summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.sops.yaml5
-rw-r--r--hosts/flex-wg-router/configuration.nix22
-rw-r--r--hosts/flex-wg-router/resources/secrets/wg.yaml17
-rw-r--r--hosts/flex-wg-router/wg.nix9
-rw-r--r--hosts/hp-envy-office/configuration.nix6
-rw-r--r--hosts/hp-envy-office/resources/secrets/wg.yaml16
-rw-r--r--hosts/hp-envy-office/wg.nix7
7 files changed, 64 insertions, 18 deletions
diff --git a/.sops.yaml b/.sops.yaml
index 413b0a2..a7cb534 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -20,6 +20,11 @@ creation_rules:
- age:
- *general
+ - path_regex: hp-envy-office/resources/secrets/.*
+ key_groups:
+ - age:
+ - *general
+
- path_regex: flex-wg-router/resources/secrets/.*
key_groups:
- age:
diff --git a/hosts/flex-wg-router/configuration.nix b/hosts/flex-wg-router/configuration.nix
index 5777626..18d9667 100644
--- a/hosts/flex-wg-router/configuration.nix
+++ b/hosts/flex-wg-router/configuration.nix
@@ -1,6 +1,8 @@
{ config, lib, pkgs, ... }: let
ipAddress = "10.1.1.1";
in {
+ imports = [ ./wg.nix ];
+
# Setup bootloader
boot._loader.enable = true;
@@ -18,8 +20,8 @@ in {
_interfaceLabels = {
enable = true;
interfaces = {
- lan0 = "98:b7:85:22:9b:43"; # Internal
- wan0 = "54:ee:75:8c:4b:2d"; # External
+ lan0 = "98:b7:85:22:9b:43"; # External
+ wan0 = "54:ee:75:8c:4b:2d"; # Internal
};
};
# Set ip addresses
@@ -37,27 +39,15 @@ in {
address = "46.110.173.161";
interface = "wan0";
};
- nameservers = [ "127.0.0.1" ];
# Firewall rules
firewall = {
interfaces.wan0 = {
- allowedTCPPorts = [ 22 ];
+ allowedUDPPorts = [ 51820 ];
};
};
- #nat.forwardPorts = [
- # {
- # sourcePort = 2222;
- # proto = "tcp";
- # destination = "10.1.1.1:22";
- # }
- # {
- # sourcePort = 22;
- # proto = "tcp";
- # destination = "10.1.1.1:22";
- # }
- #];
};
+ # Router config
services._router = {
dnsDhcpConfig = {
localDomain = "wg-router.pls.lan";
diff --git a/hosts/flex-wg-router/resources/secrets/wg.yaml b/hosts/flex-wg-router/resources/secrets/wg.yaml
new file mode 100644
index 0000000..1f6867b
--- /dev/null
+++ b/hosts/flex-wg-router/resources/secrets/wg.yaml
@@ -0,0 +1,17 @@
