add wg config to X230HEADmaster

4 files changed, 30 insertions, 0 deletions

diff --git a/.sops.yaml b/.sops.yaml
index 2a6aa9b..4da25c9 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -17,3 +17,8 @@ creation_rules:
     key_groups:
       - age:
         - *general
+
+  - path_regex: X230/resources/secrets/wg0.yaml
+    key_groups:
+      - age:
+        - *general
diff --git a/hosts/X230/configuration.nix b/hosts/X230/configuration.nix
index 44e6cf1..fcf0b05 100644
--- a/hosts/X230/configuration.nix
+++ b/hosts/X230/configuration.nix
@@ -1,4 +1,6 @@
 { config, lib, pkgs, ... }: {
+	imports = [ ./wg.nix ];
+
 	# Setup bootloader
 	boot._loader.enable = true;
 
diff --git a/hosts/X230/resources/secrets/wg0.yaml b/hosts/X230/resources/secrets/wg0.yaml
new file mode 100644
index 0000000..5941b70
--- /dev/null
+++ b/hosts/X230/resources/secrets/wg0.yaml
@@ -0,0 +1,16 @@
+wg0: ENC[AES256_GCM,data:wcgowNptTdrJNjzH6n/ulbec5+GPkuRAUNidWFy4dhClioTg8vdrXhhwP+sykwEZYOjsLurkU0Rw1w9ds+AGe3J+FnW1qKdskcY+8t/CyNY51pUbzMCKxexnNj52+0+VlH6FAUyplo6ESg/vlWCFyuyACWjQfdqDW/1PxJzrYqZ7MIwbCdntjE/84F52BqxePt3LolzvzTGUOx5Lr6Jbv9i3tv1R9NmZxt5t2gwaGbIIPWMVZh972w5HJYa8bfx67vuyj6HE46tMiu8WdQbHfjRvVIA+0OtHihpDGHfi5Q6iXpO/rk4YJZjsiEgTMTqD08HD5Gm+wBFwHSJjCOBpBsq3GsspDLNI+EXel7Gmtk+BhL1tFQdpYPwz7bHd03Znawr4Br7R0gHJg4FXnhKlG+SyDqXKirnCyCTfUotIBmU0dX4tzmwiOMyvImgXZA==,iv:GAk27qkZDopzdWnBeL7yTmyn9dM2wSzKd41NRhsyNNY=,tag:Ba7jZhqEa8dUedIvVFBbHA==,type:str]
+sops:
+    age:
+        - recipient: age1w80rc0dnuu8nw99gw64c596qqetm78jdnsqajr0u7ephykekr39qfz8vnv
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4NEN4NGxDR1oreGVoSGhE
+            TzMxSEY0QVBhS2Z6MW15ci9aVlJ0a3IyVlZBCldPRVNvcUhJSHhWSEk3akd4RjN0
+            ajhUV2d1ZWRsRFU4cTE2dGl6RmM4MGsKLS0tIFhnUjl5aDJqWVB1NE15SlNzR2Iv
+            YTNydURsOUMrSXZGdk9UOUdUQlA0SFUKxEDJRR6tpYva9qpWo9NxwCxk/xpRVoTl
+            YJkmDZzMcXikXXiro96AprP9dXJXvMPKYPGl2Zsal8PlGFPBoHW2GA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-03-09T12:36:15Z"
+    mac: ENC[AES256_GCM,data:T8hQbFrPOGYQl8tbqUMLdQN3qjhcAXmKfwqEsLQkDjr2nxUXDz8d58TUsaRvkHC4jPo9lXyPL5SSpua2kzJIcDDLPkiPB/3qV8ksJQ0dgcfLkUnrI1mtoo9AOPnHrTjstSAR2cmiFbCTqRpkLnGwI+NoCLjNjd/GNSAlMl00QMg=,iv:boSHzNAuKGkAhtkApOOJEtW4gt13mMmCin24gf3dXIs=,tag:1+4+BE8ZPgvgf4RlH6Wmhw==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.12.1
diff --git a/hosts/X230/wg.nix b/hosts/X230/wg.nix
new file mode 100644
index 0000000..3881b63
--- /dev/null
+++ b/hosts/X230/wg.nix
@@ -0,0 +1,7 @@
+{ config, pkgs, inputs, ... }: {
+	sops.secrets.wg0.sopsFile = ./resources/secrets/wg0.yaml;
+
+	networking.wg-quick.interfaces = {
+		wg0.configFile = config.sops.secrets.wg0.path;
+	};
+}