Compare commits

...

2 commits

Author SHA1 Message Date
ae502375b3
Set up additional WireGuard tunnel 2024-12-09 10:54:24 +01:00
de5aaadc6e
Update: flake.lock
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/65912bc6841cf420eb8c0a20e03df7cbbff5963f?narHash=sha256-KZMu4ddMll5khS0rYkJsVD0hVqjMNHlhTM3PCQar0Ag%3D' (2024-12-05)
  → 'github:nix-community/home-manager/d00c6f6d0ad16d598bf7e2956f52c1d9d5de3c3a?narHash=sha256-i5ay20XsvpW91N4URET/nOc0VQWOAd4c4vbqYtcH8Rc%3D' (2024-12-06)
• Updated input 'microvm':
    'github:astro/microvm.nix/5f0ab7953380a565c4e02083669bc529036970c7?narHash=sha256-k1g5MbTrURnYeb2XPwz3uLLKZJon7khTig2KvGv5pgs%3D' (2024-12-05)
  → 'github:astro/microvm.nix/c9fe9b953fd19ff5e3eb8bdc0ec3a040eead87a4?narHash=sha256-rpCgbvch1VaZBlySMHHDDjRd8n7EyUB25naBhD64za8%3D' (2024-12-07)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/2297628136baca35c0a49df29f2407034708b5eb?narHash=sha256-Mk7mV9N6En3%2BQZ%2B/9y29EZRzoJ%2BZoNU%2Bt8jPGzM%2Bdrc%3D' (2024-12-06)
  → 'github:NixOS/nixos-hardware/e563803af3526852b6b1d77107a81908c66a9fcf?narHash=sha256-IS3bxa4N1VMSh3/P6vhEAHQZecQ3oAlKCDvzCQSO5Is%3D' (2024-12-06)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/d0797a04b81caeae77bcff10a9dde78bc17f5661?narHash=sha256-kEsTJTUQfQFIJOcLYFt/RvNxIK653ZkTBIs4DG%2BcBns%3D' (2024-12-05)
  → 'github:nixos/nixpkgs/22c3f2cf41a0e70184334a958e6b124fb0ce3e01?narHash=sha256-Qn3nPMSopRQJgmvHzVqPcE3I03zJyl8cSbgnnltfFDY%3D' (2024-12-07)
• Updated input 'pre-commit-hooks':
    'github:cachix/git-hooks.nix/6f4e2a2112050951a314d2733a994fbab94864c6?narHash=sha256-SVQVsbafSM1dJ4fpgyBqLZ%2BLft%2BjcQuMtEL3lQWx2Sk%3D' (2024-12-04)
  → 'github:cachix/git-hooks.nix/d8c02f0ffef0ef39f6063731fc539d8c71eb463a?narHash=sha256-%2BXTFXYlFJBxohhMGLDpYdEnhUNdxN8dyTA8WAd%2Blh2A%3D' (2024-12-08)
• Updated input 'rust-overlay':
    'github:oxalica/rust-overlay/020701e6057992329a7cfafc6e3c5d5658bbcf79?narHash=sha256-eh2i2GtqdWVOP7yjiWtB8FMUWktCZ4vjo81n6g5mSiE%3D' (2024-12-06)
  → 'github:oxalica/rust-overlay/4eb3f096e14431bd0ab4cca039f9c9d77331cbfc?narHash=sha256-uDfJ/TrLLqrtoNzfPODDOVyZ%2BJWsJfd5T1r7xuE6h6g%3D' (2024-12-09)
• Updated input 'treefmt-nix':
    'github:numtide/treefmt-nix/50862ba6a8a0255b87377b9d2d4565e96f29b410?narHash=sha256-qKL3vjO%2BIXFQ0nTinFDqNq/sbbnnS5bMI1y0xX215fU%3D' (2024-12-05)
  → 'github:numtide/treefmt-nix/357cda84af1d74626afb7fb3bc12d6957167cda9?narHash=sha256-9qOp6jNdezzLMxwwXaXZWPXosHbNqno%2Bf7Ii/xftqZ8%3D' (2024-12-08)
2024-12-09 09:10:25 +01:00
5 changed files with 150 additions and 29 deletions

