From 360dbe0a07b411ef20ee3e616b56d2ccb72f28a6 Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Tue, 25 Feb 2025 19:01:57 +0100
Subject: [PATCH] hosts/tungsten: Add to monitoring and to wg-clerie
---
hosts/gatekeeper/configuration.nix | 5 +++++
hosts/tungsten/configuration.nix | 13 +++++++++++++
hosts/tungsten/secrets.json | 27 +++++++++++++++++++++++++++
hosts/tungsten/ssh.pub | 1 +
4 files changed, 46 insertions(+)
create mode 100644 hosts/tungsten/secrets.json
create mode 100644 hosts/tungsten/ssh.pub
diff --git a/hosts/gatekeeper/configuration.nix b/hosts/gatekeeper/configuration.nix
index bf0b261..f09e259 100644
--- a/hosts/gatekeeper/configuration.nix
+++ b/hosts/gatekeeper/configuration.nix
@@ -114,6 +114,11 @@
allowedIPs = [ "2a01:4f8:c0c:15f1::8111/128" "10.20.30.111/32" ];
publicKey = "o6qxGKIoW2ZSFhXeNRXd4G9BRFeYyjZsrUPulB3KhTI=";
}
+ {
+ # tungsten
+ allowedIPs = [ "2a01:4f8:c0c:15f1::8112/128" "10.20.30.112/32" ];
+ publicKey = "OI5/psr3ShrwRqKTTr3Kv92OVRietTcMFNVXtsYybRo=";
+ }
];
listenPort = 51820;
allowedIPsAsRoutes = false;
diff --git a/hosts/tungsten/configuration.nix b/hosts/tungsten/configuration.nix
index 94564da..d9b954e 100644
--- a/hosts/tungsten/configuration.nix
+++ b/hosts/tungsten/configuration.nix
@@ -19,6 +19,19 @@
networking.hostName = "tungsten";
+ services.wg-clerie = {
+ enable = true;
+ ipv6s = [ "2a01:4f8:c0c:15f1::8112/128" ];
+ ipv4s = [ "10.20.30.112/32" ];
+ };
+
+ clerie.monitoring = {
+ enable = true;
+ id = "216";
+ pubkey = "bDmf4xndBNwzcvIGCMq6dhyzjdEZOV2ckhv/37V/PWg=";
+ serviceLevel = "event";
+ };
+
system.stateVersion = "25.05";
}
diff --git a/hosts/tungsten/secrets.json b/hosts/tungsten/secrets.json
new file mode 100644
index 0000000..19ea433
--- /dev/null
+++ b/hosts/tungsten/secrets.json
@@ -0,0 +1,27 @@
+{
+ "wg-clerie": "ENC[AES256_GCM,data:OtSzmacWH9leDuykr7Tp5lR2FDoNGQ61V/9z6xBD1eCDSLOvt8UdILMETJU=,iv:NNGqR7UG3bZWETpZRwEdS4O1nRO4cBT72fljpqSbtyc=,tag:mea+5E8B655ljRzk63IDOw==,type:str]",
+ "wg-monitoring": "ENC[AES256_GCM,data:+k7ATUbPnEfb4O4lUs8d4ZlvMPlsxC5mrCi1bXOje47XDcpioDwzRTQNPrU=,iv:p4JdSMbBcb/8Uh/9RuUSs64VBRQJHu6k5FB50UsxXVU=,tag:NRyBs1CO77AV4CbD6a6gig==,type:str]",
+ "sops": {
+ "kms": null,
+ "gcp_kms": null,
+ "azure_kv": null,
+ "hc_vault": null,
+ "age": [
+ {
+ "recipient": "age1dvl2pylf9vs4vt27g8z8nzpuwt88zl5fj7a68papsmenze7gd3mstyalks",
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkOGRQMDhycnViTVR5M1Aw\nbjFGbXBINTJsTEdKU1ZoMDVIMUQrU1R2M2hFCk9XY0NxMlZoZXJhMVIvZ1hLUXJt\nSVdzWEpraGc3aUFBUWU2Uk9WK2J1cncKLS0tIEZPUVY1V2Z0RDhJR2VweVFsZnY5\nREp1cERaVzcrTTRhL0tpVWpMc1pCdWcKB3ZbqB8tGdXgXra3fRL/gw4IEpNHBqp+\nKnw9XYYV2MDiL02+HF+bABVHbjngG85EGDRTDZMWnJtlxV4l+vzTVw==\n-----END AGE ENCRYPTED FILE-----\n"
+ }
+ ],
+ "lastmodified": "2025-02-25T17:46:27Z",
+ "mac": "ENC[AES256_GCM,data:EvbkM81pIqbYkvcBSWtyov5GN8D0PauWAiMmRYgWl2fijlH7zEpsCh0XU544prqpb7vh8ShAuCecVpWsdWUIAIT62ToB28NdefDhX2HDl4B1XeIy2X9i+jhnaXLjbwc+r8IhTHOJ/uWeVrNQyb4g9nOaijzDGVJbwKnJ6M+O7fU=,iv:WAIwdemTsTHLnGtFtg/KgyjId3+RpivNDc1LFZjG3jY=,tag:YmaYFT9smKChwd5vVisfLQ==,type:str]",
