forked from pub-solar/infra
wireguard: add basic keys
This commit is contained in:
parent
eacf60974c
commit
621e9336ed
|
@ -7,6 +7,7 @@
|
|||
./hardware-configuration.nix
|
||||
./configuration.nix
|
||||
./triton-vmtools.nix
|
||||
./wireguard.nix
|
||||
|
||||
./apps/caddy.nix
|
||||
|
||||
|
|
29
hosts/flora-6/wireguard.nix
Normal file
29
hosts/flora-6/wireguard.nix
Normal file
|
@ -0,0 +1,29 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
flake,
|
||||
... }:
|
||||
{
|
||||
networking.firewall.allowedUDPPorts = [ 51820 ];
|
||||
|
||||
age.secrets.wg-private-key.file = "${flake.self}/secrets/nachtigall-wg-private-key.age";
|
||||
|
||||
networking.wireguard.interfaces = {
|
||||
wg-ssh = {
|
||||
listenPort = 51820;
|
||||
mtu = 1300;
|
||||
ips = [
|
||||
"10.7.6.2/32"
|
||||
"fd00:fae:fae:fae:fae:2::/96"
|
||||
];
|
||||
privateKeyFile = config.age.secrets.wg-private-key.path;
|
||||
peers = flake.self.logins.admins.wireguardDevices ++ [
|
||||
{
|
||||
endpoint = "nachtigall.pub.solar:51820";
|
||||
publicKey = "qzNywKY9RvqTnDO8eLik75/SHveaSk9OObilDzv+xkk=";
|
||||
allowedIPs = [ "10.7.6.1/32" "fd00:fae:fae:fae:fae:1::/96" ];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -8,6 +8,7 @@
|
|||
./configuration.nix
|
||||
|
||||
./networking.nix
|
||||
./wireguard.nix
|
||||
./backups.nix
|
||||
./apps/nginx.nix
|
||||
|
||||
|
|
|
@ -25,28 +25,4 @@
|
|||
];
|
||||
networking.defaultGateway = "138.201.80.65";
|
||||
networking.defaultGateway6 = { address = "fe80::1"; interface = "enp35s0"; };
|
||||
|
||||
networking.firewall.allowedUDPPorts = [ 51899 ];
|
||||
|
||||
age.secrets.wg-private-key.file = "${flake.self}/secrets/nachtigall-wg-private-key.age";
|
||||
|
||||
networking.wireguard.interfaces = {
|
||||
wg-ssh = {
|
||||
listenPort = 51899;
|
||||
mtu = 1300;
|
||||
ips = [
|
||||
"10.7.6.1/32"
|
||||
"fd00:fae:fae:fae:fae:1::/96"
|
||||
];
|
||||
privateKeyFile = config.age.secrets.wg-private-key.path;
|
||||
peers = flake.self.logins.admins.wireguardDevices ++ [
|
||||
{ # flora6
|
||||
publicKey = "jtSR5G2P/nm9s8WrVc26Xc/SQLupRxyXE+5eIeqlsTU=";
|
||||
allowedIPs = [ ];
|
||||
persistentKeepalive = 30;
|
||||
dynamicEndpointRefreshSeconds = 30;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