View file

@ -391,11 +391,11 @@
]
},
"locked": {
"lastModified": 1733389730,
"narHash": "sha256-KZMu4ddMll5khS0rYkJsVD0hVqjMNHlhTM3PCQar0Ag=",
"lastModified": 1733484277,
"narHash": "sha256-i5ay20XsvpW91N4URET/nOc0VQWOAd4c4vbqYtcH8Rc=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "65912bc6841cf420eb8c0a20e03df7cbbff5963f",
"rev": "d00c6f6d0ad16d598bf7e2956f52c1d9d5de3c3a",
"type": "github"
},
"original": {
@ -415,11 +415,11 @@
"spectrum": "spectrum"
},
"locked": {
"lastModified": 1733426532,
"narHash": "sha256-k1g5MbTrURnYeb2XPwz3uLLKZJon7khTig2KvGv5pgs=",
"lastModified": 1733608368,
"narHash": "sha256-rpCgbvch1VaZBlySMHHDDjRd8n7EyUB25naBhD64za8=",
"owner": "astro",
"repo": "microvm.nix",
"rev": "5f0ab7953380a565c4e02083669bc529036970c7",
"rev": "c9fe9b953fd19ff5e3eb8bdc0ec3a040eead87a4",
"type": "github"
},
"original": {
@ -512,11 +512,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1733480606,
"narHash": "sha256-Mk7mV9N6En3+QZ+/9y29EZRzoJ+ZoNU+t8jPGzM+drc=",
"lastModified": 1733481457,
"narHash": "sha256-IS3bxa4N1VMSh3/P6vhEAHQZecQ3oAlKCDvzCQSO5Is=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "2297628136baca35c0a49df29f2407034708b5eb",
"rev": "e563803af3526852b6b1d77107a81908c66a9fcf",
"type": "github"
},
"original": {
@ -527,11 +527,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1733392399,
"narHash": "sha256-kEsTJTUQfQFIJOcLYFt/RvNxIK653ZkTBIs4DG+cBns=",
"lastModified": 1733581040,
"narHash": "sha256-Qn3nPMSopRQJgmvHzVqPcE3I03zJyl8cSbgnnltfFDY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d0797a04b81caeae77bcff10a9dde78bc17f5661",
"rev": "22c3f2cf41a0e70184334a958e6b124fb0ce3e01",
"type": "github"
},
"original": {
@ -623,11 +623,11 @@
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1733318908,
"narHash": "sha256-SVQVsbafSM1dJ4fpgyBqLZ+Lft+jcQuMtEL3lQWx2Sk=",
"lastModified": 1733665616,
"narHash": "sha256-+XTFXYlFJBxohhMGLDpYdEnhUNdxN8dyTA8WAd+lh2A=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "6f4e2a2112050951a314d2733a994fbab94864c6",
"rev": "d8c02f0ffef0ef39f6063731fc539d8c71eb463a",
"type": "github"
},
"original": {
@ -670,11 +670,11 @@
]
},
"locked": {
"lastModified": 1733452419,
"narHash": "sha256-eh2i2GtqdWVOP7yjiWtB8FMUWktCZ4vjo81n6g5mSiE=",
"lastModified": 1733711706,
"narHash": "sha256-uDfJ/TrLLqrtoNzfPODDOVyZ+JWsJfd5T1r7xuE6h6g=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "020701e6057992329a7cfafc6e3c5d5658bbcf79",
"rev": "4eb3f096e14431bd0ab4cca039f9c9d77331cbfc",
"type": "github"
},
"original": {
@ -772,11 +772,11 @@
]
},
"locked": {
"lastModified": 1733440889,
"narHash": "sha256-qKL3vjO+IXFQ0nTinFDqNq/sbbnnS5bMI1y0xX215fU=",
"lastModified": 1733662930,
"narHash": "sha256-9qOp6jNdezzLMxwwXaXZWPXosHbNqno+f7Ii/xftqZ8=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "50862ba6a8a0255b87377b9d2d4565e96f29b410",
"rev": "357cda84af1d74626afb7fb3bc12d6957167cda9",
"type": "github"
},
"original": {