+wg1: ENC[AES256_GCM,data:r7jNBzEcItmlEtjhKCbyOBaNYfutKxC2UdUYSLHfYyLnwwdIwM1kfvd5K1/UZNAKoG7sHpBha59M1tvZAOIGAFnzG14YsVrMD8w6Qy4pc0FmdyNHDEM4EwaqHFRjbb5oBAFv6lI2VZ3AgXf6StXoVUYtbEA1QBVqVq4Syk6/CalnhkE2LuZpuVA5GZUZ8aTmFRp9zOnhcNoVJMrokTUswV4Mgn3zt2Tb+3bfoZJ9jbb6H8P/F0NGU+phy0EENZMIqOGBP5aPPIZfVQYphQcG6BYiddti3Copq57vqh/qOB70LPle6b/IsaT/K8Xqjp8PjNI/e5gkZdVwIGx/w3Gk0+CkD0tDEUMBdsFfvm7Dbz3xQxN66/0ZMGQgic0xtytr/DfKCIMIwsr33GKavP7OXEJ6lUF615Y4PQhNNx4ePlgcttt2b7TG5bM8nxKsaQ==,iv:mLYNgKXCp8w2JO90Rsn7gtifEn4Yc6JKnjws7uo1w10=,tag:c51B1fZe1HnJhFDc86HnOg==,type:str]
+wg0: ENC[AES256_GCM,data:SJQ21aLwoQ0nEHfoHRd+ksL8pX7HoCRVjGIS/BZxq9JQhHJg9ZHHbwwUkz/3vrq1S+PD7e1bL0FHpgHPuZVHawpaFIeWd6TEPH+6oUxlRbDaEbcWR5POlNyMVV3z9TnOElgmqT0VUqfY80NEqFPbCLdjcWHjnwO4nzrEhPMA9WG2PFCAnZNUtVXh2mnblA61/xmxkSVysahBP+bTHA8a+v/AXy7WrHbnHizTeevdCMqWyDhzHvO8hfH4tU/xJ7GQrG/bxk4JZ6XT8a2CAqmNEKyWicB/zSc5NdILNQL7Kx2mzg/fDp4nltf7iBRZfLuN+r7whrKJ2lJQPATeyjMlIgHUcnohjihiOsGYiBcB3/Y4hIHVt7rRBMoFBB2OgNKC3gx6saZreRxLHZcRZFcVm39G9vaw6EI=,iv:qO8vMlstL/kOxFSlUd/dCtAK9ZzZt+LH/9vfulqHiMc=,tag:yuiwA8Hp8qDrF3UPlCMSUg==,type:str]
+sops:
+ age:
+ - recipient: age1f0tmpy2nam58skmznjyqd3zf54rxtfrk6fda0vlpq9y3yg6wac7sjf0vja
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoNVZ5dmNSd1NRQUhURkl2
+ dnk3MkNjMFUyNnU5L1FFNTV0a1NUbUZ6ZUEwCmNNUldIdnoycVpwUHJrcXZvZXp5
+ NGVHcUlHUm1uK0QxV1JmdDVyQVoxZDgKLS0tIDJhSHhkYjNML045SHNobytucnVZ
+ L25wUWRJbzZMZDFseXdvOFJXQVRxN28KJjC3ola24tTEV8tFYpnsId4d0S+jHkS9
+ ME6i4jorWRlQKdYn/gTUoqgMAvJEc73hjTfgX6bFshhuhflfGxXQQw==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2026-03-31T19:40:45Z"
+ mac: ENC[AES256_GCM,data:XON+JNOWr6WRYYI0+vCC4qiDST8iY/XQZlkB16l5vMsirS3j5iAIi60hn5viFqMn+IIV7GretbVnBVP32R4C59II8bIySzrsdJj5AuvTvdBvglhkelhiDnchqE98KCG9zr41bJsSaQ/8ubRy7b5jiu9aqzQFg9UQZousecIu/MU=,iv:IJNCc05iu0sZxa3RFh5l1TMcwl3YKRtVXn4wfdOy6M8=,tag:OO5uC8nAjqsWoxC1N801GA==,type:str]
+ unencrypted_suffix: _unencrypted
+ version: 3.12.1
diff --git a/hosts/flex-wg-router/wg.nix b/hosts/flex-wg-router/wg.nix
new file mode 100644
index 0000000..b454b81
--- /dev/null
+++ b/hosts/flex-wg-router/wg.nix
@@ -0,0 +1,9 @@
+{ config, pkgs, inputs, ... }: {
+ sops.secrets.wg0.sopsFile = ./resources/secrets/wg.yaml;
+ sops.secrets.wg1.sopsFile = ./resources/secrets/wg.yaml;
+
+ networking.wg-quick.interfaces = {
+ wg0.configFile = config.sops.secrets.wg0.path;
+ wg1.configFile = config.sops.secrets.wg1.path;
+ };
+}
diff --git a/hosts/hp-envy-office/configuration.nix b/hosts/hp-envy-office/configuration.nix
index 34e2de3..c55c07b 100644
--- a/hosts/hp-envy-office/configuration.nix
+++ b/hosts/hp-envy-office/configuration.nix
@@ -1,4 +1,6 @@
{ config, lib, pkgs, ... }: {