29
hosts/nachtigall/wireguard.nix
Normal file
29
hosts/nachtigall/wireguard.nix
Normal file
|
@ -0,0 +1,29 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
flake,
|
||||
... }:
|
||||
{
|
||||
networking.firewall.allowedUDPPorts = [ 51820 ];
|
||||
|
||||
age.secrets.wg-private-key.file = "${flake.self}/secrets/nachtigall-wg-private-key.age";
|
||||
|
||||
networking.wireguard.interfaces = {
|
||||
wg-ssh = {
|
||||
listenPort = 51820;
|
||||
mtu = 1300;
|
||||
ips = [
|
||||
"10.7.6.1/32"
|
||||
"fd00:fae:fae:fae:fae:1::/96"
|
||||
];
|
||||
privateKeyFile = config.age.secrets.wg-private-key.path;
|
||||
peers = flake.self.logins.admins.wireguardDevices ++ [
|
||||
{
|
||||
endpoint = "flora6.pub.solar:51820";
|
||||
publicKey = "jtSR5G2P/nm9s8WrVc26Xc/SQLupRxyXE+5eIeqlsTU=";
|
||||
allowedIPs = [ "10.7.6.2/32" "fd00:fae:fae:fae:fae:2::/96" ];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -19,6 +19,10 @@
|
|||
} // sshPubKeys;
|
||||
|
||||
wireguardDevices = [
|
||||
{ # stroopwafel
|
||||
publicKey = "NNb7T8Jmn+V2dTZ8T6Fcq7hGomHGDckKoV3kK2oAhSE=";
|
||||
allowedIPs = [ "10.7.6.200/32" "fd00:fae:fae:fae:fae:200::/96" ];
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
|
|
42
secrets/flora6-wg-private-key.age
Normal file
42
secrets/flora6-wg-private-key.age
Normal file
|
@ -0,0 +1,42 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 Y0ZZaw FvsdIE/inJoLVSosWXATnFbAAVjVuf7jlEC3nSUF6Ug
|
||||
gX84OKgWdfkGBN+NFy11BxIb4WX1z9UkPA4u2Q1uV+g
|
||||
-> ssh-ed25519 uYcDNw z5Veza0uVwqCqGCGYzGmXPcyaV9HztEN39cWFbSG7yg
|
||||
UWZQcDP1vMsYoWwMQlr4YmzWYw2EKm/s5zJVHNf2M0U
|
||||
-> ssh-rsa f5THog
|
||||
v1kqiU+cx65mvTNeuAhK65eBEk1vmkABRYgcmFIrdr4eY3pru+FaQTfMhTI9HjcO
|
||||
OTU0YPxxSadbUCaN6Z3QnTv5qowwOQlEsWK+RMsOZgnyRQHa2SIrhfHz7v+n8BTF
|
||||
8BYB4UBJpD3aLqM7VED6dYls178HUbiq34ohrG2vY5PHE72xTU60amv9NcJhSJPR
|
||||
twZPiSp3I14MlJU4bboS1YBaEmgxvbXru0DwuoQLw3OUrH7xOggVoSJxm8lVyjR2
|
||||
oFYS5wdnrhAIEsJ0lTsO5fvq9Dmie7qoL60rbBbue9lPk1nD1NlUe3akd4IIo36R
|
||||
kDbthUYluVSJON3o/wenSvJDOw3N3t8bu2+/XfWAd2NL9SPBijMQJtqjK8EAtmz9
|
||||
OjBMjJGQzVdBxRP9U3CWYIwaqYQfWhXXY4AXTwIMsfmeV8ZHZsId3Y156p0NaKg6
|
||||
NGb7eX/AWmcdNTp8ZCqlb4QexICrVd7XDkNbPHkYPUOdUhaMyS+T7YU8Qs3YWroP
|
||||
