materusPC: add wireguard config to networkmanager
This commit is contained in:
parent
f19a1bd613
commit
d6a451b6c5
|
@ -1,4 +1,4 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{ config, pkgs, lib, materusArg, ... }:
|
||||
{
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
networking.hostName = "materusPC";
|
||||
|
@ -13,6 +13,37 @@
|
|||
[connectivity]
|
||||
uri=http://nmcheck.gnome.org/check_network_status.txt
|
||||
'';
|
||||
|
||||
|
||||
sops.templates."networkmanager.env".content = ''
|
||||
WIREGUARD_PRIVATEKEY="${config.sops.placeholder.wireguard}"
|
||||
'';
|
||||
networking.networkmanager.ensureProfiles.environmentFiles = [
|
||||
config.sops.templates."networkmanager.env".path
|
||||
];
|
||||
networking.networkmanager.ensureProfiles.profiles = {
|
||||
wg0 = {
|
||||
connection = {
|
||||
id = "wg0";
|
||||
type = "wireguard";
|
||||
interface-name = "wg0";
|
||||
};
|
||||
wireguard = {
|
||||
private-key = "$WIREGUARD_PRIVATEKEY";
|
||||
};
|
||||
"wireguard-peer.${materusArg.wireguard.pubKeys.valkyrie}" = {
|
||||
endpoint = "${materusArg.ips.valkyrie}:${materusArg.wireguard.port}";
|
||||
allowed-ips = "${materusArg.ip-masks.wireguard.general};";
|
||||
};
|
||||
ipv4 = {
|
||||
address1 = "${materusArg.ips.wireguard.materusPC}/23";
|
||||
dns = "${materusArg.ips.wireguard.valkyrie};";
|
||||
method = "manual";
|
||||
never-default = "true";
|
||||
};
|
||||
ipv6 = {
|
||||
addr-gen-mode = "stable-privacy";
|
||||
method = "disabled";
|
||||
};
|
||||
proxy = { };
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -10,6 +10,7 @@
|
|||
sops.gnupg.sshKeyPaths = [ ];
|
||||
sops.defaultSopsFile = materusCfg.hostPath + "/secrets/secrets.yaml";
|
||||
sops.secrets."users/materus" = { };
|
||||
sops.secrets.wireguard = { };
|
||||
|
||||
services.openssh.hostKeys = [
|
||||
{
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
users:
|
||||
materus: ENC[AES256_GCM,data:okqSgMvdFq1BMAg+Gs725zaNbeAQIpJKSPB2Sa83i3EYimphZNBtrJLen+gQEGNq4yeTyAc9Ih/hcnr+3z+Tea/g9ffh/UC4YA==,iv:OhKoWLREAqCbtmS3Rw9nE9+PtcBLwEHimJXcj4oejRA=,tag:Ht/SQSwumnQR6E45Pl47AQ==,type:str]
|
||||
root: ENC[AES256_GCM,data:vnPjK+xayk/Zk895rERYAeCzpjv5NJ7EAyK4MRDUzDbW++4Dy+UEI81v1v7w9dfpDeL+x5kOqUFO5zVVDUGfZ3yf/l8M8N8KcA==,iv:gGFGcy3K27nQxn0+7I/t0kg3nZyXeGWqysOl2auZJXo=,tag:N+LYhKpPCbI1EjEBwxuh1g==,type:str]
|
||||
wireguard: ENC[AES256_GCM,data:rBkftzBcdamhP0xZB3qxfLptL8bX1qc7SdcfPNpYV67TeQs6i79+5KB/da4=,iv:22J5SZbFtYco7iSHvD2GD1bcazfGWlyEJ2isa3Ab4bI=,tag:BeUn9Srl2vyoDgK5Xv0UCg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -16,8 +17,8 @@ sops:
|
|||
dWVzbzUyakxXUGpTQjNsYzcyVG1aRDgKXVa8tIAbmggw1vSt3NJYRLgXhbagpNrX
|
||||
RNXyndPaeQXVPVXuJWmHgRCYbwPTcfAFpGwFlX2IxVLlmC914Zklhw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-03-03T01:46:25Z"
|
||||
mac: ENC[AES256_GCM,data:6YlLYKUzG2rorS22B6s4P6wJHCU1BWfEazXoEfEITB/qe3Ek3ITafX+RZI7pYLMiatIt9GHPb3YzDt6tOb91EakodC9pBTmW1E6NRzCZDr96nBQ+oIEmGBOOBwq/ysAeJRga0Sz5Xfx6rjRVCTARSLOmbouW5EF/bCKFVowgPYU=,iv:iZkBEIXreVic57ishmziIDNw6H6cNqA32ZxjTa8mjzA=,tag:ws3bj3T4xEGlq7YoB4RH1A==,type:str]
|
||||
lastmodified: "2024-04-19T15:58:46Z"
|
||||
mac: ENC[AES256_GCM,data:BLa0G3ci8EWH43UkLI2OoFJp2F9YeuKDrg6+2I/bq/lLi/YUitkJvBkA9VSIbvCyYWs/5SlEL5MayX8iiVdJ7r9bCiw+LVsWNAdaYDCafbZRW5F7KiHS5WXV3v4c201kFok7rmnRhEfKfdDxLlQ/mFHqOhupHU/qCNMTuUzJBiA=,iv:EPRoXHVMB6I16lTFJdFVAuSnMD/B55fPYtSBOQddutE=,tag:gohg+BdRlMPAQmNpRdk8sg==,type:str]
|
||||
pgp:
|
||||
- created_at: "2024-03-02T22:10:50Z"
|
||||
enc: |-
|
||||
|
|
Binary file not shown.
Loading…
Reference in New Issue