commit 30bafe174eda088a8fe31e39a727ae7eb903d65d · ptr.pet/ark

-1

hosts/default.nix

···

       6
       6
        
       }: let

     

       7
       7
        
         baseModules = [

     

       8
       8
        
           ../modules

     

       9
       9
       -
           ../secrets

     

       10
       9
        
           ../locale

     

       11
       10
        
           inputs.home.nixosModule

     

       12
       11
        
         ];

+1 -1

hosts/tkaronto/modules/secrets.nix

···

       1
       1
        
       {

     

       2
       2
        
         age.secrets.nixGithubAccessToken.file = ../../../secrets/nixGithubAccessToken.age;

     

       3
       3
       -
         age.secrets.wgServerPrivateKey.file = ../../../secrets/wgServerPrivateKey.age;

     

       3
       3
       +
         age.secrets.wgTkarontoKey.file = ../../../secrets/wgTkarontoKey.age;

     

       4
       4
        
       }

+3 -3

hosts/tkaronto/modules/wireguard.nix

···

       1
       1
        
       {config, ...}: {

     

       2
       2
        
         networking.wireguard.enable = true;

     

       3
       3
        
         networking.wireguard.interfaces."wg0" = {

     

       4
       4
       -
           privateKeyFile = config.age.secrets.wgServerPrivateKey.path;

     

       4
       4
       +
           privateKeyFile = config.age.secrets.wgTkarontoKey.path;

     

       5
       5
        
           peers = [{

     

       6
       6
       -
             publicKey = import ./wgProxyPublicKey.key.pub;

     

       6
       6
       +
             publicKey = import ./wgWolumondeKey.pub;

     

       7
       7
        
             allowedIPs = ["10.99.0.1/32"];

     

       8
       8
       -
             endpoint = "${import ./wgProxyPublicIp}:51820";

     

       8
       8
       +
             endpoint = "${import ./wgWolumondeIp}:51820";

     

       9
       9
        
           }];

     

       10
       10
        
         };

     

       11
       11
        
       }

+1 -1

hosts/wolumonde/modules/secrets.nix

···

       1
       1
        
       {

     

       2
       2
        
         age.secrets.bernbotToken.file = ../../../secrets/bernbotToken.age;

     

       3
       3
       -
         age.secrets.wgProxyPrivateKey.file = ../../../secrets/wgProxyPrivateKey.age;

     

       3
       3
       +
         age.secrets.wgWolumondeKey.file = ../../../secrets/wgWolumondeKey.age;

     

       4
       4
        
       }

+2 -2

hosts/wolumonde/modules/wireguard.nix

···

       2
       2
        
         networking.wireguard.enable = true;

     

       3
       3
        
         networking.wireguard.interfaces."wg0" = {

     

       4
       4
        
           listenPort = 51820;

     

       5
       5
       -
           privateKeyFile = config.age.secrets.wgProxyPrivateKey.path;

     

       5
       5
       +
           privateKeyFile = config.age.secrets.wgWolumondeKey.path;

     

       6
       6
        
           peers = [{

     

       7
       7
       -
             publicKey = import ./wgServerPublicKey.key.pub;

     

       7
       7
       +
             publicKey = import ./wgTkarontoKey.pub;

     

       8
       8
        
             allowedIPs = ["10.99.0.2/32"];

     

       9
       9
        
           }];

     

       10
       10
        
         };

+2 -2

secrets/secrets.nix

···

       3
       3
        
         wolumonde = builtins.readFile ./wolumonde.key.pub;

     

       4
       4
        
       in

     

       5
       5
        
       {

     

       6
       6
       -
         "wgProxyPrivateKey.age".publicKeys = [yusdacra wolumonde];

     

       7
       7
       -
         "wgServerPrivateKey.age".publicKeys = [yusdacra];

     

       6
       6
       +
         "wgWolumondeKey.age".publicKeys = [yusdacra wolumonde];

     

       7
       7
       +
         "wgTkarontoKey.age".publicKeys = [yusdacra];

     

       8
       8
        
         "bernbotToken.age".publicKeys = [yusdacra wolumonde];

     

       9
       9
        
         "nixGithubAccessToken.age".publicKeys = [yusdacra];

     

       10
       10
        
       }

+17

secrets/wgTkarontoKey.age

···

       1
       1
       +
       age-encryption.org/v1

     

       2
       2
       +
       -> ssh-rsa Abmvag

     

       3
       3
       +
       fO3lQR63PmOPCObw33ZW6wydazNyiY4DMELKcb+ScKsbWqv++DzZy9rhTAzIWy0L

     

       4
       4
       +
       mV5H06XQKrN8JxzC8S6KHKBiyFZBwMw4Q9HXQAj+GsKy9Ts8mT9Eydq2dVYlceBl

     

       5
       5
       +
       6U31EO1EkKh5wGbQztSc52uEIKwfskNM7pgF9FQkChFX3Fju7CDxQaJwtQQ9/6Fz

     

