diff --git a/configurations/host/materusPC/network.nix b/configurations/host/materusPC/network.nix index 35eb6f5..10a0a56 100644 --- a/configurations/host/materusPC/network.nix +++ b/configurations/host/materusPC/network.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ config, pkgs, lib, materusArg, ... }: { networking.useDHCP = lib.mkDefault true; networking.hostName = "materusPC"; @@ -13,6 +13,37 @@ [connectivity] uri=http://nmcheck.gnome.org/check_network_status.txt ''; - - + sops.templates."networkmanager.env".content = '' + WIREGUARD_PRIVATEKEY="${config.sops.placeholder.wireguard}" + ''; + networking.networkmanager.ensureProfiles.environmentFiles = [ + config.sops.templates."networkmanager.env".path + ]; + networking.networkmanager.ensureProfiles.profiles = { + wg0 = { + connection = { + id = "wg0"; + type = "wireguard"; + interface-name = "wg0"; + }; + wireguard = { + private-key = "$WIREGUARD_PRIVATEKEY"; + }; + "wireguard-peer.${materusArg.wireguard.pubKeys.valkyrie}" = { + endpoint = "${materusArg.ips.valkyrie}:${materusArg.wireguard.port}"; + allowed-ips = "${materusArg.ip-masks.wireguard.general};"; + }; + ipv4 = { + address1 = "${materusArg.ips.wireguard.materusPC}/23"; + dns = "${materusArg.ips.wireguard.valkyrie};"; + method = "manual"; + never-default = "true"; + }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "disabled"; + }; + proxy = { }; + }; + }; } diff --git a/configurations/host/materusPC/secrets/default.nix b/configurations/host/materusPC/secrets/default.nix index 72df330..0f5657e 100644 --- a/configurations/host/materusPC/secrets/default.nix +++ b/configurations/host/materusPC/secrets/default.nix @@ -10,6 +10,7 @@ sops.gnupg.sshKeyPaths = [ ]; sops.defaultSopsFile = materusCfg.hostPath + "/secrets/secrets.yaml"; sops.secrets."users/materus" = { }; + sops.secrets.wireguard = { }; services.openssh.hostKeys = [ { diff --git a/configurations/host/materusPC/secrets/secrets.yaml b/configurations/host/materusPC/secrets/secrets.yaml index 7d32540..3840ce5 100644 --- a/configurations/host/materusPC/secrets/secrets.yaml +++ b/configurations/host/materusPC/secrets/secrets.yaml @@ -1,6 +1,7 @@ users: materus: ENC[AES256_GCM,data:okqSgMvdFq1BMAg+Gs725zaNbeAQIpJKSPB2Sa83i3EYimphZNBtrJLen+gQEGNq4yeTyAc9Ih/hcnr+3z+Tea/g9ffh/UC4YA==,iv:OhKoWLREAqCbtmS3Rw9nE9+PtcBLwEHimJXcj4oejRA=,tag:Ht/SQSwumnQR6E45Pl47AQ==,type:str] root: ENC[AES256_GCM,data:vnPjK+xayk/Zk895rERYAeCzpjv5NJ7EAyK4MRDUzDbW++4Dy+UEI81v1v7w9dfpDeL+x5kOqUFO5zVVDUGfZ3yf/l8M8N8KcA==,iv:gGFGcy3K27nQxn0+7I/t0kg3nZyXeGWqysOl2auZJXo=,tag:N+LYhKpPCbI1EjEBwxuh1g==,type:str] +wireguard: ENC[AES256_GCM,data:rBkftzBcdamhP0xZB3qxfLptL8bX1qc7SdcfPNpYV67TeQs6i79+5KB/da4=,iv:22J5SZbFtYco7iSHvD2GD1bcazfGWlyEJ2isa3Ab4bI=,tag:BeUn9Srl2vyoDgK5Xv0UCg==,type:str] sops: kms: [] gcp_kms: [] @@ -16,8 +17,8 @@ sops: dWVzbzUyakxXUGpTQjNsYzcyVG1aRDgKXVa8tIAbmggw1vSt3NJYRLgXhbagpNrX RNXyndPaeQXVPVXuJWmHgRCYbwPTcfAFpGwFlX2IxVLlmC914Zklhw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-03T01:46:25Z" - mac: ENC[AES256_GCM,data:6YlLYKUzG2rorS22B6s4P6wJHCU1BWfEazXoEfEITB/qe3Ek3ITafX+RZI7pYLMiatIt9GHPb3YzDt6tOb91EakodC9pBTmW1E6NRzCZDr96nBQ+oIEmGBOOBwq/ysAeJRga0Sz5Xfx6rjRVCTARSLOmbouW5EF/bCKFVowgPYU=,iv:iZkBEIXreVic57ishmziIDNw6H6cNqA32ZxjTa8mjzA=,tag:ws3bj3T4xEGlq7YoB4RH1A==,type:str] + lastmodified: "2024-04-19T15:58:46Z" + mac: ENC[AES256_GCM,data:BLa0G3ci8EWH43UkLI2OoFJp2F9YeuKDrg6+2I/bq/lLi/YUitkJvBkA9VSIbvCyYWs/5SlEL5MayX8iiVdJ7r9bCiw+LVsWNAdaYDCafbZRW5F7KiHS5WXV3v4c201kFok7rmnRhEfKfdDxLlQ/mFHqOhupHU/qCNMTuUzJBiA=,iv:EPRoXHVMB6I16lTFJdFVAuSnMD/B55fPYtSBOQddutE=,tag:gohg+BdRlMPAQmNpRdk8sg==,type:str] pgp: - created_at: "2024-03-02T22:10:50Z" enc: |- diff --git a/configurations/profile/common/private/default.nix b/configurations/profile/common/private/default.nix index 405e240..3805ae6 100644 Binary files a/configurations/profile/common/private/default.nix and b/configurations/profile/common/private/default.nix differ