguard-peer-tohru = [ machines.tohru ] ++ keys.users.qenya;
wireguard-peer-yevaud = [ machines.yevaud ]; wireguard-peer-yevaud = [ machines.yevaud ] ++ keys.users.qenya;
wireguard-peer-kalessin = [ machines.kalessin ] ++ keys.users.qenya;
wireguard-peer-kilgharrah = [ machines.kilgharrah ] ++ keys.users.qenya;
}; };
in in
builtins.listToAttrs ( builtins.listToAttrs (
map map
(secretName: { (secretName: {
name = "secrets/${secretName}.age"; name = "secrets/${secretName}.age";
value.publicKeys = secrets."${secretName}" ++ commonKeys; value.publicKeys = secrets."${secretName}";
}) })
(builtins.attrNames secrets) (builtins.attrNames secrets)
) )

9
secrets/wireguard-peer-kalessin.age Normal file
View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 QjA8rQ 4HpAnWjvN7TUVp09LXeFsbO7Tgm8nSJoVgvOPGrykRA
QV3ye1ZhE+KQxll64Wrrx0MJ5F6KNDJHW6Ux+a9p/g0
-> ssh-ed25519 seJ9Iw g3lmpwfxc0578ivMnWhCkfjPXzUQJiiAKNkHKYwb/Wg
pce/B/UKdTyeucDTZaDkE7uMt68et597ERCVC1IWp1Q
-> ssh-ed25519 900ILw t8DWkRgXsF1GGzx0qYK7IBuT3j/AB/E0zJ5cadoL8wY
dCEsWHC5W3bSK2FaCtNHHm5gzZYUH0AIdyZUVqelE1g
--- LW82V25epOMftLlIvwqUx0K+coP1gG+Xiz6GXBoyD5E
wõGÀŒVðŠc€}~÷$ô9Ô¨>Ãi°“ÀŽ°Ó”Œ&(¾ªÄð<C384>˜°xÓíÐaŒß¿ü¸þ.Éæò%=ß3ûoÙäÛ^À²

1
secrets/wireguard-peer-kalessin.pub Normal file
View file

@ -0,0 +1 @@
9vyIoXuu1UVjV+aFeuX9LoHRBeAAsiHbrLmYQY4nsQQ=

9
secrets/wireguard-peer-kilgharrah.age Normal file
View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 5PK5ag vCFLl0+KdLDdogU+r2wfwz0UiYBc8TOx5xeC3JpUgQQ
uJD6T0W12rrb2PS8MQ5zeMlTvm2PrWBB8xnr/7BYvb8
-> ssh-ed25519 seJ9Iw riSe05mcxnPhW97u811QPXym7PxQbNfQj5fWCv4OHD8
YQ22OWarqaWUmUUcNnt0NOHiTrgJQWPqibmaxrASO3s
-> ssh-ed25519 900ILw 5og8To6PuPPRxobF7DqwG6T14YGf74HssytPS5UjE3Q
foy8rSONvK9OttE6ilTiLkPUuncWhpzYk7tRdpiE3cU
--- ORkr3Q/weTzN4PdKVOFlfdnhfeYN+untw719iE65oK4
ÂOñÈÌÕî† }Àì?ç<×ßÅcùøÜ ÈåBPynÀ@Ïìä~HZOzøÕUî9‰r‡3ølEÅ/ø:-š9³RHUùj{Ù.¿?Q

1
secrets/wireguard-peer-kilgharrah.pub Normal file
View file

@ -0,0 +1 @@
LXQVU0MFKVO/mml5krHnf6NcL4GxF6XFJmvpmjrLBFA=