+ imports = [ ./wg.nix ];
+
# Setup bootloader
boot._loader.enable = true;
boot.loader.timeout = 15; # Show for longer since it's usually skipped
@@ -48,8 +50,8 @@
home-manager.users.timmy = {
gtk._mintTheme = {
dark = true;
- color = "Green";
- icons.color = "Green";
+ color = "Blue";
+ icons.color = "Blue";
};
programs._seasonalwallpaper.wallpapers.download = true;
fonts.fontconfig = {
diff --git a/hosts/hp-envy-office/resources/secrets/wg.yaml b/hosts/hp-envy-office/resources/secrets/wg.yaml
new file mode 100644
index 0000000..f3b53aa
--- /dev/null
+++ b/hosts/hp-envy-office/resources/secrets/wg.yaml
@@ -0,0 +1,16 @@
+wg1: ENC[AES256_GCM,data:XWdnE2QvfvFlMKUW6BoUSsEXDmYj4aNfbxvA6pFeIZM7NEtIwC4/NsplPwFIZwF372/bwDGXGocuh5gd1p/eAlsyz2DrAS+8g1+4T40EPPmXPgh++vUTvcpPlt74Qxp2yAeEU4CU7UPLvlxSvNjh5PGS68Cw7KxSB7kiWFxRWtm5oVfb+U6cBaQE6Biie7wPmXNWOobGHTfFYDeNmH6w33nH4lCV2MC0eYty9ytwHeVS7gUNrk4oxIfd+1FmNzwNHtVZvRg4wRzcc2M9fD0LuyuY6QVS/qaJG4hNNEHZ6qa0VMTnOzQ4jFHtd5jnz2vb7ckE7UWcFPjXYObcykk0End7sHVN/bD+fUv56JKZOHvVYFgs6OwCzUPAufnv10+h,iv:LMEpZW3mwGuIpJoacBYL8M0ROVNeVMzeb7ncZtfxIDA=,tag:aNCziN9CVgm0IB8VvVorEA==,type:str]
+sops:
+ age:
+ - recipient: age1w80rc0dnuu8nw99gw64c596qqetm78jdnsqajr0u7ephykekr39qfz8vnv
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhdUJRS21FeFlseWJXU1dt
+ MnhQRnFvZWM0M1o4bUhBWW9KRDdnZ1pGZkYwCnhPYmFHZmdnRS9lb2xsTXZBcmIx
+ dHF5dmlrbjJyUk84QVBLTEFwMWdESGMKLS0tIHFyZGpSeTFoNEQyZThFc2RyQkhY
+ Q1ZvODVWSXE1STlkZ09tVXdVeU1WaVkKhKMfJclNgHXN7pww2w3AaKwcWiBo676g
+ RWSkV6C+5purA0CzTu1uC3CKz8UK8mVgPfamSZdZQU8+6bGMmseWoQ==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2026-03-31T19:32:51Z"
+ mac: ENC[AES256_GCM,data:zpEYjHqta6HuRHIKijbLmAND5mCaR14ZUdEeXq/zJ8g4DgWrAkaukhYdXhLH+SEUZt8d3tmj5Eq+6oz9qEjdWhBuPykxVBmBiqIhQBgACCMhSL5v3wY1rxL2ZiQ7szEuwh0GjXpkzPno0Z2+xZ6FzVsJdGnZwykru+JWQcUIfvk=,iv:yUiP/clvI/NnDrji9eMYiTqtO1xsTc7u86V/nlQSMIA=,tag:UyMz/BdYoGxXCJIb8tITcQ==,type:str]
+ unencrypted_suffix: _unencrypted
+ version: 3.12.1
diff --git a/hosts/hp-envy-office/wg.nix b/hosts/hp-envy-office/wg.nix
new file mode 100644
index 0000000..763496e
--- /dev/null
+++ b/hosts/hp-envy-office/wg.nix
@@ -0,0 +1,7 @@
+{ config, pkgs, inputs, ... }: {
+ sops.secrets.wg1.sopsFile = ./resources/secrets/wg.yaml;
+
+ networking.wg-quick.interfaces = {
+ wg1.configFile = config.sops.secrets.wg1.path;
+ };
+}
generated by cgit v1.2.3 (git 2.25.1) at 2026-04-01 00:41:05 +0000