       6
       6
       +
       HikmDoK9EHdSyEowGFLzOSN+8nuI+QgH0e9p8NUGkZZt02V3KTZBgoSkeCwlqr3I

     

       7
       7
       +
       F8fr8mkmHmBq3X1AdDushorCHJioh9ZTcLhCd+WZwG8G+gtlnyLNNENEqcFO08yR

     

       8
       8
       +
       1KbCpr4wxmMGPs+vnE0PjFSZpvbT0qegauM0e/yGmZI7SjR8NfkN4Yah+lfgHgU6

     

       9
       9
       +
       ThsHav2FeDDKVocJrRMfyuMn0DB3wMv5XMBD41PQP9te3URQhrg9DptTUbtvcgBm

     

       10
       10
       +
       UQs83DL7UB5beNuku4pdb5ihXmmIu+UBXWRjbVXcdwVwTeUYSi+FzRKGeHN8Q6zB

     

       11
       11
       +
       Sq6OUQVtRoGKLyqnH05JzrnOKLP+YvAnfn95AjZu1fvxOLen6tTxiP1Hy0/IRWJ9

     

       12
       12
       +
       lCiDLJzueQqVU7APPNJ+mkco/9dBguuwqmjwj/0IopFLGGAXdq4xsPS6q4kmlUAb

     

       13
       13
       +
       s0PS2XoefHyliTZaeJN4m/rA8kxrEQ+A8TG8Iq0jhrQ

     

       14
       14
       +
       -> ImuX-grease ?

     

       15
       15
       +
       jDl7okapM3YiqfppSi0z4/g

     

       16
       16
       +
       --- 8OjxSYdr+L5qWxb5SyvjZ/exgFOwtiaHdHdvhMSV2CQ

     

       17
       17
       +
       ��0����b�~����b�?�������6� ��+W,n�����&�jQu��U���m��B���S}l���K�]H

+20

secrets/wgWolumondeKey.age

···

       1
       1
       +
       age-encryption.org/v1

     

       2
       2
       +
       -> ssh-rsa Abmvag

     

       3
       3
       +
       VCeXZjRIvdZD1E5Xt/k1uH3j9nrdtGzQ8ydHQDGWUkZpOlBlucujrGuoCuiRZGle

     

       4
       4
       +
       7ctY5Np3lWH6aL9R8DtYmkz0AAKlZ/gK4UNdtFA9J0huNhk1GfWIuVU3yFEg+Mg0

     

       5
       5
       +
       LW7yK3uFvELjbQy5gKLczuMQhQ+CWuCf/4pRVnpLhqrCre4+jj2bEAfICsniSdcO

     

       6
       6
       +
       FuChw1IS7cRSttE9DShjT15Wml7+i5I4w2UY5tosi49dc8Y7FFa5EAnIkO6YbCrF

     

       7
       7
       +
       AV5OukWoASPWlzUIBG+hx1kVGIyOfBGemoeB/xksTGfY+uIdelCzqrAWg4JdnzP3

     

       8
       8
       +
       wgCqCCR/6xOhX4GHiJERwSeyJ54PKp+UwegOI8xPKiPOGk/8VXcpOKIaLQeb+nzW

     

       9
       9
       +
       YwEbPzmqYtzNmQk456PGcC9Ibv9HVZbC+cjKygh4z5lBJPL9/O8tz8AGDBuMaoLD

     

       10
       10
       +
       5DMoa9W/3BCzPW46YFJA5K4IbYfb6mqGnqTeZOq/KlxMydK1+iSgc8/ZTQEdJw80

     

       11
       11
       +
       WrVupR6BJkiu5bvMqCsuYtEbqWNAWFFz61ifQPt4s86B7QAWgNznfcf7nlufWQw4

     

       12
       12
       +
       u8J74WtaPe6K+wDybN3Xv9Hi5ZgwRU8220w8jHkY+986gVQoapkCv0xuxLSeJ1/9

     

       13
       13
       +
       2m5WifiM2lIk/yTtzPosfiMz4CynmKFm17sZcVOzACI

     

       14
       14
       +
       -> ssh-ed25519 KjIL7g jVrj2lq/7hxXvebnw92IOB+sgDt4MQF1HHInzGPrc0M

     

       15
       15
       +
       jPb62GFP+i3Vnw08kDJeD60m2Dnz4xd7Lsgv0LQtdBI

     

       16
       16
       +
       -> QZ=&db*J-grease '

     

       17
       17
       +
       isL9Vjh7E/6SBk2Lcv19W7vaWqjcQRbLgNm0iPx480QpbHC7r66dF7gBrl0TmdRR

     

       18
       18
       +
       zy2Q

     

       19
       19
       +
       --- 1IaQ42FjPe1B/rcWmA5ghfOIN/AOuqUcfXuh7oyOHn4

     

       20
       20
       +
       ��<�C9LQ�z�#�P	��5��UB�ĮT@͕O�׷��F�	 �7t�g�fjy7/d˶,���T��4<�3