From 7a5f10c877e839ff855c820716e384978773fc7a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Thu, 19 Oct 2023 20:55:56 +0200 Subject: [PATCH] feat: wireguard --- .gitignore | 1 + hosts/biolimo/default.nix | 2 + hosts/biolimo/networking.nix | 18 ++++++ hosts/chocolatebar/default.nix | 1 + hosts/chocolatebar/networking.nix | 18 ++++++ hosts/default.nix | 5 ++ hosts/droppie/default.nix | 1 + hosts/droppie/networking.nix | 18 ++++++ hosts/pie/default.nix | 1 + hosts/pie/dhcpd.nix | 26 ++++++--- hosts/pie/networking.nix | 10 ++++ hosts/pie/unbound.nix | 20 +++---- hosts/pie/wireguard.nix | 82 +++++++++++++++++++++++++++ modules/default.nix | 1 + modules/wireguard-client/default.nix | 54 ++++++++++++++++++ secrets/secrets.nix | 6 ++ secrets/wg-private-biolimo.age | 31 ++++++++++ secrets/wg-private-chocolatebar.age | 31 ++++++++++ secrets/wg-private-droppie.age | Bin 0 -> 1388 bytes secrets/wg-private-pie-server.age | 20 +++++++ secrets/wg-private-pie.age | 19 +++++++ 21 files changed, 345 insertions(+), 20 deletions(-) create mode 100644 hosts/biolimo/networking.nix create mode 100644 hosts/chocolatebar/networking.nix create mode 100644 hosts/droppie/networking.nix create mode 100644 hosts/pie/wireguard.nix create mode 100644 modules/wireguard-client/default.nix create mode 100644 secrets/wg-private-biolimo.age create mode 100644 secrets/wg-private-chocolatebar.age create mode 100644 secrets/wg-private-droppie.age create mode 100644 secrets/wg-private-pie-server.age create mode 100644 secrets/wg-private-pie.age diff --git a/.gitignore b/.gitignore index 9e9577a..f52dae9 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,4 @@ tags pkgs/_sources/.shake* tags.lock tags.temp +/wireguard-keys diff --git a/hosts/biolimo/default.nix b/hosts/biolimo/default.nix index 3c4d411..8fa27a6 100644 --- a/hosts/biolimo/default.nix +++ b/hosts/biolimo/default.nix @@ -2,5 +2,7 @@ imports = [ ./configuration.nix ./hardware-configuration.nix + + ./networking.nix ]; } diff --git a/hosts/biolimo/networking.nix b/hosts/biolimo/networking.nix new file mode 100644 index 0000000..ffef32f --- /dev/null +++ b/hosts/biolimo/networking.nix @@ -0,0 +1,18 @@ +{ + flake, + config, + pkgs, + ... +}: { + config = { + age.secrets.wg-private-key.file = "${flake.self}/secrets/wg-private-biolimo.age"; + + pub-solar.wireguard-client = { + ownIPs = [ + "10.0.1.6/32" + "fd00:acab:1312:acab:6::/128" + ]; + wireguardPrivateKeyFile = "/run/agenix/wg-private-key"; + }; + }; +} diff --git a/hosts/chocolatebar/default.nix b/hosts/chocolatebar/default.nix index f05e641..283e273 100644 --- a/hosts/chocolatebar/default.nix +++ b/hosts/chocolatebar/default.nix @@ -3,6 +3,7 @@ ./configuration.nix ./hardware-configuration.nix + ./networking.nix ./virtualisation # ./factorio ]; diff --git a/hosts/chocolatebar/networking.nix b/hosts/chocolatebar/networking.nix new file mode 100644 index 0000000..c5542dc --- /dev/null +++ b/hosts/chocolatebar/networking.nix @@ -0,0 +1,18 @@ +{ + flake, + config, + pkgs, + ... +}: { + config = { + age.secrets.wg-private-key.file = "${flake.self}/secrets/wg-private-chocolatebar.age"; + + pub-solar.wireguard-client = { + ownIPs = [ + "10.0.1.5/32" + "fd00:acab:1312:acab:5::/128" + ]; + wireguardPrivateKeyFile = "/run/agenix/wg-private-key"; + }; + }; +} diff --git a/hosts/default.nix b/hosts/default.nix index 9d34ea1..550d227 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -17,6 +17,8 @@ self.nixosModules.nextcloud self.nixosModules.office self.nixosModules.printing + self.nixosModules.uhk + self.nixosModules.wireguard-client ]; }; @@ -37,6 +39,7 @@ self.nixosModules.office self.nixosModules.printing self.nixosModules.virtualisation + self.nixosModules.wireguard-client ]; }; @@ -46,6 +49,7 @@ self.nixosModules.base ./droppie self.nixosModules.yule + self.nixosModules.wireguard-client ]; }; @@ -57,6 +61,7 @@ ./pie self.nixosModules.yule self.nixosModules.docker + self.nixosModules.wireguard-client ]; }; diff --git a/hosts/droppie/default.nix b/hosts/droppie/default.nix index 9fd7261..4d36f80 100644 --- a/hosts/droppie/default.nix +++ b/hosts/droppie/default.nix @@ -3,6 +3,7 @@ ./configuration.nix ./hardware-configuration.nix + ./networking.nix ./nextcloud-web-tunnel.nix ./restic-backup.nix ]; diff --git a/hosts/droppie/networking.nix b/hosts/droppie/networking.nix new file mode 100644 index 0000000..133af75 --- /dev/null +++ b/hosts/droppie/networking.nix @@ -0,0 +1,18 @@ +{ + flake, + config, + pkgs, + ... +}: { + config = { + age.secrets.wg-private-key.file = "${flake.self}/secrets/wg-private-droppie.age"; + + pub-solar.wireguard-client = { + ownIPs = [ + "10.0.1.3/32" + "fd00:acab:1312:acab:3::/128" + ]; + wireguardPrivateKeyFile = "/run/agenix/wg-private-key"; + }; + }; +} diff --git a/hosts/pie/default.nix b/hosts/pie/default.nix index 1604b59..6e02cfd 100644 --- a/hosts/pie/default.nix +++ b/hosts/pie/default.nix @@ -4,6 +4,7 @@ ./configuration.nix ./networking.nix + ./wireguard.nix ./unbound.nix ./dhcpd.nix ./wake-droppie.nix diff --git a/hosts/pie/dhcpd.nix b/hosts/pie/dhcpd.nix index c684f67..0ea590f 100644 --- a/hosts/pie/dhcpd.nix +++ b/hosts/pie/dhcpd.nix @@ -48,9 +48,9 @@ reservations = [ { - hostname = "brwb8763f64a364.local"; - hw-address = "b8:76:3f:64:a3:64"; - ip-address = "192.168.178.4"; + hostname = "pie.local"; + hw-address = "dc:a6:32:5c:31:64"; + ip-address = "192.168.178.2"; } { hostname = "droppie.local"; @@ -58,9 +58,19 @@ ip-address = "192.168.178.3"; } { - hostname = "pie.local"; - hw-address = "dc:a6:32:5c:31:64"; - ip-address = "192.168.178.2"; + hostname = "brwb8763f64a364.local"; + hw-address = "b8:76:3f:64:a3:64"; + ip-address = "192.168.178.4"; + } + { + hostname = "chocolatebar.local"; + hw-address = "b8:76:3f:64:a3:64"; + ip-address = "192.168.178.5"; + } + { + hostname = "biolimo.local"; + hw-address = "c6:f2:d1:df:ed:a4"; + ip-address = "192.168.178.6"; } ]; } @@ -106,14 +116,14 @@ hostname = "droppie.local"; hw-address = "08:f1:ea:97:0f:0c"; ip-addresses = [ - "2a02:908:5b1:e3c0:3077:4e39:7763:b5b8" + "2a02:908:5b1:e3c0:3077:4e39:7763:3" ]; } { hostname = "pie.local"; hw-address = "dc:a6:32:5c:31:64"; ip-addresses = [ - "2a02:908:5b1:e3c0:3077:4e39:7763:b5b7" + "2a02:908:5b1:e3c0:3077:4e39:7763:2" ]; } ]; diff --git a/hosts/pie/networking.nix b/hosts/pie/networking.nix index 917eb77..0a8c1c2 100644 --- a/hosts/pie/networking.nix +++ b/hosts/pie/networking.nix @@ -38,4 +38,14 @@ auto_https off ''; }; + + age.secrets.wg-private-key.file = "${flake.self}/secrets/wg-private-pie.age"; + + pub-solar.wireguard-client = { + ownIPs = [ + "10.0.1.2/32" + "fd00:acab:1312:acab:2::/128" + ]; + wireguardPrivateKeyFile = "/run/agenix/wg-private-key"; + }; } diff --git a/hosts/pie/unbound.nix b/hosts/pie/unbound.nix index 4da3659..c349ff4 100644 --- a/hosts/pie/unbound.nix +++ b/hosts/pie/unbound.nix @@ -27,21 +27,17 @@ "\"droppie.local. 10800 IN A 192.168.178.3\"" "\"droppie.local. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:4e39:7763:b5b8\"" - "\"droppie.b12f.io. 10800 IN A 192.168.178.3\"" - "\"droppie.b12f.io. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:4e39:7763:b5b8\"" - "\"backup.b12f.io. 10800 IN A 192.168.178.3\"" - "\"backup.b12f.io. