Switch dk-vpn to multi system support

2024-06-11 15:26:54 +02:00 · 2024-06-11 15:26:54 +02:00 · d4b40a7170
parent 7b91a6e801
commit d4b40a7170
8 changed files with 53 additions and 11 deletions
--- a/nixos/machines/blackadder/default.nix
+++ b/nixos/machines/blackadder/default.nix
@ -84,4 +84,8 @@ in
    listen = "0.0.0.0";
  };
  networking.firewall.allowedTCPPorts = [ config.services.fooocus.port ];
+  yorick.dk-vpn = {
+    enable = true;
+    ip = "10.100.0.4";
+  };
 }
--- a/nixos/machines/smithers/default.nix
+++ b/nixos/machines/smithers/default.nix
@ -8,4 +8,9 @@

  system.stateVersion = "21.05";
  services.flatpak.enable = true;
+
+  yorick.dk-vpn = {
+    enable = true;
+    ip = "10.100.0.6";
+  };
 }
--- a/nixos/modules/dk-vpn.nix
+++ b/nixos/modules/dk-vpn.nix
@ -0,0 +1,26 @@
+{ config, name, lib, ... }:
+let
+  cfg = config.yorick.dk-vpn;
+in {
+  options.yorick.dk-vpn = with lib; {
+    enable = mkEnableOption "dk vpn";
+    ip = mkOption {
+      type = types.str;
+      example = "10.100.0.2";
+    };
+  };
+  config = lib.mkIf cfg.enable {
+
+    age.secrets.wg-dk.file = ../../secrets/wg.dk.${name}.age;
+    networking.wireguard.interfaces.wg-dk = {
+      privateKeyFile = config.age.secrets.wg-dk.path;
+      ips = [ "${cfg.ip}/32" ];
+      peers = [{
+        publicKey = "teCEYc4KWT6rGchNOp6sIFO0jmkhwTjv6reOzGscAm8=";
+        endpoint = "dk-1.datakami.nl:51820";
+        allowedIPs = [ "10.100.0.0/24" ];
+        persistentKeepalive = 25;
+      }];
+    };
+  };
+}
--- a/nixos/roles/default.nix
+++ b/nixos/roles/default.nix
@ -6,6 +6,7 @@ in {
  imports = [
    inputs.agenix.nixosModules.default
    inputs.fooocus.nixosModules.default
+    ../modules/dk-vpn.nix
    ../modules/tor-hidden-service.nix
    ../modules/nginx.nix
    ../modules/lumi-cache.nix
--- a/nixos/roles/workstation.nix
+++ b/nixos/roles/workstation.nix
@ -116,15 +116,4 @@
  services.xserver.gdk-pixbuf.modulePackages = [ pkgs.webp-pixbuf-loader ];
  hardware.ledger.enable = true;

-  networking.wireguard.interfaces.wg-dk = {
-    privateKeyFile =
-      "/home/yorick/datakami/infra/keys/wg.yorick.key";
-    ips = [ "10.100.0.4/32" ];
-    peers = [{
-      publicKey = "teCEYc4KWT6rGchNOp6sIFO0jmkhwTjv6reOzGscAm8=";
-      endpoint = "dk-1.datakami.nl:51820";
-      allowedIPs = [ "10.100.0.0/24" ];
-      persistentKeepalive = 25;
-    }];
-  };
 }
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -31,4 +31,6 @@ in
  "oauth2-proxy.age".publicKeys = [ yorick frumar ];
  "attic.env.age".publicKeys = [ yorick frumar ];
  "yobot.toml.age".publicKeys = [ yorick pennyworth ];
+  "wg.dk.blackadder.age".publicKeys = [ yorick blackadder ];
+  "wg.dk.smithers.age".publicKeys = [ yorick smithers ];
 }
--- a/secrets/wg.dk.blackadder.age
+++ b/secrets/wg.dk.blackadder.age
@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> X25519 oK5aVw3b2VMGAv+iqFpV+v8HKlEak55TR1pfdIUcMRw
+XrxGyJBNC0wIqOySuSzdVDyn+89b0t/sZWPJpteareU
+-> ssh-ed25519 4Ui0LA g61JA54nJ8ntq/49klQyw04VSC8QsaFDJ2qDSMk90Tk
+0OvBCcdOIF2Frt2EG5uv3W2uo5Q/Fq+j40e3BrcCLaA
+--- me/I2VJ2HMCooIc8cxwCdYc22GQtwozH0WpbXUUmX7o
+eJžkqçæá)wú“ì =ÁƒéÕìˆù›Ø±±SÂ,q)Øk¢.·bËA°¿ä(qJÅõ/à"È1LYÆƒ^Ÿ Šý³£ŒƒLÇ×zª
--- a/secrets/wg.dk.smithers.age
+++ b/secrets/wg.dk.smithers.age
@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> X25519 hC5vLgf7JIjLClUWNcArsNw4gFMhRWjLnpV15ZOHRkI
+ZEEcyEkKj0171QuZwqyHl+TW6M4jV+jF290+QB2fHG4
+-> ssh-ed25519 dY0yIg U1OYSisKvvNj8tPA8S0aS2zAzMtZGsgECKXMxXstCis
+8iauYl1tDBWaLhXFeNmLRmGJgq46hO2OdN+yj8ifpuU
+--- cCDpXV77c1+l30/H0ORJ8nRGnLWyGQ9wP3QJ7Cakkig
+êÚDûŽL2k‡ V¥NZ¤<0C>Àû~Zßàóâñºð*ÜÑMç=
+ÑÈÔ#´Ú.0e„GwWÕÔµbLGš~£+4°Â¦[N¼š.ÞzWzc