+ "pgp": [
+ {
+ "created_at": "2025-02-25T17:27:17Z",
+ "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA5OzEzXewpmPAQ/+In2YZByknfnhl2zYmOUTQCrjpiyXbf8/ai0Ko8TZZCRy\nhrpxyvKP+/u7CMS+giouoxKJ4XLDbHacoz06qF1I9i9iSVelXxQ5epSHk4BLLocw\nP5S6ZnE3jQO4G5goC/LU7nARN2IMwYq2rRZe8o8SLDMTZqGnlk9vBihcE4rN4lpd\nLbSb+cT6wDba32xKNZuP9IRPU2gqjOAg99gbh7Se2zB4Q7AxpgUl6EZZ7OMqVl/C\nbgSQFgwJxFPoH8KBS4wICbHTyWGvg2iEQyh1zNElUwbW112kyfBxGHKFukfEapIj\n2Cv0+Jme3VA750rZmJ4xcOZeoz0n7THBHdFjE122dkXhUdkQmohKzjngIZySUqDI\nuaDf43ebi6tPgCdC6gKLbYUUml+WEOmIRcgmIEswG9iRF/vjOYLK9OxclAKLDDar\nN9zgRFW1qR0HZhAbC61L1CqhKZzjQpNpjYn2pwmR+NnU/DDrlSdJLnHnrMdPeG6l\nBVp7oLhct2DwrypEYOvccrEwRakJSjCyC6cPWbUv7upjovTvcSAh21XNLnHJaMsY\n+sbJf5vshnALIkEXRyMBa5to7RZQvWx9qdklykjbXUEheM9RQATjGdnFQHuM05LI\npWKX038xlEaPe4nJa4PBGub23GZ1zuP3zE+N0W4XTR3r3ZGsMncqntiPJaaBgzWF\nAgwDvZ9WSAhwutIBEADMfdHvINLP6Gu7/DeLUboRnTHpP8x+rfTy9lcIW2RmQHbz\nLeAwBbeqyvLUi9ObjwclVWvPHqbPyGwibt96mTgGnkAEwXCgcXfWz/vCRZ0UHcvT\nimFM4H+ecOKws7t+sf31PAMPE0eSSJIYXVU9pej0qaKzR3zMBvQi6CsB0F1e2Fkz\n0HbilJMELaKFbJJsTXtDyl9Afi8OtVcBoG8P/1ImM/gcJLU548WTwPtzYUufHt5q\nkb45PjEId3m/g6CF6nh4GCQtRwOWjah49Zsk5cuI1aO/Q0gPyndgzFL5fYOfPlGN\nPTQ2KFMUh1dkvVVzyNFFC1vqXx2KH5l2gdTRkzaFQ3Qjjx1kluM5AlEl2Ynx4sbQ\nVaFZHFjQnoFtDn08BzNS7Cu/5SOdXejihen4sg0bGjEz6aVGwHXQJcp0BigH2y3f\n/OtnCK5KjFSQsdgTV5trstQgFQMqbMiVEqd3u+3lTxGJ/dQ7NXerFroITUC4J3Uu\n3VRdWTlgPED8hiA1NQaOiy2bbMzAgaR86qHK6JhxnP/6ETaByPPb27Oisblhhq9p\nCDw4eNGws1WsAyjZkyatzLZwUs2zOt4ZKjDlim8EikdGJpDcHnameRtI97QgPDO/\nzA5zHMrDuMN1iMw92WIAQyEQtJgyy4m3YvUsnlpHqKOgSNpwG/8j1zXHLH2p1IUC\nDAM1GWv08EiACgEQALEoa50qGjadZkaHI2tXFVv8RF1d8nR+L946DyMImjuMObei\n6Sx/Nc3bHzHSMsf27T120EUU0yUERdncoOQTRWBemMoB6tWYGTIAG0uDhrHl6rzW\nOUC5G7023H3cHStXbFFBp+JargnE1XgcapHM0p29GgUCE21UDBXzm7MB6x+9AKdd\nsc6qXD1xNPWc7RSqLL6anvcT/eLZW5Y1Ep2T7r5gQ81Fbxh4RicCphmApDC91Dii\nfZ/Va3JUeFm/82edeE4FqJUO9Akk2sPmVnXBYWPRq55/Uyk61J8u2b8tY7OcLSmr\nw/eaJq2bgDda3MBVzF3G9nr3BGhl8g7lCSCPS3gCFfs7C3Djp/YP0L8rMsH2ym1Q\nEj7rWC3K1xwtqowDx+EcYDMwmUtJqkia6o3WVM1qJM25QuCg2mnv9anMTgWuLpQo\nk1Av4FR+zV6aK3A7mxxjG0BsSUGjrrzoJC5DV1DSZ335lqlZxmthJoF0mda02nbh\nUlzpHEpG3/eWXjfDSbEYU8iVK2HWX9/i2gnXbpREuEnt5xpuSQ/sBT6tmit1FwK2\ntYZ+wtCMjWKkeZtvbP9Fx0nLYhVyMXvLhR1VLosCymKqWCIBj8VINagmPLiToEMd\nfpVs8m35neD4258CZOvBgqFvmxlGb9e27p8PHmlg9UNb/v7sYmSgm4IH0zi11GgB\nCQIQbpoXf1EJlriSHiqcUZCIvY/H37TWSJ6+tCcUSUipA+dLgt4pnKBjeM6RFSPG\n81eTm0AZIpmRDx/i31knPNh5JL6RYm5t66ncM46VkO1FIatkdKDfJbYe9J6ezWCs\nMDYTejoBhQ==\n=EuYe\n-----END PGP MESSAGE-----",
+ "fp": "0C982F87B7AFBA0F504F90A2629E741947C87928"
+ }
+ ],
+ "unencrypted_suffix": "_unencrypted",
+ "version": "3.9.2"
+ }
+}
\ No newline at end of file
diff --git a/hosts/tungsten/ssh.pub b/hosts/tungsten/ssh.pub
new file mode 100644
index 0000000..5ca10fc
--- /dev/null
+++ b/hosts/tungsten/ssh.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJq5WWALjFHvmUdcWdKN5BBRS1F/EWaBet6oftrbxt1F