hosts/backup-4,hosts/palladium: Setup direct VPN tunnel for backups
This commit is contained in:
@@ -4,6 +4,8 @@
|
||||
imports =
|
||||
[
|
||||
./hardware-configuration.nix
|
||||
|
||||
./wg-b-palladium.nix
|
||||
];
|
||||
|
||||
boot.kernelParams = [ "console=ttyS0,115200n8" ];
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
{
|
||||
"wg-b-palladium": "ENC[AES256_GCM,data:VBDyrDYwICbiND8jfkiIr/3oDtP1X9817WhonFYXNSTPZHziEY7U886/DFc=,iv:syqo77FROChv4WKgiGWCUa2ziH2Ds14CT5vVRxGmEvQ=,tag:X2G3JUrabXYmsKPBltOafw==,type:str]",
|
||||
"wg-clerie": "ENC[AES256_GCM,data:fLGZCRbnDrSWQ+9Q/7l3DUKOgw7blcHpd8svHMZFEKMoTfGeZCc37oKAOKU=,iv:GlPXkeVnzSzAnpdSGIydZP+hhEshJ3X/N1fhwJk5Ol4=,tag:0E9RhBPha0Gun6KUNtvYUg==,type:str]",
|
||||
"wg-monitoring": "ENC[AES256_GCM,data:3RHk/VI8t9ba/qiWqLkwIxaOt+e0yXw7+f1qpIVdr3JE2NzkVvX6aeP3o2Q=,iv:f4VIK1oyaUilCia1EfEiL18a3zk4+7Ol4ihyhzPounw=,tag:XeTI3iL4qIPS+Z+PDJRGrA==,type:str]",
|
||||
"sops": {
|
||||
@@ -12,8 +13,8 @@
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpY3p1Mi85WTNxK2U5bFVP\ncmlFRXNlK2dWMUt1eW1abzIrb0liR043VHpnClIvaHZ1VWxRSFR3ajc0MmJyMFAw\nSWdVclB2OGJqUjNXTmI4MktXVTVQbncKLS0tIFpJTTZJRmJGeE1xNFFScE81R29J\nR3MzOGY1cVhmalNEaHdyWjkyaHVRTDAKXyz/+WdHsC2AppYNf3/W1xx2Zcfg4p50\nCAamBntNMUK8zYLdhoSBT54qVYJJuYZ6eD6WOIZrdCK4HKGy0d13uw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2025-04-15T17:54:41Z",
|
||||
"mac": "ENC[AES256_GCM,data:fNxeNhsgF2UXmTI3pxlbFocsGAgwLF6GzQnndG00cx/8TC54eYzW1OaIjrBQzB6ARf6ocZ14rhd+PLqKhXuUZ3md77ojZOBxcT3P4yyMuQjRBYydPonBw0mseAiBtsKacqJSFCaC91JMSY2Y5wTwBiiCz5V9FbpmLLLlEEVrW1Q=,iv:4uPkvUEtNRowe2QTiuvAwOqR8PDfxbHlYoml9Cqdacg=,tag:J+8PnSEevmnvah9LVCTwsA==,type:str]",
|
||||
"lastmodified": "2025-04-15T18:43:12Z",
|
||||
"mac": "ENC[AES256_GCM,data:qcMFYqFrxzM8BNGuSeDZWJI/NVadvzIjGM2WF54cV5ty5O4iqb1Q0qOQBQMBVqYNO5BrQ2JeTXl2foLE1WncFY3JSg2v/Q8m1Kh1vFE2FbwYPh5bLGizI20JpBkqx0dMK8r4gvzaHwx2Cth7IWTGw/qGeO1wb4RWDh2E7xBlKRA=,iv:klutWxyHHhngjya93Sv3Tim69ozRuJdCsosMnn7pcYs=,tag:2w0okYEH8tzjJiODjxOHKw==,type:str]",
|
||||
"pgp": [
|
||||
{
|
||||
"created_at": "2025-04-15T17:32:56Z",
|
||||
|
||||
38
hosts/palladium/wg-b-palladium.nix
Normal file
38
hosts/palladium/wg-b-palladium.nix
Normal file
@@ -0,0 +1,38 @@
|
||||
{ config, ... }:
|
||||
|
||||
{
|
||||
|
||||
sops = {
|
||||
secrets.wg-b-palladium = {
|
||||
owner = "systemd-network";
|
||||
group = "systemd-network";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.network.netdevs."10-wg-b-palladium" = {
|
||||
netdevConfig = {
|
||||
Kind = "wireguard";
|
||||
Name = "wg-b-palladium";
|
||||
};
|
||||
wireguardConfig = {
|
||||
PrivateKeyFile = config.sops.secrets.wg-b-palladium.path;
|
||||
};
|
||||
wireguardPeers = [
|
||||
{
|
||||
PublicKey = "VstE42L1SmZCIShH5sOqcpVQOV0Xb9cFgljD0lhvKFQ=";
|
||||
AllowedIPs = [ "fd90:37fd:ddec:d921::/64" ];
|
||||
PersistentKeepalive = 25;
|
||||
Endpoint = "backup-4.net.clerie.de:51844";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
systemd.network.networks."10-wg-b-palladium" = {
|
||||
matchConfig.Name = "wg-b-palladium";
|
||||
address = [
|
||||
"fd90:37fd:ddec:d921::2/64"
|
||||
];
|
||||
linkConfig.RequiredForOnline = "no";
|
||||
};
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user