networking/wireguard: init

author: sinanmohd <sinan@sinanmohd.com> 2023-09-17 13:59:03 +0530
committer: sinanmohd <sinan@sinanmohd.com> 2023-09-17 15:22:50 +0530
commit: bf8a48eae55bec89f06508136d65ee98ceace558 (patch)
tree: 954ef88efe5c3acd2163fbfc2c0c55e73b82188b /hosts/cez
parent: fabfc1b30919e58c1409da72b6f95b36110a575e (diff)
3 files changed, 45 insertions, 0 deletions
diff --git a/hosts/cez/configuration.nix b/hosts/cez/configuration.nix
index fb991d9..31cde1a 100644
--- a/hosts/cez/configuration.nix
+++ b/hosts/cez/configuration.nix
@@ -8,6 +8,7 @@ in
     ./hardware-configuration.nix
     ./modules/wayland.nix
     ./modules/sshfs.nix
+    ./modules/wireguard.nix
     ../../common.nix
   ];
 
diff --git a/hosts/cez/modules/wireguard.nix b/hosts/cez/modules/wireguard.nix
new file mode 100644
index 0000000..07ea90c
--- /dev/null
+++ b/hosts/cez/modules/wireguard.nix
@@ -0,0 +1,22 @@
+{ config, ... }:
+
+let
+  domain = config.userdata.domain;
+in
+{
+  sops.secrets."misc/wireguard" = {};
+
+  networking.wg-quick.interfaces."wg" = {
+    address = [ "10.0.1.2/24" ];
+    dns = [ "10.0.1.1" ];
+    mtu = 1380;
+    privateKeyFile = config.sops.secrets."misc/wireguard".path;
+
+    peers = [{
+      publicKey = "wJMyQDXmZO4MjYRk6NK4+J6ZKWLTTZygAH+OwbPjOiw=";
+      allowedIPs = [ "0.0.0.0/0" ];
+      endpoint = "${domain}:51820";
+      persistentKeepalive = 25;
+    }];
+  };
+}
diff --git a/hosts/cez/secrets.yaml b/hosts/cez/secrets.yaml
new file mode 100644
index 0000000..d2a0348
--- /dev/null
+++ b/hosts/cez/secrets.yaml
@@ -0,0 +1,22 @@
+misc:
+    wireguard: ENC[AES256_GCM,data:4N0ZJd4p+Oik55XMhaEzZKpR66zEZxKfoqSnhYqf3W5BWsuDXGZFRi8xleY=,iv:hGgR3UcFeVGZjWJjdnVuQeUQtz3p4Lh6QRBJDfTr9Qo=,tag:0cJq8LFuNdkIiVgMgX/O2w==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1hngjn65pvc8458z5uxz6qjktp45fp8s8jqxgqklsndkdp0s26gtqdxqazm
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnVFkwNkVDTHRlWnFKUkh6
+            NUxNZmMyb0x1dEF5SXFydSs2anMzcTNobXpVCjlQU2NTK1BKbHZGamtTTXhmMldC
+            VUQzY2hjNkZmQU5xeXA0UUZPdDRENUEKLS0tIDBvYlNnYjRuNmo1cFRxMXRmVU4x
+            OHpabE5RaGl6d3F6K04rSGcrRGVMWE0K+1n6tSJYovD1BBuHlR8VRoHq81ZuKlKx
+            S956gXSTXxqCpPjE7K4PXE8lEsPq6Yh6sMxd6TPZ9QnSRibV7gnsGg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-09-11T10:48:49Z"
+    mac: ENC[AES256_GCM,data:/Pb5W9E6nwkOmF3bJfYIVnXDY5BKwuSs7sjJPit2N97oBHJQg6aJcarJRmC9RKtmI+owe+9Sd6GQ8ZDJKemkppdnFhtgYhcNNe2O9p4C/Yv27zfKDd7dTgoL9g759KJOqDrOyoMVZtDDB7wizI4BY9L3YiUm/dplUbDDlrvBtYs=,iv:Ihw0f6lxz7sPjeq0KX4DfAKov2ofs49vLRb392aUtPo=,tag:JXYHHZcNsb28wTUtm4uaVQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3
author	sinanmohd <sinan@sinanmohd.com>	2023-09-17 13:59:03 +0530
committer	sinanmohd <sinan@sinanmohd.com>	2023-09-17 15:22:50 +0530
commit	bf8a48eae55bec89f06508136d65ee98ceace558 (patch)
tree	954ef88efe5c3acd2163fbfc2c0c55e73b82188b /hosts/cez
parent	fabfc1b30919e58c1409da72b6f95b36110a575e (diff)