Add wireguard configuration for Horus
This commit is contained in:
parent
6fac18a40a
commit
3058e51478
2 changed files with 35 additions and 3 deletions
|
@ -1,5 +1,5 @@
|
||||||
{ nixos-hardware, ... }:
|
{ nixos-hardware, ... }:
|
||||||
{ pkgs, ... }:
|
{ pkgs, config, ... }:
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
nixos-hardware.nixosModules.common-cpu-amd
|
nixos-hardware.nixosModules.common-cpu-amd
|
||||||
|
@ -123,6 +123,9 @@
|
||||||
4101
|
4101
|
||||||
4102
|
4102
|
||||||
20048
|
20048
|
||||||
|
|
||||||
|
# WireGuard
|
||||||
|
51820
|
||||||
];
|
];
|
||||||
|
|
||||||
allowedTCPPortRanges = [
|
allowedTCPPortRanges = [
|
||||||
|
@ -136,6 +139,33 @@
|
||||||
];
|
];
|
||||||
# };
|
# };
|
||||||
};
|
};
|
||||||
|
|
||||||
|
wireguard.interfaces = {
|
||||||
|
wghorus = {
|
||||||
|
ips = [ "10.10.4.2/24" ];
|
||||||
|
listenPort = 51820;
|
||||||
|
|
||||||
|
privateKeyFile = config.sops.secrets.wireguard-horus-privkey.path;
|
||||||
|
|
||||||
|
postSetup = ''
|
||||||
|
${pkgs.systemd}/bin/resolvectl dns wghorus 192.168.4.1
|
||||||
|
${pkgs.systemd}/bin/resolvectl domain wghorus bedum.horus.nu internal.horus.nu
|
||||||
|
'';
|
||||||
|
postShutdown = ''
|
||||||
|
${pkgs.systemd}/bin/resolvectl dns wghorus ""
|
||||||
|
${pkgs.systemd}/bin/resolvectl domain wghorus ""
|
||||||
|
'';
|
||||||
|
|
||||||
|
peers = [
|
||||||
|
{
|
||||||
|
publicKey = "6faxlUG8+F7uVrKk/OJqqy5k2+OzrhXc/cV6Zsfbl0c=";
|
||||||
|
allowedIPs = [ "192.168.4.0/23" "192.168.6.0/24" "192.168.7.0/24" "192.168.8.0/24" ];
|
||||||
|
endpoint = "212.45.34.195:51820";
|
||||||
|
persistentKeepalive = 25;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.network = {
|
systemd.network = {
|
||||||
|
@ -196,6 +226,7 @@
|
||||||
livebook-password = {
|
livebook-password = {
|
||||||
owner = "erwin";
|
owner = "erwin";
|
||||||
};
|
};
|
||||||
|
wireguard-horus-privkey = { };
|
||||||
};
|
};
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
|
|
|
@ -3,6 +3,7 @@ gh_token: ENC[AES256_GCM,data:7DBVEdZLReJQsyUoO9fITtHhE0UFcHr7XWod5XiaQ5iiwcI01t
|
||||||
livebook_cookie: ENC[AES256_GCM,data:ZB7u8BWNn7x2O00YTALYTwNi/obq8nH3mI01Bd8UxPg=,iv:JVpPJaB6O7oRjYqYuEueT812U0Bn8mUCOLDwpAU5yTs=,tag:GIkodjTt9mRLQZ0UAtJszg==,type:str]
