summaryrefslogtreecommitdiff
path: root/os/kay
diff options
context:
space:
mode:
Diffstat (limited to 'os/kay')
-rw-r--r--os/kay/modules/network/default.nix1
-rw-r--r--os/kay/modules/network/wireguard.nix71
-rw-r--r--os/kay/modules/observability/prometheus.nix3
-rw-r--r--os/kay/secrets.yaml5
4 files changed, 2 insertions, 78 deletions
diff --git a/os/kay/modules/network/default.nix b/os/kay/modules/network/default.nix
index 56371c7..019ee24 100644
--- a/os/kay/modules/network/default.nix
+++ b/os/kay/modules/network/default.nix
@@ -12,7 +12,6 @@ in
imports = [
./router.nix
./hurricane.nix
- ./wireguard.nix
./headscale.nix
];
diff --git a/os/kay/modules/network/wireguard.nix b/os/kay/modules/network/wireguard.nix
deleted file mode 100644
index fd00804..0000000
--- a/os/kay/modules/network/wireguard.nix
+++ /dev/null
@@ -1,71 +0,0 @@
-{
- config,
- pkgs,
- lib,
- ...
-}:
-let
- wgInterface = "wg";
- wanInterface = "ppp0";
- port = 51820;
-
- wgConf = pkgs.writeText "wg.conf" ''
- [interface]
- Address = 10.0.1.1/24
- MTU = 1412
- ListenPort = 51820
- PostUp = ${
- lib.getExe (
- pkgs.writeShellApplication {
- name = "wg_set_key";
- runtimeInputs = with pkgs; [ wireguard-tools ];
- text = ''
- wg set ${wgInterface} private-key <(cat ${config.sops.secrets."misc/wireguard".path})
- '';
- }
- )
- }
-
- [Peer]
- # friendly_name = cez
- PublicKey = IcMpAs/D0u8O/AcDBPC7pFUYSeFQXQpTqHpGOeVpjS8=
- AllowedIPs = 10.0.1.2/32
-
- [Peer]
- # friendly_name = exy
- PublicKey = bJ9aqGYD2Jh4MtWIL7q3XxVHFuUdwGJwO8p7H3nNPj8=
- AllowedIPs = 10.0.1.3/32
-
- [Peer]
- # friendly_name = dad
- PublicKey = q70IyOS2IpubIRWqo5sL3SeEjtUy2V/PT8yqVExiHTQ=
- AllowedIPs = 10.0.1.4/32
- '';
-in
-{
- sops.secrets."misc/wireguard" = { };
-
- networking = {
- nat = {
- enable = true;
- externalInterface = wanInterface;
- internalInterfaces = [ wgInterface ];
- };
-
- firewall.allowedUDPPorts = [ port ];
- wg-quick.interfaces.${wgInterface}.configFile = builtins.toString wgConf;
- };
-
- services.dnsmasq.settings = {
- no-dhcp-interface = wgInterface;
- interface = [ wgInterface ];
- };
-
- services.prometheus.exporters.wireguard = {
- enable = true;
- withRemoteIp = true;
- wireguardConfig = builtins.toString wgConf;
- singleSubnetPerField = true;
- listenAddress = "127.0.0.1";
- };
-}
diff --git a/os/kay/modules/observability/prometheus.nix b/os/kay/modules/observability/prometheus.nix
index 1810f9e..9ca73da 100644
--- a/os/kay/modules/observability/prometheus.nix
+++ b/os/kay/modules/observability/prometheus.nix