Bw63QMWbvo1l4HO/3HeIKlzIXTjLEi6PjTiWb7vM4GuoCwjdDg5djMEj4nsvDyea
|
||||
B9EBTEcoP2oj47wgsX0nfV5bKAQ4y8AN4ZNWb00vjN9ybBbLK3q//1DrEWmddieF
|
||||
t6FyZXvZH0Gf6y5OO56yRp/vmxvKFcvxqUA3P8bPAnw
|
||||
-> ssh-rsa kFDS0A
|
||||
c+0wRUbjzdJiBhdKAVlE8yxt1O3t4oQ438F5HjMPohEXSFLiNFi4Y0JQsw6qn3GP
|
||||
hySsyIoj9G+cI9FDPjTFPmE7O1SHrd2LqBZGukyswDXX8CpwmZ7vfqfK2lCgKfos
|
||||
SSPiGaYk+HlQF2QfX/xdgQ2PbFXHnDy8LZ9AfZP04PrnK9wqdiEXwmkWZ/Lu1P+V
|
||||
Wb/28BYxcfkseAprFr/KSJLoNuD9UphRhQwRklmjADnf0lep3vHccxz1Oo5flu5M
|
||||
AD47r+0bLGM+w3epCF1GyR4L2lEBaD8pkVOt3/zIdjn8nFZVNJwjshToazvnVEd3
|
||||
Vd9Uas58AyxcT7Dk/QaVO7c5KJDdfSuxnT1zElkM2ZQM4lEueTJYDBJGyfubb30y
|
||||
Z7re/MsLOh0jNJbb0r1KOkzwpcdm9iyvi26eaGsX7Q1Gb2pzOYFxD1vSUUC6A6Hp
|
||||
W5X6fKsiBPreYLf5MV6p9r2YJPdX4SJiq4XztQi1PL+ndq1h8wskxk3Pyvk9fhle
|
||||
iC5owZ8/FikfC/1oEa2KayeLyYB001BUuktevzfH2GmbqLkR9wBGw5vUJzOO4vOW
|
||||
o8SVCSUxSrG8S+HQksOSXFWywkdBDhqc8eyRUtb+6iqqMA2Q4GDqktSCB1KeBYD6
|
||||
OalH6bo4H1ddV8LPMOKcFtjmTPuum43C7bNge2rxhgg
|
||||
-> piv-p256 vRzPNw A/utfOjPG1zs1Lf2FOWDHhJIJW1PIHmKFqFvBZZycHPn
|
||||
EfGFh9R0PDgskQg00z6thQ1YozT5ZiBhzNN9iTXWDe4
|
||||
-> piv-p256 zqq/iw A0RjdOkfYmTlYCwM3aFLdXfBimXMGzVh21A5QxZ217xW
|
||||
7J9cRYpr1uhQPE0VjvLAwyS7jNSK0+qjA9xUMeRwYos
|
||||
-> ssh-ed25519 YFSOsg w8ljrS1oRdB9RT8Odi5UOPjEtFL3WBlQUAH9Y7gp3WM
|
||||
xcrbEm66K6mNrJ9+877YEgWUdxW85YyS1z8CGMyYxeE
|
||||
-> ssh-ed25519 iHV63A O0bMGpauAYAuiAtbITj+lQOS0LuFl/BDVxIUTly8tQM
|
||||
0Kiu4sNN0joX5D4eB42oQ/iRSntsJI5JNKOmkQeyLGE
|
||||
-> ssh-ed25519 BVsyTA k/0Rtr9qbFH7V6DyCRtyqdAHU1b7D7DNGV8pPPJmrnk
|
||||
dJ29gcfSxaVQ46XbW021PxPotZ8ZG2zjostJme9GUZQ
|
||||
--- 1V0sJP5JIa9GZ0F0hf1GAFX3LNkPSNsxNhqM9cH7Rgc
|
||||
|¿‘#ø©mÌæR„Ö5wäÎQòÅÐf1Ü
ÑÁZ·MUüèOÃfãÜ:GÓ^<5E>ì•!<21>
|
||||
gÐG29wíƒÙ_B‘ìdêÿ
|
41
secrets/nachtigall-wg-private-key.age
Normal file
41
secrets/nachtigall-wg-private-key.age
Normal file
|
@ -0,0 +1,41 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 iDKjwg 1m2Nkhw2R1InZFZrOkzQCoQy4s/kduXyM44yWifllXc
|
||||
cxz6EWfaIJUjEkXEExFGKPrrl4iXnchkFfMiCpDgnZ8
|
||||
-> ssh-ed25519 uYcDNw nVtsI77gUtZKmvu6o/jkvh/Ab8KDgRuL7V6MDuFtBnk
|
||||
P7xVJA1a1ioe2tROajY1uvS1kLGrJW+YrXVf2Z2K2a4
|
||||
-> ssh-rsa f5THog
|
||||
rr17rPe7lJ2Zc0nsHhEch7mG7D27lnaMbAJ2Zsn4oHDXFn4cnSw4L/Zf+aZVIpNY
|
||||
