diff options
| -rw-r--r-- | .sops.yaml | 2 | ||||
| -rw-r--r-- | modules/hosts/T495/configuration.nix | 5 | ||||
| -rw-r--r-- | modules/hosts/T495/resources/secrets/wg0.yaml | 21 | ||||
| -rw-r--r-- | modules/hosts/T495/wg.nix | 7 |
4 files changed, 33 insertions, 2 deletions
@@ -1,7 +1,7 @@ keys: - &T430 age1lkv9x8vfjzkffxz95ygqr8sgqrnulplqkghkhq4zas62klgpgd2qt9p59t creation_rules: - - path_regex: secrets/secrets.yaml$ + - path_regex: secrets/.*.yaml$ key_groups: - age: - *T430 diff --git a/modules/hosts/T495/configuration.nix b/modules/hosts/T495/configuration.nix index 6624a9e..a8ccff1 100644 --- a/modules/hosts/T495/configuration.nix +++ b/modules/hosts/T495/configuration.nix @@ -1,5 +1,8 @@ { config, lib, pkgs, ... }: { - imports = [ ./hardware-configuration.nix ]; + imports = [ + ./hardware-configuration.nix + ./wg.nix + ]; system.stateVersion = "24.05"; networking.hostName = "T495"; diff --git a/modules/hosts/T495/resources/secrets/wg0.yaml b/modules/hosts/T495/resources/secrets/wg0.yaml new file mode 100644 index 0000000..96a6349 --- /dev/null +++ b/modules/hosts/T495/resources/secrets/wg0.yaml @@ -0,0 +1,21 @@ +wg0: ENC[AES256_GCM,data:pOFkXu51VBvStuOZPgwSLUsChUxi0MPccQCufpbD9o+ZWlkOfvpko8fBnKWQ5jTXKs3JaK5ZifjjEr51HmINTjWrX1D2qjXQwjzySqv6BLPeCyK/KEFqpJHVYfTnUTaoCXlJwIMY4irpMOOdD20N5GiD79c+3djBopGT533L34XIMHAvgPg8AxP9/CcykN8i2eqdyOchqCvy/JYELxb0HRh6VHmzPMf0RV5YvWzL7Bk/4fTFiLLIn9anVWuVJ9o5rul6DSV6kS0BDmdAnIZ7YXtDn2RQtLTTB1z9PijkL5CcvK0FmwKlAP6L1tKDtwBLZ11/pAYmVooTAnc+pmlGbFRtITNEXlgngUY/lz9FSIePxarqCNPXn8MfiNAJhrSpSbRP7S5JXUwenHw4AyT77I7Ae4PV6y4qwqsBcp5kdnTG+c3tjJQ=,iv:CHY8ENBWBLgWXXF2Zv560NiUDWw00l8HvQIvhBHoNMg=,tag:IzOACow7hTSgb4uinq66tQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1lkv9x8vfjzkffxz95ygqr8sgqrnulplqkghkhq4zas62klgpgd2qt9p59t + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRWndzOThLTkF1RnZiNW52 + RE1nYUN4VkFiQzhPQmtnb0lsQUNwbjJLaUZFCkIyVG40ZWlZTFZtMUVKOHZjS0RE + MXluMW1Gd0JRZy8wZFNoRTk5elNIeDQKLS0tIHhuTEFTVkFXNU93Vm9BT3BKSWpS + WVo3bTUyRU5QZUoyaFpwdlBIQWNTSmsKWFEP1O5pUiwJLYMabtKSMn2Mfk/8P13j + cogchslifEJr0t2aSYYUPdwdiJKFOsIXpj68BLYQsHWziOetwCcAvg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-10-31T03:44:59Z" + mac: ENC[AES256_GCM,data:SOHUgah6+C1OrzMglW1i+hjZPdRcL2rLUBejVg+o+Ibk2vI3ySyZJF6p389wUOjhWLguhPHf9+8kxn7HRUXOODXSL567LgxahfTj6J8MGDzXjALJuaGphmw5zJKbWGU06sR0tZlbyk89PO54dLVdvnFPuEbkLlma3cHD+qMEK7w=,iv:rX955auFPM4LjuSc8PPItGfvqiVQu7oqNmgs3GniWHc=,tag:1w7zTYHDVDQnX2FsBXs3uQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/modules/hosts/T495/wg.nix b/modules/hosts/T495/wg.nix new file mode 100644 index 0000000..3881b63 --- /dev/null +++ b/modules/hosts/T495/wg.nix @@ -0,0 +1,7 @@ +{ config, pkgs, inputs, ... }: { + sops.secrets.wg0.sopsFile = ./resources/secrets/wg0.yaml; + + networking.wg-quick.interfaces = { + wg0.configFile = config.sops.secrets.wg0.path; + }; +} |