From fdeddf8fc938af241f32d9cf05eb2e3670972451 Mon Sep 17 00:00:00 2001 From: clerie Date: Tue, 13 Aug 2024 16:13:22 +0200 Subject: [PATCH] hosts/carbon: Add wg-clerie --- hosts/carbon/configuration.nix | 1 + hosts/carbon/secrets.json | 5 +++-- hosts/carbon/wg-clerie.nix | 9 +++++++++ hosts/gatekeeper/configuration.nix | 5 +++++ 4 files changed, 18 insertions(+), 2 deletions(-) create mode 100644 hosts/carbon/wg-clerie.nix diff --git a/hosts/carbon/configuration.nix b/hosts/carbon/configuration.nix index df504e1..0a352e0 100644 --- a/hosts/carbon/configuration.nix +++ b/hosts/carbon/configuration.nix @@ -15,6 +15,7 @@ ./net-voip.nix ./ntp.nix ./ppp.nix + ./wg-clerie.nix ]; boot.kernelParams = [ "console=ttyS0,115200n8" ]; diff --git a/hosts/carbon/secrets.json b/hosts/carbon/secrets.json index 1b585f6..f3c77f3 100644 --- a/hosts/carbon/secrets.json +++ b/hosts/carbon/secrets.json @@ -2,6 +2,7 @@ "wg-monitoring": "ENC[AES256_GCM,data:+k5MgBrj/psMCE1T2jDtCCJI9Q7L+wJ3j83inNkeGp3LSUjoAPtBp4YoyL4=,iv:C19g/Lqi+cWAyiJBMNDtgLc3SDNI9bMBrBPWn+26mVY=,tag:9zIoawuGeGCMbOX1HKR/sQ==,type:str]", "pppd-dtagdsl-username": "ENC[AES256_GCM,data:JC7EyyMoN0p5YwnS9W5I0G5Omhk5usw28UiJrCfifGr+2FUgMrtFYAHQdrtWAELvYNBQDPgrHMmQjGQLhpqqK0hH,iv:/q+Fm63GVBApGInyS8i39V/lo6iv+I2omVh47deq+o8=,tag:LkR+1zTDNWuYkhH2iWT7SA==,type:str]", "pppd-dtagdsl-secrets": "ENC[AES256_GCM,data:c5pOb8It1py/9NXNTgLvt9zmsBVbSLHJt4iXWiNA+Osvomw3r7pgoO/JJh9ujomPMnOlDwN7g+pJ,iv:W36gA8E1mWchN6+8hdMdt2epv/RdS91T5ANB/JTcHCE=,tag:7eZ3fZkjERCVJCXYrABnlQ==,type:str]", + "wg-clerie": "ENC[AES256_GCM,data:OEZg8ZoLAdVhKkvB0ai13ID3gPnVUU/xkOjZ4KiJ9MnRbcFu5HBd7Nw6iNwh,iv:edPuaehya2ZvYKkiBqNUbXVDAxAT6yNgETnWtd6it94=,tag:cX12szdQfAcC6cij6zk6Dw==,type:str]", "sops": { "kms": null, "gcp_kms": null, @@ -13,8 +14,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3Rkd5WFE3aE5EQzY5ZXV4\nbXVGYmxTdVg1ekRpVjlRUnozY2tMTGloL21RCktjZW95OU9ZZ2owTCtMR1NxaXJn\na2VYS2ttb3VhSjNXOG84UUJtYU04QjAKLS0tIGd3aHM0RldFYnVFdDRVS0Vhc3BF\nckJhYmN6a1FJUC9ibks1cGlRaU1zbFkKE4ClunQ3XGAILwluC6iYFs+rlR02PdhK\njOmPbOlS0aNG0hoC7Z6aetgpj689AkJgl68QVcyvm+ecHH7TOT7l1A==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2024-07-13T21:56:57Z", - "mac": "ENC[AES256_GCM,data:/jZ/aIQUxYrF0deBTJOyc009yPKfshiYnAB2GR5SRTi00Ls5efKzhjDJaEWvAkgBTFz5/a8fy2k+vXEDsDlrgcgWqMS8/Az5LRf9RWUBWkerDyoBJ2UZRdt7UVPfkN8ObKQpfFqxhzkm4zio+MwSbqSMZil6fGaxz6lyUkwaphg=,iv:KStinEtV1DTaEl0ebMEw8lSMvrE5rtxqfTbzssC9oGY=,tag:YOr8T3wqqxyv0mpO1wMDEg==,type:str]", + "lastmodified": "2024-08-13T14:06:43Z", + "mac": "ENC[AES256_GCM,data:yGKY0fi3KQWGHBeyNtQ8EJ6561dKRZ5aAjO9zq3odDtX75i2RSjORIlNjBsVvegBzeo8AkwwnzxNPt2sHl6MKDZfEsysWAi8Wolh4UvHk087AnR/uKvtG6t4uUaNIWej2DEzxUtTQ8QP1afsdqGCf0vZVruNcJ4u2xiQbN2vJPc=,iv:CDXJ5/P+h0Enq/0EL1su1Mw55FVYLy4XPSoUCkRkt+U=,tag:AvRfEDYMBunyIQIVCPbXag==,type:str]", "pgp": [ { "created_at": "2024-05-10T13:05:56Z", diff --git a/hosts/carbon/wg-clerie.nix b/hosts/carbon/wg-clerie.nix new file mode 100644 index 0000000..14bf443 --- /dev/null +++ b/hosts/carbon/wg-clerie.nix @@ -0,0 +1,9 @@ +{ ... }: + +{ + services.wg-clerie = { + enable = true; + ipv6s = [ "2a01:4f8:c0c:15f1::8111/128" ]; + ipv4s = [ "10.20.30.111/32" ]; + }; +} diff --git a/hosts/gatekeeper/configuration.nix b/hosts/gatekeeper/configuration.nix index b2c6770..bf0b261 100644 --- a/hosts/gatekeeper/configuration.nix +++ b/hosts/gatekeeper/configuration.nix @@ -109,6 +109,11 @@ allowedIPs = [ "2a01:4f8:c0c:15f1::8110/128" "10.20.30.110/32" ]; publicKey = "kn6ZtViagKGSyfQJQW6csQE/5r7uKlbC1rbInlQ33xs="; } + { + # carbon + allowedIPs = [ "2a01:4f8:c0c:15f1::8111/128" "10.20.30.111/32" ]; + publicKey = "o6qxGKIoW2ZSFhXeNRXd4G9BRFeYyjZsrUPulB3KhTI="; + } ]; listenPort = 51820; allowedIPsAsRoutes = false;