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:4e39:7763:b5b8\"" + "\"droppie.b12f.io. 10800 IN A 10.0.1.3\"" + "\"droppie.b12f.io. 10800 IN AAAA fd00:acab:1312:acab:3::\"" + "\"backup.b12f.io. 10800 IN CNAME droppie.b12f.io\"" "\"pie.local. 10800 IN A 192.168.178.2\"" "\"pie.local. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:4e39:7763:b5b7\"" - "\"pie.b12f.io. 10800 IN A 192.168.178.2\"" - "\"pie.b12f.io. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:4e39:7763:b5b7\"" - "\"firefly.b12f.io. 10800 IN A 192.168.178.2\"" - "\"firefly.b12f.io. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:4e39:7763:b5b7\"" - "\"firefly-importer.b12f.io. 10800 IN A 192.168.178.2\"" - "\"firefly-importer.b12f.io. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:4e39:7763:b5b7\"" - "\"paperless.b12f.io. 10800 IN A 192.168.178.2\"" - "\"paperless.b12f.io. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:4e39:7763:b5b7\"" + "\"pie.b12f.io. 10800 IN A 10.0.1.2\"" + "\"pie.b12f.io. 10800 IN AAAA fd00:acab:1312:acab:2::\"" + "\"firefly.b12f.io. 10800 IN CNAME pie.b12f.io\"" + "\"firefly-importer.b12f.io. 10800 IN CNAME pie.b12f.io\"" + "\"paperless.b12f.io. 10800 IN A CNAME pie.b12f.io\"" "\"fritz.box. 10800 IN A 192.168.178.1\"" "\"fritz.box. 10800 IN AAAA fd00::3ea6:2fff:fe57:30b0\"" diff --git a/hosts/pie/wireguard.nix b/hosts/pie/wireguard.nix new file mode 100644 index 0000000..72868a9 --- /dev/null +++ b/hosts/pie/wireguard.nix @@ -0,0 +1,82 @@ +{ + flake, + config, + pkgs, + ... +}: { + age.secrets.wg-private-key-server.file = "${flake.self}/secrets/wg-private-pie-server.age"; + + networking.nat = { + enable = true; + enableIPv6 = true; + internalInterfaces = [ "wg-server" ]; + }; + networking.firewall.allowedUDPPorts = [ 51899 ]; + + # Enable WireGuard + networking.wg-quick.interfaces = { + wg-server = { + listenPort = 51899; + address = [ + "10.0.1.2/32" + "fd00:acab:1312:acab:2::/128" + ]; + dns = [ + "10.0.1.2" + "fd00:acab:1312:acab:2::" + ]; + + privateKeyFile = "/run/agenix/wg-private-key-server"; + + peers = [ + # { + # # router + # publicKey = ""; + # allowedIPs = ["10.0.1.1/32"]; + + # persistentKeepalive = 25; + # } + { + # pie client + publicKey = "hPTXEqQ2GYEywdPNdZBacwB9KKcoFZ/heClxnqmizyw="; + allowedIPs = [ + "10.0.1.2/32" + "fd00:acab:1312:acab:2::/128" + ]; + + persistentKeepalive = 25; + } + { + # droppie + publicKey = "qsnBMoj9Z16D8PJ5ummRtIfT5AiMpoF3SoOCo4sbyiw="; + allowedIPs = [ + "10.0.1.3/32" + "fd00:acab:1312:acab:3::/128" + ]; + + persistentKeepalive = 25; + } + { + # chocolatebar + publicKey = "nk8EtGE/QsnSEm1lhLS3/w83nOBD2OGYhODIf92G91A="; + allowedIPs = [ + "10.0.1.5/32" + "fd00:acab:1312:acab:5::/128" + ]; + + persistentKeepalive = 25; + } + { + # biolimo + publicKey = "4ymN7wwBuhF+h+5fFN0TqXmVyOe1AsWiTqRL0jJ3CDc="; + allowedIPs = [ + "10.0.1.6/32" + "fd00:acab:1312:acab:6::/128" + ]; + + persistentKeepalive = 25; + } + ]; + }; + }; +} diff --git a/modules/default.nix b/modules/default.nix index b5cc1e3..61ed19b 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -24,6 +24,7 @@ terminal-life = import ./terminal-life; user = import ./user; virtualisation = import ./virtualisation; + wireguard-client = import ./wireguard-client; base.imports = [ self.nixosModules.home-manager diff --git a/modules/wireguard-client/default.nix b/modules/wireguard-client/default.nix new file mode 100644 index 0000000..0acabb2 --- /dev/null +++ b/modules/wireguard-client/default.nix @@ -0,0 +1,54 @@ +{ + lib, + config, + pkgs, + ... +}: +with lib; let + psCfg = config.pub-solar; + cfg = config.pub-solar.wireguard-client; +in { + options.pub-solar.wireguard-client = { + ownIPs = mkOption { + description = '' + Internal ips in wireguard used for cluster control-plane communication. + ''; + type = types.listOf types.str; + }; + + wireguardPrivateKeyFile = mkOption { + description = '' + Location of private key file + ''; + type = types.path; + }; + }; + + config = { + networking.firewall.allowedUDPPorts = [51899]; + + networking.wg-quick.interfaces = { + wg0 = { + listenPort = 51898; + address = cfg.ownIPs; + dns = [ + "10.0.1.2" + "fd00:acab:1312:acab:2::" + ]; + privateKeyFile = cfg.wireguardPrivateKeyFile; + peers = [ + { + # pie-server + publicKey = "8M/+y6AqbSsbK0JENkjRXqlRR56iiM/QRjGGtEM+Uj8="; + allowedIPs = [ + "10.0.1.0/32" + "fd00:acab:1312:acab:0::/128" + ]; + endpoint = "vpn.b12f.io:51899"; + persistentKeepalive = 25; + } + ]; + }; + }; + }; +} diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 3bb8088..7caed8b 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -67,4 +67,10 @@ in { "rclone-pie.conf".publicKeys = pieKeys ++ baseKeys; "restic-password.age".publicKeys = pieKeys ++ baseKeys; + + "wg-private-chocolatebar.age".publicKeys = chocolatebarKeys ++ baseKeys; + "wg-private-biolimo.age".publicKeys = biolimoKeys ++ baseKeys; + "wg-private-pie.age".publicKeys = pieKeys ++ baseKeys; + "wg-private-droppie.age".publicKeys = droppieKeys ++ baseKeys; + "wg-private-pie-server.age".publicKeys = pieKeys ++ baseKeys; } diff --git a/secrets/wg-private-biolimo.age b/secrets/wg-private-biolimo.age new file mode 100644 index 0000000..b24818f --- /dev/null +++ b/secrets/wg-private-biolimo.age @@ -0,0 +1,31 @@ +age-encryption.org/v1 +-> ssh-ed25519 TnSWKQ JjDPMMsJa/IgP3apm7xVEpCEZM4KFOdbGox9AG13RnA ++S0bgmZ4MjFiOwhV97yMrrvKvrKYympKftiV40sYrwQ +-> ssh-rsa 8daibg +Suf2zoLEqxXw/pfWkxnYDP43T6TM4p2gyxKfKxClfgF/dyQ01ESTn2FqyZoEtfV0 +QxR3MYjT823OdiKobbi1zheMRmrvePCubDNp45+rIMrPe7Ax0SOl6N9R5ErvFs/l +U2fR+qshhEIqw3V2BowlXanQKtc5a5zgW9/o+hcgQ7YwrIfSJVIr5t3ImxMUKvSV +g4u6sPSVYGkVweh0VllY5v5tw9a8k+icqP5M0mYGfDeHokfz1jHWRnuoZFLSD6IT +q0qh3TEmPncl6v1jhyPP2HUp6kpMpuRZOPB8OYdzJ0FdDNEZJImZVT5U+VCs9MsU +o2o5FjElFcaC2QnipBzuq6LzVRmCeg1Q1CQHU1O6zkYphxvEqN/dccOnliIUaB/Y +TFjAAJAcTg2TEt7S6yQDLs13LfsIaagYPr5HiifwQ0M/mfwNSO2CEi2p1SiN6G6R +TUPMELfp/Sf5wueVorrgIVahxydUXY5wOr7RkQfVNoW0z0gTNqk0DJdghTCJHw2I +W+LcHN3QVRRvyLNHUKlm4j8z0EOu73TiSCWowmuZRhm5TVctTERfRd2kpPbNkRTj +SLiiMO/RCLA+CxATc3Y+uotkQLM7INHxy9HC8lCLaJcoolgSbqSPfF5byWvSy/BN +uZ1FGcSJncx4diyuwV3Wpu9Cr/5Tqd3iXKDwo04syk8 +-> ssh-rsa kFDS0A +MLSMW8Huol9eoZMscTOgy51/kStd1uycu8PXQJm3+8oFoWnjE3OWmnaqt7waqh2X +I/JiPnw4NLFYVJdMLhhDLKuChTAkf1J0nBbWzn7X6MxTC4zKFUmDpq/MgNWc0gjc ++TtGjle8k2K0kxnGTpoUD7tcLuLi6tZXBsTvt28GR8zt5sgrxt/T+ojMKu6U97HI +/jhStUFL2mYZ5fFGi0rk5SMPqvFBYLc814tks+1qPsf/Dhqs9wznItfXqlQrwVkE +tDDFkCOQhAXIv6Aeh9fYTFG7wfA0anM2SYECNocx9Qm3aEg8cmtwzGXYg1pxqicR +ms/RdG39dmD6TSAElFJ8YM3erIshLq/KEKG2ns30manzLykwJiyzj+zyAR1rPRR0 +4KZWxfCBVSrFBLFpOWTNPfa6dXo3EiTVR6bc6X2Zum0IcEyOfFori6sR9lCfPJoF +sERTbHgVfX6w0hQpP6LlkIq1o7PAEYro0Vm50QVodtQVsYJ2LjIVHe7oBPSwXX7n +cpw4C/23TWyvKoyvy8zBbxbaF98RYkplT2K4uihHUGVeFKo4Ss9OLZOcbXcdZlGB +K852jhmoGuQT8m7F9rSYjV2OISMoN7dHh3GJrLk9h+Je82Bz8eRJ8rzJEkzmswig +5PPQoctbuITZqIFiZubVOLIKjk+i57N5heREzgQXeSE +-> 0@VdDnI*-grease 9EyIn b/ iQs| +XsK49d4EWQ8kuSAUuS7DjfeqE9vglS0VQktK0kz+8/MQtQ +--- ADvs0IW45ZAopNjCz8MgbJEiWwlwkfLyJAXkodRiwKs +pRA۾m  \K8[PX'/؝ h]ÚBK6!ص!Cwޗ \ No newline at end of file diff --git a/secrets/wg-private-chocolatebar.age b/secrets/wg-private-chocolatebar.age new file mode 100644 index 0000000..60e34ce --- /dev/null +++ b/secrets/wg-private-chocolatebar.age @@ -0,0 +1,31 @@ +age-encryption.org/v1 +-> ssh-ed25519 2Ca8Kg LDm1IOnDeahi9ktcshqs++W8BszPspJyKyXdO3pm5j0 +yC6KNzjsRwt9Bx38r2aIi5cragiU5ai0L8pTrVc0fzM +-> ssh-rsa 2ggJWw +TPPbYlpE4NCQ6gYqxI2eZRq8InxJTyevrIRL8oihlRmxW6Ai/7r+F72fQcDKKcys +o70CyKLLxeD047dEp60khzheUHVybyzeShGPda1m6bAKnRf4eLaNONuKhj5BAvLB +vPYYUMTVOS1B3HVBK1zCeYRcaJgmZzuFC4LHW5aJKDXGE9tUd344TBzIFH6BQPtZ +14MPAeNdHCHDUDrzco1IH3E5CfXkkO0SBHswbzREB/L9gp0AHZXg4GBxwvkWDI10 +GTiAedj0YcmHPUCbXaVzyCnJ8Xd4+fwTfaKoRL0mWE5lTbbM+iLRM/a0L5TBIt3n +QQ8vgpbbT4rkEaao7S+SkXwtBKpg4ax1F8K7UrZOEL+bjQb3V6uhsdaFtViEntVQ +DK6WkS/6Vf9r0lGaOzHC9dRXu/4mlA+fVGSw05j1pQ7SGbwuSqeVhEhsvxgnfkNl +9hwXuGJ69I6lvdmN6YbaSXXzGMnJuIEr7SIkQYj+BrBrVvhAIUsf+lGJwkxgWobE + +-> ssh-rsa kFDS0A +e3kryE71tkkKmoT4dB/3hmYErmarKeYn47uo+t9eAyPAIs6S4k4esL4BmMtfRR99 +XgtIOC8Vidk5+LsDBeP7455DsHnrAWxiSm2PA57jiCULqIQb8UA3NKbaSo0CjD1S +fV04nS7tGuIqQsAOlg2AQOIPm4VIAx7eKQ1rv7nwpPngVapkQk5CiRpKhmcky5Ip +koZhRNX9c6ksZjB+mH10hwld74aqPSOEPFMn7mJAw2MQl2wNVMiCaLsL80hz78M8 +QIeHsgQpUosGloNf0oM3pi3kQk4kHeraMMUc0R8uHSPrdDdCoJ1JwcZDxl/IIpoF +6EJaUUrT5wogjGLgnk0a2Aewz/kUvzTrJbmB/oc0WeblqwihbeO+/uTG8yXIhX1U +S7Lb0IQNy34ExkunDuhAohpkmklS6PrLTYjOd/EPRMpDYfHWXR5/agOpnBjdWtcg +gWHA0FeQb7RH5ZuRaLnCM9JOXhVYpDC+J3z8ddyvNCKPxe7XM4cxvV/Q1iQ9CyY2 +FVqqRbKGtqZyKJdqbbyF+v5Hmu8j0obBsGjLm3Aw9OrmKdjx31t6Rt10+3+rkIqw +pcjrmAi6vpdB1bPweAUBRpgYlLP+rRa9Pwaya6GnAbANZOiK6k10KwoeQ0+8NL9z +uMO1A20aVPp1tNzY1gyPi/6feFme5OyiS0io+zu7LC8 +-> c-grease NHHYd |!k_%$S |Jya2: 'ue +bueU3sX8xvRo4e6C2xtUUWHZOS5av+RufqlQ1+CNLQQqfuoDAOEuo8oebi66oafH +6JE77zXq5CnTsB8 +--- z04xmHChs7joNFgUJnMCWifi9zLDpqeayMGjf1jWULM +uC +(N]L-Lbַ(v0mFJiWa%/B1T8S,ӎKo \ No newline at end of file diff --git a/secrets/wg-private-droppie.age b/secrets/wg-private-droppie.age new file mode 100644 index 0000000000000000000000000000000000000000..0bfcb369c0421a775334f300676130a5fea0960a GIT binary patch literal 1388 zcmYk+y9?uV0KoBcQOw|QhvH^8hfwoQ8c;EhCT;U*k|t>yT+%$6_v4qOX{zEOx9aGk zn>Y#Xg1dvGgM*tWh@6vfiwJ@s_!oTPGkk+fyo~D*%?yd5?JElCW1Q7GQr$&Tp*Yb^BTiKz~Jlbnly$Lmjm>#7&nT4E%CU9$$Je*M6217e7 zjoGnQ&3UDA(WK&6*vjNwQqVF=ZF2A6$5W(2DCToqDiKv3mri`SxjZ9mRtmgrV&k-; zmA=ZPh9{Urze&`syN!)z^*l$Nm2Et+VgY3Yx3^4MMig4~uS5g5-2b%;Nj#t&WH#|Y zZ($D{ZMi_PjcSw!@h;f3d$xr-2?1KzojIJ8(lgpZUfsP!HN6s~Yh4O+ZUq5qrO+V} z<(}L{{{FZDYe4ZaT;69=D6gWN^h|QoCTfNyx8&<IgH)}JHSBq(kj4_+8dV}zuBsH0?6!%ps!B>Wna&Xgcge2f8}i$`cBdZwD{s*h+!J zI-;1Pq(neRF!UG)Mz&qMrH@?T^QKAN)3kFp^EFf{u|-6P1hBN;hncM9w2_Cd+TTWI z9gwT-biJ%&*%7qvAYxTRvEB-Aho0z_a+ifQhRzD%caU3%tbbExM=(q&G63#3qtD9d z+_6=-gVz8HdTs3YrdzDR-NI!puwAM@I2wtdjC+DAE{=DTZ&B2l0M?GVi@uZ_$l7!w zu%k;M(B<+Ft5ef3UXgh@$CyLg1XRS6ThUH3DD=FhyNMH$kX%&>Fm}Y(yTB6j85~Em zqI3U_Glzax4Cpm?}D~^qR9#hUbnFpk)Ev&6xya6tC?uS#3Qd;Go|>dHDSo-N#Rz$MV-K{^C>Y z$>Yx|>Z=EM@!