View file

@ -285,7 +285,7 @@
};
wireguardConfig = {
PrivateKeyFile = config.sops.secrets.wireguard-horus-privkey.path;
PrivateKeyFile = config.sops.secrets.wireguard-horus0-privkey.path;
ListenPort = 51820;
};
@ -303,6 +303,29 @@
}
];
};
"11-horus1" = {
netdevConfig = {
Kind = "wireguard";
MTUBytes = "1420";
Name = "horus1";
};
wireguardConfig = {
PrivateKeyFile = config.sops.secrets.wireguard-horus1-privkey.path;
};
wireguardPeers = [
{
PublicKey = "UZGk9xoXhpHwM6jDWQvYDgJKk/OfcX9gw4iM9bPJJ00=";
AllowedIPs = [
"10.128.0.0/23"
];
Endpoint = "212.45.34.195:51822";
PersistentKeepalive = 25;
}
];
};
};
networks = {
@ -359,6 +382,21 @@
}
];
};
"41-horus1" = {
matchConfig = {
Name = "horus1";
};
linkConfig = {
ActivationPolicy = "manual";
};
networkConfig = {
DHCP = "no";
};
address = [ "10.128.0.2/23" ];
};
};
links = {
@ -552,7 +590,10 @@
livebook-password = {
owner = "erwin";
};
wireguard-horus-privkey = {
wireguard-horus0-privkey = {
owner = "systemd-network";
};
wireguard-horus1-privkey = {
owner = "systemd-network";
};
k3s-token = { };

