Switch dk-vpn to multi system support
This commit is contained in:
parent
7b91a6e801
commit
d4b40a7170
|
@ -84,4 +84,8 @@ in
|
|||
listen = "0.0.0.0";
|
||||
};
|
||||
networking.firewall.allowedTCPPorts = [ config.services.fooocus.port ];
|
||||
yorick.dk-vpn = {
|
||||
enable = true;
|
||||
ip = "10.100.0.4";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -8,4 +8,9 @@
|
|||
|
||||
system.stateVersion = "21.05";
|
||||
services.flatpak.enable = true;
|
||||
|
||||
yorick.dk-vpn = {
|
||||
enable = true;
|
||||
ip = "10.100.0.6";
|
||||
};
|
||||
}
|
||||
|
|
26
nixos/modules/dk-vpn.nix
Normal file
26
nixos/modules/dk-vpn.nix
Normal file
|
@ -0,0 +1,26 @@
|
|||
{ config, name, lib, ... }:
|
||||
let
|
||||
cfg = config.yorick.dk-vpn;
|
||||
in {
|
||||
options.yorick.dk-vpn = with lib; {
|
||||
enable = mkEnableOption "dk vpn";
|
||||
ip = mkOption {
|
||||
type = types.str;
|
||||
example = "10.100.0.2";
|
||||
};
|
||||
};
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
||||
age.secrets.wg-dk.file = ../../secrets/wg.dk.${name}.age;
|
||||
networking.wireguard.interfaces.wg-dk = {
|
||||
privateKeyFile = config.age.secrets.wg-dk.path;
|
||||
ips = [ "${cfg.ip}/32" ];
|
||||
peers = [{
|
||||
publicKey = "teCEYc4KWT6rGchNOp6sIFO0jmkhwTjv6reOzGscAm8=";
|
||||
endpoint = "dk-1.datakami.nl:51820";
|
||||
allowedIPs = [ "10.100.0.0/24" ];
|
||||
persistentKeepalive = 25;
|
||||
}];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -6,6 +6,7 @@ in {
|
|||
imports = [
|
||||
inputs.agenix.nixosModules.default
|
||||
inputs.fooocus.nixosModules.default
|
||||
../modules/dk-vpn.nix
|
||||
../modules/tor-hidden-service.nix
|
||||
../modules/nginx.nix
|
||||
../modules/lumi-cache.nix
|
||||
|
|
|
@ -116,15 +116,4 @@
|
|||
services.xserver.gdk-pixbuf.modulePackages = [ pkgs.webp-pixbuf-loader ];
|
||||
hardware.ledger.enable = true;
|
||||
|
||||
networking.wireguard.interfaces.wg-dk = {
|
||||
privateKeyFile =
|
||||
"/home/yorick/datakami/infra/keys/wg.yorick.key";
|
||||
ips = [ "10.100.0.4/32" ];
|
||||
peers = [{
|
||||
publicKey = "teCEYc4KWT6rGchNOp6sIFO0jmkhwTjv6reOzGscAm8=";
|
||||
endpoint = "dk-1.datakami.nl:51820";
|
||||
allowedIPs = [ "10.100.0.0/24" ];
|
||||
persistentKeepalive = 25;
|
||||
}];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -31,4 +31,6 @@ in
|
|||
"oauth2-proxy.age".publicKeys = [ yorick frumar ];
|
||||
"attic.env.age".publicKeys = [ yorick frumar ];
|
||||
"yobot.toml.age".publicKeys = [ yorick pennyworth ];
|
||||
"wg.dk.blackadder.age".publicKeys = [ yorick blackadder ];
|
||||
"wg.dk.smithers.age".publicKeys = [ yorick smithers ];
|
||||
}
|
||||
|
|
7
secrets/wg.dk.blackadder.age
Normal file
7
secrets/wg.dk.blackadder.age
Normal file
|
@ -0,0 +1,7 @@
|
|||
age-encryption.org/v1
|
||||
-> X25519 oK5aVw3b2VMGAv+iqFpV+v8HKlEak55TR1pfdIUcMRw
|
||||
XrxGyJBNC0wIqOySuSzdVDyn+89b0t/sZWPJpteareU
|
||||
-> ssh-ed25519 4Ui0LA g61JA54nJ8ntq/49klQyw04VSC8QsaFDJ2qDSMk90Tk
|
||||
0OvBCcdOIF2Frt2EG5uv3W2uo5Q/Fq+j40e3BrcCLaA
|
||||
--- me/I2VJ2HMCooIc8cxwCdYc22GQtwozH0WpbXUUmX7o
|
||||
eJžkqçæá)wú“ì =ÁƒéÕìˆù›Ø±±SÂ,q)Øk¢.·bËA°¿ä(qJÅõ/à"È1LYƃ^Ÿ Šý³£ŒƒLÇ×zª
|
8
secrets/wg.dk.smithers.age
Normal file
8
secrets/wg.dk.smithers.age
Normal file
|
@ -0,0 +1,8 @@
|
|||
age-encryption.org/v1
|
||||
-> X25519 hC5vLgf7JIjLClUWNcArsNw4gFMhRWjLnpV15ZOHRkI
|
||||
ZEEcyEkKj0171QuZwqyHl+TW6M4jV+jF290+QB2fHG4
|
||||
-> ssh-ed25519 dY0yIg U1OYSisKvvNj8tPA8S0aS2zAzMtZGsgECKXMxXstCis
|
||||
8iauYl1tDBWaLhXFeNmLRmGJgq46hO2OdN+yj8ifpuU
|
||||
--- cCDpXV77c1+l30/H0ORJ8nRGnLWyGQ9wP3QJ7Cakkig
|
||||
êÚDûŽL2k‡ V¥NZ¤<0C>Àû~Zßàóâñºð*ÜÑMç=
|
||||
ÑÈÔ#´Ú.0e„GwWÕÔµbLGš~£+4°Â¦[N¼š.ÞzWzc
|
Loading…
Reference in a new issue