`*ZzWl*ke^>AP^um|#zx3@lpa1$`*FO90)ki-*d;XP2fBo_ByHAxL TpkM5zqQCa!xsTqxY#09ks{zdM literal 0 HcmV?d00001 diff --git a/secrets/wg-private-pie-server.age b/secrets/wg-private-pie-server.age new file mode 100644 index 0000000..94379da --- /dev/null +++ b/secrets/wg-private-pie-server.age @@ -0,0 +1,20 @@ +age-encryption.org/v1 +-> ssh-ed25519 8bHz7g rg27RIr4lE6gtptL+DXltr+mICzMIYFrJ96Mcte03k4 +N+IEYg0dhnORi4ItndwhnCaSbzVnbVIIZQsg6XWDpMk +-> ssh-rsa kFDS0A +GrAnGLYDhcl5t2CesBWUWF5p9U98daBME1bCiWveYf6+eBl6hQy8YW/f3B7GOIM7 +/cGi07/xTBI0P/mf91fQCgtEMAk2Y4z41nvwnvicVP2dGgM2kpvtQaZr0z+hxTjF +t3+auk0icWlDMeJm157zRyrbxN9rGrO+pyrFCyloEnE4QKd1WGv6ZcyGx3XPjf3c +EqUm6xfc1k/zPXCl9yrdy2Qg7ynkRa+hXn8D5nb9/7V5e55JAA/j1pXOVVyv5s4v +EYGt8dHHX9geS3WMq4FmF9o7AKGpeLc+YIBQJ1oGZTz8q4wENN41UG/3tSP+pmZd +9rFebh5UYnaonaIS2OthcfPL0gtrPFHDwboKbUknX5anfNoDHXTGkRLpNlBFK+yu +nO2lxqLqcqtGMPBvwA6vyFp3LyxIGxS3quhPt2gN4uzOH7z78uSixv+KxKH7+QpG +r3SdNWYlCu/Xm2T8dvdumXp/MMLdceilwLEyoxX4RxGnQKeDJaj4WdfyJVTzkiJn +90+j4Lf2v6PwRB85mBOp5UaRX5M2nFtpFsNY1SWzqTuV4pd3yAzY3wATyc6heTJw +qaq1E9D/wa8pY2vbJKiMWNt1oE1TJppTpemkr87gn4AVr9P9WIMGWUzi1PfLy1lw +sT8UynFEQm0dm8iVCLVHBkdqeyk9VBfPp8XdNU9ZEEI +-> M4|-grease +79w6:R: : &m3%z )IE +p+DTgo1OnKsSDkxFposEheC0iZioePlCkrKK2qGKegdFXh/YO5g1hkgvnSkJAVoQ +1vTSqBys2dBUntLtIo9Rs4o9J5vZ23ufHZuVJ5Px4g4 +--- jj12ou2vNvCiolPUk/PIfldKHcILq40eS2uYvix4gu4 +`}#EOe'd%,Hm)- [lPou]5Ym*${-R ssh-ed25519 8bHz7g FvH+VXog6FECWn8RvmPKBC5++GwX2p5DFfGN1WeRnXc +MDAo42o0YpsSI9zPtai24KkqJNBhE8rLBzDoMQPBIC8 +-> ssh-rsa kFDS0A +KJTXv2WmPQEjD+p3hhBeFEqZQhHH3HE72LuFKUxpO8o25JiyDdQXxo+6jwG/rr0Y +jQVCo/B3WSc0dkWvih+2iP4pogYRzbqEe03LiLyU6lxfIrpjnvQv0DKyi/iesrE8 +Y0U7Ar11WGeJWO5wdNsAiRyNk3oCA4UV7YGQwEcUUPnTo7pKDZ4zGL86W7bF0lLZ +pGdLFVwD7CAjdw9fcAlCizJxYSbk8idA5jlY6qvWYRail2/61MjD67j24yNk7Qun +pcVIlY8PVwhk0KVbN2jBXwNy6MegCaittOoldN5lAyTR5v4b82zTpR7KWWsw+TMM +faH5LXsSkZp5deKP4sqC5xO5leSwBLY2wHImyOciCydDsaPhr5U5ofAiwv2A/rJ9 +McEhwM3h9+V5wyTubM9FI0/IT1O+BVEwXX+Y2pWFKpKE2TUuHcDTLcID0b4z/Opb +OumSWNesDsuu3ie6P0LKkixv0bB9h6jkWXZ2gfUzenvyoQbQBUoYPpZQVOxMHdNx +Ga+iz0bas4Mccnw6vXPmJp3GcAoxtwqAoawnhnNZlT1Oc0hCOj135xQeYIW91ofB +wYE0sFJZEgY4J29rCRsZBfb0wRFUZcSEYb9UUv71yTPYV+/nDv/BQwBTP8Q3vsAi +DnBXzcqDwNQSUkf6o3Nodm7jzGr/7xNJSADirsuhh8M +-> UZc4<6!M-grease +YmEF8D3iV5CIak0fuSLOrmbcGUGEhZPrq4iWd22WrJP7WcALYm2UgWE +--- BRtFsnY/DnVzZzrYqCFS68vzHSUJbtmjWhF+W9TToVE +S#:LZo0`р*SU)ogc;N"0X)lTNIzk=&=v \ No newline at end of file