add wireguard config for T495

3 files changed, 32 insertions, 1 deletions

diff --git a/modules/hosts/T495/configuration.nix b/modules/hosts/T495/configuration.nix
index 6624a9e..a8ccff1 100644
--- a/modules/hosts/T495/configuration.nix
+++ b/modules/hosts/T495/configuration.nix
@@ -1,5 +1,8 @@
 { config, lib, pkgs, ... }: {
-	imports = [ ./hardware-configuration.nix ];
+	imports = [
+		./hardware-configuration.nix
+		./wg.nix
+	];
 	system.stateVersion = "24.05";
 
 	networking.hostName = "T495";
diff --git a/modules/hosts/T495/resources/secrets/wg0.yaml b/modules/hosts/T495/resources/secrets/wg0.yaml
new file mode 100644
index 0000000..96a6349
--- /dev/null
+++ b/modules/hosts/T495/resources/secrets/wg0.yaml
@@ -0,0 +1,21 @@
+wg0: ENC[AES256_GCM,data:pOFkXu51VBvStuOZPgwSLUsChUxi0MPccQCufpbD9o+ZWlkOfvpko8fBnKWQ5jTXKs3JaK5ZifjjEr51HmINTjWrX1D2qjXQwjzySqv6BLPeCyK/KEFqpJHVYfTnUTaoCXlJwIMY4irpMOOdD20N5GiD79c+3djBopGT533L34XIMHAvgPg8AxP9/CcykN8i2eqdyOchqCvy/JYELxb0HRh6VHmzPMf0RV5YvWzL7Bk/4fTFiLLIn9anVWuVJ9o5rul6DSV6kS0BDmdAnIZ7YXtDn2RQtLTTB1z9PijkL5CcvK0FmwKlAP6L1tKDtwBLZ11/pAYmVooTAnc+pmlGbFRtITNEXlgngUY/lz9FSIePxarqCNPXn8MfiNAJhrSpSbRP7S5JXUwenHw4AyT77I7Ae4PV6y4qwqsBcp5kdnTG+c3tjJQ=,iv:CHY8ENBWBLgWXXF2Zv560NiUDWw00l8HvQIvhBHoNMg=,tag:IzOACow7hTSgb4uinq66tQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1lkv9x8vfjzkffxz95ygqr8sgqrnulplqkghkhq4zas62klgpgd2qt9p59t
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRWndzOThLTkF1RnZiNW52
+            RE1nYUN4VkFiQzhPQmtnb0lsQUNwbjJLaUZFCkIyVG40ZWlZTFZtMUVKOHZjS0RE
+            MXluMW1Gd0JRZy8wZFNoRTk5elNIeDQKLS0tIHhuTEFTVkFXNU93Vm9BT3BKSWpS
+            WVo3bTUyRU5QZUoyaFpwdlBIQWNTSmsKWFEP1O5pUiwJLYMabtKSMn2Mfk/8P13j
+            cogchslifEJr0t2aSYYUPdwdiJKFOsIXpj68BLYQsHWziOetwCcAvg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-10-31T03:44:59Z"
+    mac: ENC[AES256_GCM,data:SOHUgah6+C1OrzMglW1i+hjZPdRcL2rLUBejVg+o+Ibk2vI3ySyZJF6p389wUOjhWLguhPHf9+8kxn7HRUXOODXSL567LgxahfTj6J8MGDzXjALJuaGphmw5zJKbWGU06sR0tZlbyk89PO54dLVdvnFPuEbkLlma3cHD+qMEK7w=,iv:rX955auFPM4LjuSc8PPItGfvqiVQu7oqNmgs3GniWHc=,tag:1w7zTYHDVDQnX2FsBXs3uQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1
diff --git a/modules/hosts/T495/wg.nix b/modules/hosts/T495/wg.nix
new file mode 100644
index 0000000..3881b63
--- /dev/null
+++ b/modules/hosts/T495/wg.nix
@@ -0,0 +1,7 @@
+{ config, pkgs, inputs, ... }: {
+	sops.secrets.wg0.sopsFile = ./resources/secrets/wg0.yaml;
+
+	networking.wg-quick.interfaces = {
+		wg0.configFile = config.sops.secrets.wg0.path;
+	};
+}