clerie/nixfiles
1
0
Fork 0
Code Activity

hosts/backup-4,hosts/palladium: Setup direct VPN tunnel for backups

Browse Source
This commit is contained in:
clerie
2025-04-15 20:55:56 +02:00
parent 47921ea988
commit e9210d4ada
6 changed files with 88 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/backup-4/configuration.nix
View File

@@ -7,6 +7,7 @@
./backup.nix
./restic-server.nix
./wg-b-palladium.nix
];
profiles.clerie.mercury-vm.enable = true;

7
hosts/backup-4/secrets.json
View File

@@ -1,5 +1,6 @@
{
"restic-server-magenta-htpasswd": "ENC[AES256_GCM,data:gfvmAd7z+jQwoYDJf/Hv2sR9ISJT+Hw4jrHmvW64PXjoETy+LjdsmqEPuRyq/YhrGA2rqW+YodPlkh/eE4crdTL2eNim+ij/OUubliUwBMyJuxsdGKuDUMc+txqN2x6Q24MnnU88P08SKpsm3jciMhz7JEg62W77jhesWlkzsuJDmg9oTlA9SeYOEac3pIKpekfRyE77GSFVUflwwCA+xvcEg5xyuRosFzBWGGEC3kDNB0licF0X6epz3HtlqhCLd/mkuEkftjpkNOFm9oJYzdwYv5PwVNg7G7JOgsUx9e5I29mwWPfhinX1yEFNwxKeB1FbUhYOKhRhdqWD6THVLkDzU0zP8vrm5FXTaxLHZr5+EpKit8/MJS5UBVvpSTDQ0cLExJyonWP2T+zr6rxKwU/q1jQRvsU6DJ7Bt8+9chrXBNOeyPM9xzWN1Zyyrntm9j5Ufj1YFwyrDT5ve2rOgNHA4KoS28+vsP1fcVO8XlLR24zFx5+/1BPG25qSECTPn6KkcL+yV+WS4oOnu4Oo0GVPEz+4SfyYIEVmaV61KC61pKa/6ACeUd6nABcDbReMqPXU7/bksM4sTDoFSmmiAycnxT4xavbaFdfbYIOXVQwYAIjaR1tAqQ6gYVCQ/LtKhIHCGCg10xRXNV3qkPqOUvJ7JnRcre+pQVDVLg==,iv:tvhvTPzhHoG4yG3C+o9s8yh4DafMpPb67nNxbUZcFxQ=,tag:8P5lYeP2EB5AfKgeeBISLg==,type:str]",
"wg-b-palladium": "ENC[AES256_GCM,data:XTenrGQFLDndt/XPaDGRLQthVq1UFKJ2mWK3Z+YfT54YpnWO81cslrMMtPc=,iv:tW8NHOcNj3Q26BJBIz7UPR3bmw3nrb0UkkD+gqngw/w=,tag:XDYkIqj6z2Jvhaoiqeyn0g==,type:str]",
"wg-monitoring": "ENC[AES256_GCM,data:lCuE2EgUo3ER9NNg1rD24Z4cZS+VZ4KmDojnfCsb/LyBsfyu6uOJ4IVtxOE=,iv:KHRP1pXYXk8Fi23cjUZVUUadu9yWoJ2ddxj2fMJJYE0=,tag:TiFlekXM7WLLHAPlmYbP8w==,type:str]",
"sops": {
"kms": null,
@@ -12,8 +13,8 @@
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpdFREUEVzb2JFd3hSaG9y\neVA2a2Fodko0OTI4ZGM0NlZxRmNtYmFDY1hVCm9ncXdWYTJlSU1FSG1WdlNBZ3VW\nM2VtRmZiWldzalRsRWJ0UkV1L1hSMkEKLS0tIGVLQU9kQXhZbC9SUW9CS2JnWGlJ\nQ3RoeXVkRXNkUWNaZ0VQOW1hcEJnNjAKHgZ48PERJlfkkh2TyCLl52zUZY674BXW\n4zPtmhZrb4xlExetINrOd4hZtL7S7qn5GnTxhoxvCddeU+JPPsfWoQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-02-16T18:13:41Z",
"mac": "ENC[AES256_GCM,data:O+E3UbWbmlbpUPeSS/BFcJpWr2WEXbu0aaj9u3XUwstp4ba6e0xuVdzfbntQwbN378sDNpDMkAuxp1+R/0THBSs+nqXC9q9IgK+hfSBd7q2v4lvdhxRdM1x4wysTDJGtjFNdfz8EzqMz42Y2IWjxSozgPNpjZSIGhwMBA2TS/gU=,iv:1waH/yUGt5jGJbQlYmp5b97NGVyRykgzI2g1xX+Jo/U=,tag:4bxFxkClt3LbqCH552XePw==,type:str]",
"lastmodified": "2025-04-15T18:44:05Z",
"mac": "ENC[AES256_GCM,data:re/vIg7xa9fEBZM3xa/jZzsAutHHNgDNnHiGjXkR5W0ORYPjlBuSV5NYZTbr7y1rqWbjmPsbo1KjJgt8OF8kn1XxXaUprWYOtHh7NtyhMFUL+mgftRvdLeacZfcnTnOm95GNLR7sG1/qsMHQf+JmUU0fNEX/a/EmDXY2GTYzJ6o=,iv:9RY4yMrGxuVdfWOCL/hlZznHrfeWPEc1V5neZgS4g+Q=,tag:mfVGmPvnJa+XqmBnfIu6DA==,type:str]",
"pgp": [
{
"created_at": "2024-05-04T12:30:52Z",
@@ -22,6 +23,6 @@
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
"version": "3.9.4"
}
}

40
hosts/backup-4/wg-b-palladium.nix Normal file
View File

@@ -0,0 +1,40 @@
{ config, ... }:
{
sops = {
secrets.wg-b-palladium = {
owner = "systemd-network";
group = "systemd-network";
};
};
systemd.network.netdevs."10-wg-b-palladium" = {
netdevConfig = {
Kind = "wireguard";
Name = "wg-b-palladium";
};
wireguardConfig = {
PrivateKeyFile = config.sops.secrets.wg-b-palladium.path;
ListenPort = 51844;
};
wireguardPeers = [
{
PublicKey = "YMTOhRAKWfFX1UVBoROPvgcQxTSN4tny35brAocdnwo=";
AllowedIPs = [ "fd90:37fd:ddec:d921::/64" ];
PersistentKeepalive = 25;
}
];
};
systemd.network.networks."10-wg-b-palladium" = {
matchConfig.Name = "wg-b-palladium";
address = [
"fd90:37fd:ddec:d921::1/64"
];
linkConfig.RequiredForOnline = "no";
};
networking.firewall.allowedUDPPorts = [ 51844 ];
}