materusPC: add wireguard config to networkmanager

2024-04-19 18:28:40 +02:00 · 2024-04-19 18:28:40 +02:00 · d6a451b6c5
parent f19a1bd613
commit d6a451b6c5
4 changed files with 38 additions and 5 deletions
--- a/configurations/host/materusPC/network.nix
+++ b/configurations/host/materusPC/network.nix
@ -1,4 +1,4 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, lib, materusArg, ... }:
 {
  networking.useDHCP = lib.mkDefault true;
  networking.hostName = "materusPC";
@ -13,6 +13,37 @@
    [connectivity]
    uri=http://nmcheck.gnome.org/check_network_status.txt
  '';
-
+  sops.templates."networkmanager.env".content = ''
-
+          WIREGUARD_PRIVATEKEY="${config.sops.placeholder.wireguard}"
  '';
  networking.networkmanager.ensureProfiles.environmentFiles = [
    config.sops.templates."networkmanager.env".path
  ];
  networking.networkmanager.ensureProfiles.profiles = {
    wg0 = {
      connection = {
        id = "wg0";
        type = "wireguard";
        interface-name = "wg0";
      };
      wireguard = {
        private-key = "$WIREGUARD_PRIVATEKEY";
      };
      "wireguard-peer.${materusArg.wireguard.pubKeys.valkyrie}" = {
        endpoint = "${materusArg.ips.valkyrie}:${materusArg.wireguard.port}";
        allowed-ips = "${materusArg.ip-masks.wireguard.general};";
      };
      ipv4 = {
        address1 = "${materusArg.ips.wireguard.materusPC}/23"; 
        dns = "${materusArg.ips.wireguard.valkyrie};";
        method = "manual";
        never-default = "true";
      };
      ipv6 = {
        addr-gen-mode = "stable-privacy";
        method = "disabled";
      };
      proxy = { };
    };
  };
 }
--- a/configurations/host/materusPC/secrets/default.nix
+++ b/configurations/host/materusPC/secrets/default.nix
@ -10,6 +10,7 @@
  sops.gnupg.sshKeyPaths = [ ];
  sops.defaultSopsFile = materusCfg.hostPath + "/secrets/secrets.yaml";
  sops.secrets."users/materus" = { };
  sops.secrets.wireguard = { };
  services.openssh.hostKeys = [
    {
--- a/configurations/host/materusPC/secrets/secrets.yaml
+++ b/configurations/host/materusPC/secrets/secrets.yaml
@ -1,6 +1,7 @@
 users:
    materus: ENC[AES256_GCM,data:okqSgMvdFq1BMAg+Gs725zaNbeAQIpJKSPB2Sa83i3EYimphZNBtrJLen+gQEGNq4yeTyAc9Ih/hcnr+3z+Tea/g9ffh/UC4YA==,iv:OhKoWLREAqCbtmS3Rw9nE9+PtcBLwEHimJXcj4oejRA=,tag:Ht/SQSwumnQR6E45Pl47AQ==,type:str]
    root: ENC[AES256_GCM,data:vnPjK+xayk/Zk895rERYAeCzpjv5NJ7EAyK4MRDUzDbW++4Dy+UEI81v1v7w9dfpDeL+x5kOqUFO5zVVDUGfZ3yf/l8M8N8KcA==,iv:gGFGcy3K27nQxn0+7I/t0kg3nZyXeGWqysOl2auZJXo=,tag:N+LYhKpPCbI1EjEBwxuh1g==,type:str]
 wireguard: ENC[AES256_GCM,data:rBkftzBcdamhP0xZB3qxfLptL8bX1qc7SdcfPNpYV67TeQs6i79+5KB/da4=,iv:22J5SZbFtYco7iSHvD2GD1bcazfGWlyEJ2isa3Ab4bI=,tag:BeUn9Srl2vyoDgK5Xv0UCg==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -16,8 +17,8 @@ sops:
            dWVzbzUyakxXUGpTQjNsYzcyVG1aRDgKXVa8tIAbmggw1vSt3NJYRLgXhbagpNrX
            RNXyndPaeQXVPVXuJWmHgRCYbwPTcfAFpGwFlX2IxVLlmC914Zklhw==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-03-03T01:46:25Z"
+    lastmodified: "2024-04-19T15:58:46Z"
-    mac: ENC[AES256_GCM,data:6YlLYKUzG2rorS22B6s4P6wJHCU1BWfEazXoEfEITB/qe3Ek3ITafX+RZI7pYLMiatIt9GHPb3YzDt6tOb91EakodC9pBTmW1E6NRzCZDr96nBQ+oIEmGBOOBwq/ysAeJRga0Sz5Xfx6rjRVCTARSLOmbouW5EF/bCKFVowgPYU=,iv:iZkBEIXreVic57ishmziIDNw6H6cNqA32ZxjTa8mjzA=,tag:ws3bj3T4xEGlq7YoB4RH1A==,type:str]
+    mac: ENC[AES256_GCM,data:BLa0G3ci8EWH43UkLI2OoFJp2F9YeuKDrg6+2I/bq/lLi/YUitkJvBkA9VSIbvCyYWs/5SlEL5MayX8iiVdJ7r9bCiw+LVsWNAdaYDCafbZRW5F7KiHS5WXV3v4c201kFok7rmnRhEfKfdDxLlQ/mFHqOhupHU/qCNMTuUzJBiA=,iv:EPRoXHVMB6I16lTFJdFVAuSnMD/B55fPYtSBOQddutE=,tag:gohg+BdRlMPAQmNpRdk8sg==,type:str]
    pgp:
        - created_at: "2024-03-02T22:10:50Z"
          enc: |-
--- a/configurations/profile/common/private/default.nix
+++ b/configurations/profile/common/private/default.nix