|
livebook_cookie: ENC[AES256_GCM,data:ZB7u8BWNn7x2O00YTALYTwNi/obq8nH3mI01Bd8UxPg=,iv:JVpPJaB6O7oRjYqYuEueT812U0Bn8mUCOLDwpAU5yTs=,tag:GIkodjTt9mRLQZ0UAtJszg==,type:str]
|
||||||
livebook-password: ENC[AES256_GCM,data:FaMIr0GxLTvAzrYt7blGbJuGDbr+lDiIMnvY2c/r,iv:SKKKYYRYLGtRGgaHs7zAnH8n0HZiGaoAlLAptUPaa/c=,tag:vgBGhmXH/QpTbKjbrQEhKw==,type:str]
|
livebook-password: ENC[AES256_GCM,data:FaMIr0GxLTvAzrYt7blGbJuGDbr+lDiIMnvY2c/r,iv:SKKKYYRYLGtRGgaHs7zAnH8n0HZiGaoAlLAptUPaa/c=,tag:vgBGhmXH/QpTbKjbrQEhKw==,type:str]
|
||||||
renovate_env: ENC[AES256_GCM,data:mzeS0FXsycD4hWMzRMgeEgTY+x2QtYtxmhcFCJcjwlD/q577kprHaU8otr1sOu9mwNud7K8kJGk=,iv:MMhr6CPsyvmP7+dKJUwt9cjnATm9JKZ/KbG4Dkj7hJ0=,tag:ubLmcW/CtT/uPiyswvr93w==,type:str]
|
renovate_env: ENC[AES256_GCM,data:mzeS0FXsycD4hWMzRMgeEgTY+x2QtYtxmhcFCJcjwlD/q577kprHaU8otr1sOu9mwNud7K8kJGk=,iv:MMhr6CPsyvmP7+dKJUwt9cjnATm9JKZ/KbG4Dkj7hJ0=,tag:ubLmcW/CtT/uPiyswvr93w==,type:str]
|
||||||
|
wireguard-horus-privkey: ENC[AES256_GCM,data:JVhdbvNqfdPWFCg24F56Hmu1Tf/EA6BOqa1uPuu8C/FrJhNaGi4S+KYOook=,iv:z8cq4C5vu/QqJ3UZdL1zEH22Ht3rKSbdHgAQbRSk8Kk=,tag:AVBvV8wJqw5jgDRiES89eQ==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -27,8 +28,8 @@ sops:
|
||||||
T2d0VmRoQ1J1d05weFF6ZnZteVd6SWMKRcASrez/JICMurAuQJaW3GIS7lXPUOoj
|
T2d0VmRoQ1J1d05weFF6ZnZteVd6SWMKRcASrez/JICMurAuQJaW3GIS7lXPUOoj
|
||||||
KLYA7ComIU00hewiugZGSrcvmnJ5fuEMERx9yk+6NrxsBGoExaddag==
|
KLYA7ComIU00hewiugZGSrcvmnJ5fuEMERx9yk+6NrxsBGoExaddag==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2022-12-08T22:54:16Z"
|
lastmodified: "2022-12-20T13:49:30Z"
|
||||||
mac: ENC[AES256_GCM,data:jnNNYQmv1iAoybGSQ/0BohA3AVNuptSDPWwyCSSOY9UKtIHDORhP6Qs9fUCsyuOnGjwZvvvxQRdhw8aB0WW17R+Ekv0d/15ErCLdjJfV81rSd3KmgyDOSdtTK1CoXRRyeM9LvVPb+hBKH7AvDTtpg74EJGnppWWE3br61nwdrrM=,iv:ok3m49f6ZvGh2khX34hXsliSnWoeR0CtfWyCW6+pQlA=,tag:a07WUaaJK6mgsROilBIXLA==,type:str]
|
mac: ENC[AES256_GCM,data:rg46RoKf6RnOblrpkbdHVKFCm+gapgEhQxvfPU6XavHtTgrXLbdBaIqckrrAtkLf9MIHoOYipoIA2GmJ4ST9OMhE9q11fqNufXGn9Iae/6QgAqSLHNrPEoBvMExB6T8lLBt7OhuHcMcIZRQzqUOfQWw0BHO0vLDAWHUN7zxPY64=,iv:Zf2/PCEqgXrPhQY/jaJy6SE3gyc7i8dG2KViyWe4SiM=,tag:f+pibCxjdhrOVkPhPiFxow==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.7.3
|
version: 3.7.3
|
||||||
|
|
Loading…
Reference in a new issue