View file

@ -3,7 +3,8 @@ gh_token: ENC[AES256_GCM,data:7DBVEdZLReJQsyUoO9fITtHhE0UFcHr7XWod5XiaQ5iiwcI01t
livebook-env: ENC[AES256_GCM,data:n0IReqMxu0pLJZtHdoTW+AvE8eKAyLsr41GbLR4OPSTrZrRKIOscZ5KIoLGtDrCQFw==,iv:MFC78r/1mfRf8puKWxXtaQeaqhFFVdYpu1vLMCe3JiI=,tag:Wd8EG95rx75EJpt5GaQw9g==,type:str]
livebook-password: ENC[AES256_GCM,data:FaMIr0GxLTvAzrYt7blGbJuGDbr+lDiIMnvY2c/r,iv:SKKKYYRYLGtRGgaHs7zAnH8n0HZiGaoAlLAptUPaa/c=,tag:vgBGhmXH/QpTbKjbrQEhKw==,type:str]
renovate_env: ENC[AES256_GCM,data:mzeS0FXsycD4hWMzRMgeEgTY+x2QtYtxmhcFCJcjwlD/q577kprHaU8otr1sOu9mwNud7K8kJGk=,iv:MMhr6CPsyvmP7+dKJUwt9cjnATm9JKZ/KbG4Dkj7hJ0=,tag:ubLmcW/CtT/uPiyswvr93w==,type:str]
wireguard-horus-privkey: ENC[AES256_GCM,data:JVhdbvNqfdPWFCg24F56Hmu1Tf/EA6BOqa1uPuu8C/FrJhNaGi4S+KYOook=,iv:z8cq4C5vu/QqJ3UZdL1zEH22Ht3rKSbdHgAQbRSk8Kk=,tag:AVBvV8wJqw5jgDRiES89eQ==,type:str]
wireguard-horus0-privkey: ENC[AES256_GCM,data:Ro3g/O6qv8zuBOWFKmtTC7/5xxMd3O57Cj+h9n0yTn3zgE1qsWjynKEsinU=,iv:BhIgKUOmiWS8wKWBuZtoKRO+nclGBBGjCLsgeTiTLuk=,tag:DtZFgNAzx1Z2dB4cg3dXaw==,type:str]
wireguard-horus1-privkey: ENC[AES256_GCM,data:e5WtFORl8fXtqMXC5bcs3D1rnBg1dkoc/4I5VlYM5WPeAXKIL48NBOm1yVw=,iv:vFk4FWZQyPtvqWfR9m9t8A/wt1LlwRRZVduecd+reUs=,tag:Gs3yzxy4LCoFJgMqKidSxg==,type:str]
k3s-token: ENC[AES256_GCM,data:agr9ihvrufHJ+zsWUTT7tT6oXwhQfp1VjlzvL/YrjhfsQsWdA2wqQOBG8Fgi6gDlqz+3DwWr3wdy/jclEEwrnA==,iv:zgYrN9CSraugO+LMIpJ2jDvxjCnQ9a3GHj6ffO/K0uY=,tag:6en6lNNvNMyOVf1Rfow6ew==,type:str]
barman-passwords: ENC[AES256_GCM,data:M7HCuXsq8kSqoEfbn94/Hdl1tvb93i5oDYOr+QeuDVD33aF/xxuOwDVZM7wz7OcuozV7f6URtMGDy26KaHqekWhn2hFoRi5WHOxjE7M6oYLP6V4F+IGQBeMOHjjzqjQ9ti/BfhGpi3oHf0RK4RxLCmoNzAfWuP6zZnCyKgwyxBVu6lCHG2I08CJ8w2novts8,iv:EMLqvGIb1WK71Aw+LWr7JrQydA89CTTOavsFUZ6M3G8=,tag:PXu0JVzHjbH9wQfijf9V7A==,type:str]
factorio-token: ENC[AES256_GCM,data:m18pL2ck9ak7Sr/OQtxuG0rl4oXoFGCFG82Cplt0,iv:fXAkF+k1B4vzTxanPO39r7FvFPRFmpOy3My/zaOfLQE=,tag:JXotTaf4Aba9R11bSwiVbA==,type:str]
@ -40,8 +41,8 @@ sops:
c0dlMkVlRG9LYU00M2M3UGJpUkxDOWsKiwc5oM63ezv1TVng0zQOqILOxuRMU+j7
hHl6AWg0iorXJ1IWmGxLINDAK/RQVEFLK6gRjfN7qB+6wdmrKl8seQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-17T10:13:01Z"
mac: ENC[AES256_GCM,data:z/e3bOudpTvxgR0l1qMzVq1O7vsxXr7jA4YETzDI6T25bj+A2rIk4YE9PDi3rp0ADsNFy0yclknvzrkPuFlYQ+ylFzD2NJ97hbRzD3jl+NdyPdmUFU4ohkFA/EXWZ1sVWoPOogdk0Od3PUPzKpQwL3gTJB6jxSDDcy+lmRRXgDQ=,iv:BSscMpW1tVkonTIqJKkeUeG1s2ZPx4QUL97Rr+rf+7E=,tag:5RdHeD8SDzfkouM23qnH3Q==,type:str]
lastmodified: "2024-12-09T09:52:58Z"
mac: ENC[AES256_GCM,data:566st1YkfscxnkFtaSfnvfWqfdXLYILxJJLf+LeH5j5gOU5cc1bgrhtBLAzshzthhcvIP5Y+L78Nxz9Ppv9ZJrIZpnhebQ+8xG6XyF9yzv8DdbgKQxTyCcvpMrm8qqCxFv5NnfMpa2a6dUq6vS7KCM8fUmFl83eEa5ZwtT+9QAw=,iv:Xxld0/ziE4N13BjuOkFmUB7nmTtr+xo2AZPDvJRrNRU=,tag:qzvmAszZamGlywrZ2CRSLQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

View file

@ -278,6 +278,31 @@
};
};
netdevs = {
"11-horus1" = {
netdevConfig = {
Kind = "wireguard";
MTUBytes = "1420";
Name = "horus1";
};
wireguardConfig = {
PrivateKeyFile = config.sops.secrets.wireguard-horus1-privkey.path;
};
wireguardPeers = [
{
PublicKey = "UZGk9xoXhpHwM6jDWQvYDgJKk/OfcX9gw4iM9bPJJ00=";
AllowedIPs = [
"10.128.0.0/23"
];
EndPoint = "212.45.34.195:51822";
PersistentKeepalive = 25;
}
];
};
};
networks = {
"40-enp4s0" = {
enable = true;
@ -310,6 +335,21 @@
{ Address = "192.168.42.10/24"; }
];
};
"41-horus1" = {
matchConfig = {
Name = "horus1";
};
linkConfig = {
ActivationPolicy = "manual";
};
networkConfig = {
DHCP = "no";
};
address = [ "10.128.0.2/23" ];
};
};
};
@ -471,9 +511,9 @@
defaultSopsFile = ./secrets.yaml;
secrets = {
# outline-keycloak-secret = {
# owner = "outline";
# };
wireguard-horus1-privkey = {
owner = "systemd-network";
};
};
};