ew2u24yBE5ButBh8t0wm2Di2SBir4cAQob7160Py5ZpqOHBGxACgxhfZm7f/FzLZ
|
||||
Ue0CUKebJI8KAqkjyayLLzESMECT5buhoJ4+K8U/B6O8NgGPrjS1Xjx1zCAs8tsG
|
||||
kQz2KsBFnIEH20qmj2ezmijJdkUJbyX2389jCIzZ95wOG0RcUH1+s0aMcuvvLptS
|
||||
05nSlmOlnwv7M8Jkwg+BC6l6xpoG3zpQDReEBTT3DYMRL3sNPV9eIHcPrWIXlANk
|
||||
7vqLPxNlu/gHhQSijcPICH0YiDZ3MIJdXtqVHxCFWmXlPAzfkSMwg2k3WT8fMSJ9
|
||||
ajEM0i6AIjaNAeY6cY87kGmfSjwRTSEbDSkC0B5VV1h2CZJDot7+9eZQ1HcwnP3j
|
||||
iLTijtB+dMAzpnQ8kA9bGnuOurTB3Jy+JxwejO21J1/rxBA+P0nATufnk5olhTKS
|
||||
vqkor0rxkV379SMpHLpbg4IbwdIjp+77GDJkofcAxZI8tmU2IF19dC1UsDfz15N/
|
||||
b984i7PpJ115U2oSbwBZ8WThx1i8I47/mabTU32IXvhfdsp9QmBoBIqUqdgHsU43
|
||||
LSBHRHiMy+3BfNA0M52oWEThtScOeqzwo3oSBCTM3xI
|
||||
-> ssh-rsa kFDS0A
|
||||
fgw9rO7pT7MLo1nNvZ05Ry+Gyjb27Trc5kZ7KYYya1BpCKjLnYwOaaoLtoHkGnuz
|
||||
bPJ4ouyMsWUiPpT/SZ5/uNHlSDS9dNF0RTzCAqSi31CwY5KFTfStzsOKeUvxCcGp
|
||||
Z9uyOEr1sOl1+gORWphrHmllSrXFAHHgOorLrtACkrQMxn678Wko13CFvDhtkl+l
|
||||
sqi+l+B5ffeJsaHmCLmrROGzWrCnT/1zwJV5KMF0HjBSOi+Fl+HxA9s6UCEHxTy/
|
||||
H8GvOooDGczgjg06yI2Puzo+DvhE/XOeFOoM/cLdGPnq/R8Mo4r4BDeBnQqbbBCI
|
||||
4LV0Ybz0jVpAHHCu5kAxIzc68d1mwmxYPW4pxMVDGaZKGoBnA9jkHA0DD0TKe62D
|
||||
ZBWtKAZb3gD4yDZfcbZABuXFszmFzKRmoE8YLmZDw0GwLu/It+ZtL9cxUZ+YmknP
|
||||
ZhBcy1NTlPhXlJdZBWImK8KKluf03BjBIAFm+ZGT1FiCnZft5SZFDf7PGq+PvRwT
|
||||
wk6UMeBiVbJvpVtjthHbur5FxXG+ly9wa9Y5bP3K2VnJkVcVt6NhkJ6Hg+g2FIZ4
|
||||
gzq+5azkX+7nSNr0dSR1Phk4j+6aahRc2Gb7SiMqo6nwKuWBL6SQRDuKwP1PaPvm
|
||||
aGfsduWhKZQM5ZeXBYkdgQqLgx4oAgbI2SujRaJlykE
|
||||
-> piv-p256 vRzPNw A77uRo1hsdtaU8Fze62NI3AocU7srSmd5A7y1PbUVEyQ
|
||||
LgD5sj6ZGGYiDausGO5lxERV71MFkZltzP3W4JIK59M
|
||||
-> piv-p256 zqq/iw A7rWVvgXoLOrF3w8wyR27/fGAPxeknuBMVF1yeNceSkN
|
||||
qAe7DwmCiFz72fy0Ica3SWZYNyvlsE1M/Odma5FKlyI
|
||||
-> ssh-ed25519 YFSOsg Hld4L4nxmssu+4vwIEE4Q13Xapfn38R42+MdT3c5Jyg
|
||||
gW3YzRgpc8SKyTp6o4BqmqFurr+lak+hKvYLFGdm2s8
|
||||
-> ssh-ed25519 iHV63A ODXmcURhm3oMgB5t4kigz1LoXMl0IqG7zUUog0FXRDw
|
||||
pa37B1B4FFTrh4UHDh2O4VBSQyxlaozHDNR8PCQ+gis
|
||||
-> ssh-ed25519 BVsyTA 1dkpnnRlhnqueC91EW7xn/q4MUUvleN23KyiTJM1ZlI
|
||||
QvpM4QaFx4ey3EZ8TNnbJjdeIgR5Nfbugw3X2Xv27wY
|
||||
--- dHSohj4s4bp6X8I2em011HuWwNNIDis6h4e/44CnTIU
|
||||
€Ð·^Pvî
^4YYpµä'äå}Xób½q5°½âW¦ ˜nv‹îß°B=í÷³¿ƒÐ÷*Å%Ñþ‹<C3BE>Ù¡nãÕi˜ÖÔT²]
|
Loading…
Reference in a new issue