add wireguard support for remote backup pc and enhance rebuild script to show pubkey gen cmdHEADmaster

5 files changed, 32 insertions, 0 deletions

diff --git a/.sops.yaml b/.sops.yaml
index a7cb534..b77c3fd 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -2,6 +2,7 @@ keys:
   - &general age1w80rc0dnuu8nw99gw64c596qqetm78jdnsqajr0u7ephykekr39qfz8vnv
   - &flex-wg-router age1f0tmpy2nam58skmznjyqd3zf54rxtfrk6fda0vlpq9y3yg6wac7sjf0vja
   - &poweredge age1zfvmt2avdlfz0fvchczplc84u7m8vqausm7zytl9s4x9m9yax4cqy30zpz
+  - &sweetiepc age1fl4rk54n2xv4vssjkw4nywy93s4yqv69uzq2f64zuwd8fjq5u4cq9wmmsw
 creation_rules:
   - path_regex: timmy/resources/secrets/.*
     key_groups:
@@ -34,3 +35,8 @@ creation_rules:
     key_groups:
       - age:
         - *poweredge
+
+  - path_regex: sweetiepc/resources/secrets/.*
+    key_groups:
+      - age:
+        - *sweetiepc
diff --git a/hosts/sweetiepc/configuration.nix b/hosts/sweetiepc/configuration.nix
index d2bf172..7bf5fcb 100644
--- a/hosts/sweetiepc/configuration.nix
+++ b/hosts/sweetiepc/configuration.nix
@@ -1,4 +1,6 @@
 { config, lib, pkgs, home-manager, ... }: {
+	#imports = [ ./wg.nix ];
+
 	# Setup bootloader
 	boot._loader = {
 		enable = true;
diff --git a/hosts/sweetiepc/resources/secrets/wg.yaml b/hosts/sweetiepc/resources/secrets/wg.yaml
new file mode 100644
index 0000000..9edaea5
--- /dev/null
+++ b/hosts/sweetiepc/resources/secrets/wg.yaml
@@ -0,0 +1,16 @@
+wg0: ENC[AES256_GCM,data:xow2iL5l7MqlUeCZ2e9R4ygKlK3+ZP2yIR73aHWiIaO24aF02I88cWajOvs44/CP2tTHJLM6OltN/rKr3+4DLCbhOrngl/uFyWv/Xva4n9ZCWBv0DgtQ0Qbk/Bi6Q+h3Uf7XXlOtsUNvzSXvW4L+EcwsTMQRU5CIpSHcIsyG/IsQ1ypHpzDPM8j3HHtoPp6zaYPpQiELoMIIuIjvnvjTAAEWYMPuiV4OgJy2kiAUFkEwDud3MV/e/D/q861lKSz5qiKWnxE/So9kmA4HaSw9EOi46EcFojat7r3LiludcMify4V+IliVs7LPYf8kaHSOPWdmd8cgDeYP3Np0ydhB2+2xSbRLCgZvJWuxkStbeNjA5sC3tAmA86I+axhjVGRD9NdbpksdDORBMJhx2iWVhBBvM5p/Ya0f5nXHlsLw4MLSCKOZlTf9OM5YlYGw/GA30nJbcOVx1TzK+BJ0cYsz7U4YJWEMHTEPIQ==,iv:TM0Csdn65smwseVzq36IJAcapEZx+yjhRyG3Atz2Jk0=,tag:A6wWrO8PJAPFaI2IFq5Ucw==,type:str]
+sops:
+    age:
+        - enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlS0pyVGtTekV0MXQ5WHYy
+            MlRZYnVVaXdKVDlGNlZOekxUWng4NUlWTXlBCnBzbzNwUWtTdExBUXpCNy83YStm
+            Y0xvTlo5bkczS2xSdUtjenNjQlhDNlkKLS0tIGd6RjlZWGtZNVpXeVNpd0EyTk5h
+            cWN0b0dXQjNwNFZjdXdiUDZCUDZETkkKJlDzHxpRHbh4+LPEaWjrmiFFGMOL4Hdi
+            lMhSrn/EmMmf6p82FVpWMfr7fEFc9lCRw1VytKNUc1Le3nIpkM8iJQ==
+            -----END AGE ENCRYPTED FILE-----
+          recipient: age1fl4rk54n2xv4vssjkw4nywy93s4yqv69uzq2f64zuwd8fjq5u4cq9wmmsw
+    lastmodified: "2026-06-22T19:17:43Z"
+    mac: ENC[AES256_GCM,data:o+p9xd02QZ9VcUwiAMAGExf5FBrDaKCkOen58d1zTzZuiH2Svcmg5xrA+N23XuEi9kVTcqby9fpymgTOlwNZn8JbmMYjLLiykBIWQvOPKNjAGzp2A9KFA1DpIzTegM+xXbnKv+FEZdRagAojkAUftUUzQYAUsmQVDnflzwNsSUI=,iv:s0oM+TgNNUgNZQ99Pb33UCUbhdZJ93Dv1X+GK6oFUwo=,tag:306d418MjlEZnPi6L2qd/g==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.13.1
diff --git a/hosts/sweetiepc/wg.nix b/hosts/sweetiepc/wg.nix
new file mode 100644
index 0000000..bf459d9
--- /dev/null
+++ b/hosts/sweetiepc/wg.nix
@@ -0,0 +1,7 @@
+{ config, pkgs, inputs, ... }: {
+	sops.secrets.wg0 = { sopsFile = ./resources/secrets/wg.yaml; key = "wg0"; };
+
+	networking.wg-quick.interfaces = {
+		wg0.configFile = config.sops.secrets.wg0.path;
+	};
+}
diff --git a/rebuild b/rebuild
index cb92b80..a9b63e3 100755
--- a/rebuild
+++ b/rebuild
@@ -4,6 +4,7 @@ if [ ! -f ~/.config/sops/age/keys.txt ]; then
 	echo "---------------------------------------------------------------------------------------------------"
 	echo "| WARNING: Sops key not found. Please generate one from your ssh key using the following command: |"
 	echo "|     nix run nixpkgs#ssh-to-age -- -private-key -i ~/.ssh/private > ~/.config/sops/age/keys.txt  |"
+	echo "|     cat ~/.config/sops/age/keys.txt | age-keygen -y  # Public key                               |"
 	echo "---------------------------------------------------------------------------------------------------"
 fi
 nixos-rebuild switch --sudo --flake "$(dirname "$0")/#$(hostname)" $@