commit d8bb7cd0451202a97dc1aff70bd0c344ef4388f0 · ptr.pet/ark

+2

hosts/tkaronto/modules/secrets.nix

···

       1
       1
        
       {

     

       2
       2
       +
         age.identityPaths = ["/etc/nixos/keys/ssh_key"];

     

       3
       3
       +
       

     

       2
       4
        
         age.secrets.nixGithubAccessToken.file = ../../../secrets/nixGithubAccessToken.age;

     

       3
       5
        
         age.secrets.wgTkarontoKey.file = ../../../secrets/wgTkarontoKey.age;

     

       4
       6
        
       }

+1

hosts/tkaronto/modules/wgWolumondeIp

···

       1
       1
       +
       23.88.101.188

+1

hosts/tkaronto/modules/wgWolumondeKey.pub

···

       1
       1
       +
       wua7uoPmmz0nXop3TKJOEUJ++LSmJdQxCRk9rNbPaAg=

+2 -2

hosts/tkaronto/modules/wireguard.nix

···

       3
       3
        
         networking.wireguard.interfaces."wg0" = {

     

       4
       4
        
           privateKeyFile = config.age.secrets.wgTkarontoKey.path;

     

       5
       5
        
           peers = [{

     

       6
       6
       -
             publicKey = import ./wgWolumondeKey.pub;

     

       6
       6
       +
             publicKey = builtins.readFile ./wgWolumondeKey.pub;

     

       7
       7
        
             allowedIPs = ["10.99.0.1/32"];

     

       8
       8
       -
             endpoint = "${import ./wgWolumondeIp}:51820";

     

       8
       8
       +
             endpoint = "${builtins.readFile ./wgWolumondeIp}:51820";

     

       9
       9
        
           }];

     

       10
       10
        
         };

     

       11
       11
        
       }

+1 -1

hosts/wolumonde/modules/ssh.nix

···

       5
       5
        
           passwordAuthentication = false;

     

       6
       6
        
         };

     

       7
       7
        
         users.users.root.openssh.authorizedKeys.keys = [

     

       8
       8
       -
           (builtins.readFile "${inputs.self}/secrets/ssh-key.pub")

     

       8
       8
       +
           (builtins.readFile "${inputs.self}/secrets/yusdacra.key.pub")

     

       9
       9
        
         ];

     

       10
       10
        
       }

+1

hosts/wolumonde/modules/wgTkarontoKey.pub

···

       1
       1
       +
       IPz9tX4jsDOYcujU5B2KVuPaPVG2JaYA1FqLsZzky0Q=

+1 -1

hosts/wolumonde/modules/wireguard.nix

···

       4
       4
        
           listenPort = 51820;

     

       5
       5
        
           privateKeyFile = config.age.secrets.wgWolumondeKey.path;

     

       6
       6
        
           peers = [{

     

       7
       7
       -
             publicKey = import ./wgTkarontoKey.pub;

     

       7
       7
       +
             publicKey = builtins.readFile ./wgTkarontoKey.pub;

     

       8
       8
        
             allowedIPs = ["10.99.0.2/32"];

     

       9
       9
        
           }];

     

       10
       10
        
         };

+4 -1

lib/default.nix

···

       14
       14
        
         importFolder = modules: let

     

       15
       15
        
           b = builtins;

     

       16
       16
        
           files = b.readDir modules;

     

       17
       17
       +
           fileNames = b.attrNames files;

     

       17
       18
        
           filesToImport =

     

       18
       18
       -
             b.map (name: "${modules}/${name}") (b.attrNames files);

     

       19
       19
       +
             b.map

     

       20
       20
       +
             (name: "${modules}/${name}")

     

       21
       21
       +
             (b.filter (name: b.match ".*\.nix" name != null) fileNames);

     

       19
       22
        
         in

     

       20
       23
        
           filesToImport;

     

       21
       24