View file

@ -0,0 +1,39 @@
wireguard-horus1-privkey: ENC[AES256_GCM,data:swCZ55Y2OtW0r/A4u02okf4VONc24laR20bSgdK8Buw36uRfCiN/ydykaDw=,iv:TLMbiLRLdT3af6bsc9y0G+s5O1GsOoerug1IPUFhar0=,tag:HBug4T1Mi5XX282wkDYoFQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1h7ddyj66gcqt5vnzphjfn6y5tul79q0glcdl0et9w44z2evl999qe02wht
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCekRnYWNKZis5OFF6bUdY
a3VnWXhCT3VqN0FoNVo0MXhmNGd4Q1RoeGxzCitSNld0bm55Z00rS1ExbXBSd3M5
U09vSnQwWmp0WmI1ckhyMGNyTzBLeUEKLS0tIE4yUUgxenlXK1lBY2ZhM0ltem9T
cHg5Vzd6c0ord1lYR2JGSy80MjgreEkKsaLGbqzB0q1nVKoPgP1c8rkl9euGR7rW
ArEguEZ390hyfyWQLvKMtrhI1zVg7ATmoN8aNaNqaRhWH4ak30oL5A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1435gxhlpu55pp86r8pullhc6wg43nv6qm5l3g2vl5000xhn8apdqtlf8cg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHTE9FNWphZURORGhybXRC
MHhSVmlxeFB0S29ncjRDSnZ0cHNyRWEvS1dBClQrcWQyUWRZSnMwNnRNbzhNTktC
ZlhIWWUzdmg1UmplbHJqelVzT2FBM0kKLS0tIE54a0dWVE8zYlNqVkZSem1LK3Bq
bGpidWtmUVJsWFZ4OEJPcERrbXZiWFEKwdjwcV8vV1qkiYVzc4YgC9PiyfkLIMyj
WRO+gzKEa2p9JiI5fZtLDp7qIORvHLtkoDS+bgWF3PM52MJDRG9fIw==
-----END AGE ENCRYPTED FILE-----
- recipient: age192a3nepaclecjjkxssszueak6rxar49prceplvvxc5m4f3ww7g5qpfgdqj
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByWW1BWVdkYUdPaitqMGJE
emx0ZGJPako1SytObWJ6TTRCU0VBZ2d2K0JBCkxRMWZ6OHE2VUR5c0htdUFOTzNG
MDhNVWx1VEp6cGNqTTdQNVcxTVg5NkUKLS0tIDBCOFBiTjJ1WXhtK0xJeUU0Z2N2
bjdnSFNFcVZlUzJFOW92WU10UmNCQnMK95u50DI+BzfkWCo/eYpiBUMsdks5mrdz
AkpVjViYKRYY0QUQpY7o3hD0q7K/IMiEirfn6l80L3m4iHZ/iENupg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-09T09:52:43Z"
mac: ENC[AES256_GCM,data:my4OPZxaQG9E8boVsGzPmMU/d95qUFkuhktS9QxBgN6AC7WNU13GImYpuZRkgcLJzTXYUir+Zw/og5NiIZzW7m4h9AuYxIt3H7NM060oj7zHKcoayetiRGXkPBlVY+DEdo8MtROGhZRhLRt/N3er+IrZvef46aamm320oz6l6ow=,iv:Au7N696wIzbGS8J1jDIEeiR3xFcg9VmX4qqlagRV9bc=,tag:XVsmRSDDKL4YXg82mRY/rw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1