@@ -13,9 +13,6 @@
targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ];
}
{
- targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.wireguard.port}" ];
- }
- {
targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.dnsmasq.port}" ];
}
{
diff --git a/os/kay/secrets.yaml b/os/kay/secrets.yaml
index e11bbd0..5f8c16d 100644
--- a/os/kay/secrets.yaml
+++ b/os/kay/secrets.yaml
@@ -25,7 +25,6 @@ headscale:
derp_private_key: ENC[AES256_GCM,data:EMt3RtQzqIY4i5S2S1kK0kxu0wMt3/bBcpaEc3YP0Cmj8F4yZECOaDUYk4dM2QsfmoP84plktAqIrM4MSiY94lQpqRoCvTru,iv:NU/nVFQxBQTou0mf5xvLmlda8hzJfoCRiU1vCgJGyyc=,tag:IEDCDy6ifL+ulYzp7qr3vg==,type:str]
pre_auth_key: ENC[AES256_GCM,data:ItKBknycoP9AcUN1OyTK/OQCUQzkpJfho5Rfm2o0u8g6WGo0F/awC07MQ4pL2lfM,iv:hfOj72ZUP4F28+0vuEXucMUzeL3FAx0rF2quyWTACYw=,tag:zGdtJakxXUOolvJMOCevvg==,type:str]
misc:
- wireguard: ENC[AES256_GCM,data:zwctPH+ScqRWUD4Jjcu/dTTGwxGl6rCEsp5D4+EfXPEIhECL2vjyTtcy5cM=,iv:yfv6fV5zxAbsVf+veTJYLmAwhJbaqFt89s3jlU+HO2k=,tag:vZldtANCKvMWW5pXRUv+vA==,type:str]
default_password: ENC[AES256_GCM,data:xON6jifcv8k8tKA=,iv:Kk3Ax/GGvCvAbTAhNnlkoNh1BzsrZVptchRuQi+vqhc=,tag:9vYn1Gslr+1pAYdKvwRhnA==,type:str]
nixbin.sinanmohd.com: ENC[AES256_GCM,data:iPYrZvEcg8WRl2iRnL5Z3Gxzpu1NWqgobdYuhFj3Ria/zZ+WL6LzSYMKtxxRaCbqXIacjIJKGpsZcesaJjcx6wmLR8EW8GRPPhHO9AjbZSLeBV2h6XwHbe6PD8y/Kjx2fBbIpDDTF2YwstvFqQ==,iv:AYv4Vnog+dlhKlZV8S3D/q7JiY2l2mVxLC/gWuI5MtA=,tag:dzZ8octvGcuuh9TXv0U88A==,type:str]
alina: ENC[AES256_GCM,data:KGSr5fLkngJvZRAGoTK0XfxJCgWQBJ8xd0oelU5j15yOooBctUQjQekmf9GiVnmZbU5OoxdraO6nUssZXEIfKKsCtCps+D2MkDDchL/+gbc+A3Q=,iv:LszKLO5CeultjHbSLUqz9Or9X5K7u9VCzuz9fBPFgmM=,tag:DONP4smkrTTsY0sJ8qyKIQ==,type:str]
@@ -49,7 +48,7 @@ sops:
bGRaOE1Mc3VqVnYyd0xIVGl5ckpqRFkKpT2gTC4lf9HRQNJDykdGjPdfH+V8og7X
XHq1XqIRoRbulZifuZlmzN/RWMPIoBYkXeHfqaMjmTz5HIBcnO/t9g==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2025-10-17T04:31:52Z"
- mac: ENC[AES256_GCM,data:0nN0kAbdMFNgzCa1ocn7EHDNV7SFH/9/P2EgwDQG37AyAxUJtZ5kxyobAPRAbApgtrlnDhCrdsV9ltGqk35TTiNK6qhx8gfdzK0MiMI0wYnhvoAyci1Hsg32Fv/vuZv1AWf1yAMaDMQXmzt0AiG9hJy9FdZO0oU8U2RbmFRMO3k=,iv:P4m/owrYllj+8R2Pm+iLAerbnmOCy3TzBgmGCxS65C4=,tag:mNEHL3kBMuFeSYfY6xnweQ==,type:str]
+ lastmodified: "2025-10-20T15:38:52Z"
+ mac: ENC[AES256_GCM,data:n0ShTAQ5ft5o38Y53MmSHzOyxEKwKT4TwELfj5kZ2rvZVI4o1jH+kcYnlYKcwPDCXNuIayFRVYRZ7KPEftPuTRgaKK74uCjYyrZh/hQP+pyFRg2va2Jkn5vymzsm2036DIPo2K2JkZtSlWgYG/BNuLVQZioghkKZ5pe23YyJqQs=,iv:NSQCmN081ZoGa2yfU8Bu0H2tfvWrOennYPWjtpRJ8G0=,tag:HDl78o8CmFviEqQWntvrQw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0