summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--os/cez/configuration.nix1
-rw-r--r--os/cez/modules/wireguard.nix20
-rw-r--r--os/cez/secrets.yaml5
3 files changed, 24 insertions, 2 deletions
diff --git a/os/cez/configuration.nix b/os/cez/configuration.nix
index b97798a..90c7786 100644
--- a/os/cez/configuration.nix
+++ b/os/cez/configuration.nix
@@ -4,6 +4,7 @@
./hardware-configuration.nix
./modules/headscale.nix
+ ./modules/wireguard.nix
./modules/tlp.nix
../../global/cez
];
diff --git a/os/cez/modules/wireguard.nix b/os/cez/modules/wireguard.nix
new file mode 100644
index 0000000..2bf2252
--- /dev/null
+++ b/os/cez/modules/wireguard.nix
@@ -0,0 +1,20 @@
+{ config, ... }:
+{
+ sops.secrets."misc/wireguard" = { };
+
+ networking.wg-quick.interfaces.bud = {
+ autostart = false;
+ address = [ "10.54.132.2/24" ];
+ mtu = 1420;
+ privateKeyFile = config.sops.secrets."misc/wireguard".path;
+
+ peers = [
+ {
+ publicKey = "O2GRMEWf22YRGKexHAdg1fitucTZ/U/om2MWEJMeyFQ=";
+ allowedIPs = [ "10.54.132.0/24" ];
+ endpoint = "primary.k8s.bud.studio:51820";
+ persistentKeepalive = 25;
+ }
+ ];
+ };
+}
diff --git a/os/cez/secrets.yaml b/os/cez/secrets.yaml
index 156e74d..7b9923c 100644
--- a/os/cez/secrets.yaml
+++ b/os/cez/secrets.yaml
@@ -1,4 +1,5 @@
misc:
+ wireguard: ENC[AES256_GCM,data:WUHMeYro1PS25wEtsQKHHtpLXbtox8JtqX5863dHelBIA2SB7YZ+eWyv5hQ=,iv:hGgR3UcFeVGZjWJjdnVuQeUQtz3p4Lh6QRBJDfTr9Qo=,tag:4qpU9Ue4QtfBINdy0CSdvw==,type:str]
headscale: ENC[AES256_GCM,data:90xXwi0fPPdF929akAma85UmLkllCUmO1v0nWS8HxRw4gQq8fa9QKoYgGAt84bC6,iv:H0BZN7A21Hzs6p4wdP3ONVfvQyNchVSdc2GJ9BS+wyQ=,tag:fV9XpAOrVMQ5A2Dzo5BcyQ==,type:str]
sops:
age:
@@ -20,7 +21,7 @@ sops:
dVZ3V0VUQzF5VzN0RFM5c0RjZHpJZ0EK09qgyPHEhHgRZt2GZQB5IM9Z/nfYXW28
fcfmF6pko9qOYQ72P7vwv8Xub0SEI8GKGQwz2QPDJT9gd1qtipuhuQ==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2025-10-20T16:05:52Z"
- mac: ENC[AES256_GCM,data:tsYOQDpWx23x7+N5LoRMuCQslqu6B+YgscSaSt0nnuuZxxYpiaalsE9znlQ8GCuAsDxUKJsbzRS0ek/vQVnt/tbwAQrlDK39/5LzErBpcnq8Mf4jF+CXU8XlvrC0EZ8Ut2nV5g4KZdax1sQ7Zl345PWwtD5hVL8nQeclanCdasc=,iv:MbYOeCBLbkZ9cOUhytmKou26DX1bIn7DFdX4p4+zROA=,tag:RaPHBe3ZyCluy1uzGjQacw==,type:str]
+ lastmodified: "2025-10-17T03:37:38Z"
+ mac: ENC[AES256_GCM,data:hOs2aCnCs8yF2iLZawyI84olfFe86JTZ8KBgSFLpaE8Kd+HWsQyEa5M0yOMXCts/d0JqJFsMJqxmkcBxBSFT5cBVZM/gSh9TC7xbq14Ja3vRT6KcLZ3O4CI6pZvEvkuJALTSQSXIsxFZG3YoYsKdh67aqKr/uC3Jh5sASYxzIHg=,iv:F4d85Tk920eXa6mVKSBlmJ/dRHncZRiQGh3LHsJCLas=,tag:EO+1OERqvowVUGKe9a77oA==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0