feat(nl): wireguard

mokrinsky · Sep 22, 2023 · 03b4200 · 03b4200
1 parent de60f9b
commit 03b4200
Show file tree

Hide file tree

Showing 2 changed files with 89 additions and 2 deletions.
diff --git a/hosts/nl/configuration.nix b/hosts/nl/configuration.nix
@@ -95,6 +95,7 @@ in {
       "openvpn/nl.key".path = "/etc/openvpn/nl.key";
       "openvpn/config" = {};
       "minio" = {};
+      "wg/privateKey" = {};
     };
   };
 
@@ -116,8 +117,92 @@ in {
         179
         9000
       ];
+      allowedUDPPorts = [
+        8213
+      ];
       enable = true;
     };
+    wireguard = {
+      interfaces = {
+        wg0 = {
+          ips = ["192.168.254.1/24"];
+          listenPort = 8213;
+          privateKeyFile = config.sops.secrets."wg/privateKey".path;
+          peers = [
+            {
+              name = "bogoden";
+              publicKey = "eJgoBWQt9gRlLhO5rzUWwufExiuR6SNzrtdPkW6zz0M=";
+              allowedIPs = ["192.168.254.2/32"];
+            }
+            {
+              name = "green";
+              publicKey = "8Dmm5nyCIGMjJ2zv1SkYAjr+kWHqjQXy1evYQXFe9jk=";
+              allowedIPs = ["192.168.254.3/32"];
+            }
+            {
+              name = "mbp";
+              publicKey = "hiiI52MWUxUOb9sWRugc/rMGCxrH+dBwN+WObqt4CEY=";
+              allowedIPs = ["192.168.254.4/32"];
+            }
+            {
+              name = "ipad";
+              publicKey = "jJm9LizeFCq/qCj67TPw1t16sNilnRIhY00yOzn5+kc=";
+              allowedIPs = ["192.168.254.5/32"];
+            }
+            {
+              name = "apermade";
+              publicKey = "3AoqIcEJus/botarevEFMIehoeDIYw0Qs0A3WnDyA04=";
+              allowedIPs = ["192.168.254.6/32"];
+            }
+            {
+              name = "owl";
+              publicKey = "VtZ8L8g2yKZUjhRPQecF0f24WneBF+uxS2BlwhhFZhQ=";
+              allowedIPs = ["192.168.254.7/32"];
+            }
+            {
+              name = "lavriv";
+              publicKey = "k7HnP/LN57ZTaVRreN0LYJMIjrkUkpppVJUx1pWXQQc=";
+              allowedIPs = ["192.168.254.8/32"];
+            }
+            {
+              name = "vsalnikova";
+              publicKey = "ugnH3K1xs8bu42mNgTjz7yua8X8IpcJ2XRRdqTlQKlA=";
+              allowedIPs = ["192.168.254.9/32"];
+            }
+            {
+              name = "kulychevaa";
+              publicKey = "KiezRV3t23p8QRY3hJbEBMRm8qNQLWP0bFIu8lx4Vx0=";
+              allowedIPs = ["192.168.254.10/32"];
+            }
+            {
+              name = "aaronchikov";
+              publicKey = "jcojWbtqBnjQDnKMXXlQc+kX3kHgfTAn0V/Oi7bEm2c=";
+              allowedIPs = ["192.168.254.11/32"];
+            }
+            {
+              name = "sabomov";
+              publicKey = "C6GHdtWN3BxIF0DVx7/XGB7maUbhZnifDEBjyhLSVEs=";
+              allowedIPs = ["192.168.254.12/32"];
+            }
+            {
+              name = "sabomov_v2";
+              publicKey = "f1lNooi1anFZt00BW3Saz6r3+UzBV2tzwGnZz06oBk8=";
+              allowedIPs = ["192.168.254.13/32"];
+            }
+            {
+              name = "kulychevaa_mbp";
+              publicKey = "nKKvqyf3oPG40B313jzzBJGqi1TpwSLjcm7HED2bg2w=";
+              allowedIPs = ["192.168.254.14/32"];
+            }
+            {
+              name = "tomin_a";
+              publicKey = "Jr37wO1gDN87h5DDw8HieCnwDpuVVgDiRviSIcBwEww=";
+              allowedIPs = ["192.168.254.15/32"];
+            }
+          ];
+        };
+      };
+    };
   };
   programs = {
     neovim = {

diff --git a/secrets/nl.yaml b/secrets/nl.yaml
@@ -1,3 +1,5 @@
+wg:
+    privateKey: ENC[AES256_GCM,data:r4MkLwuhxABKsoNaj32nHk8ETCVfbIrDDzI8MgybWx2lIOV9N/0xHeommio=,iv:3pPAB627qdeBnZ13W0Ce16cAsVdiOKHGkblJLpWVy3k=,tag:KaMcZf6aBfaiYd9vvSTuqg==,type:str]
 minio: ENC[AES256_GCM,data:Y9fHCbkA3k2VaqwwIRtYWrj1/QXBh/SuW/Go0MzcGjBI3NPHJMU0RooBqUkL6SIA8066d5Xx/l21,iv:JYDL8claZB6/qwXAZLuhJ3hxtxyIUtHRdYxnfkILbRc=,tag:Qw8qKMgnCIgA4FgxKDv0OA==,type:str]
 openvpn:
     ca.crt: ENC[AES256_GCM,data:GyVfoNDgJsDk0SX7v7p4aSkHtZaQHPEr/nUy79CgehvXlOYaWOc1Fc/B9lNiYO8MNiQNnYcTYvkxVQXq6YxN7MshXwPnqWpnsUWcozgO6wKoRyu320ZDGTZDaunEGqVyH68L6eE59mFpXUMP/zWCCwTBYWkAEIX1JXssNmIg1jy2R7xaIMZaui6/i6Xd5Jq0v55YURRuYKrLIxmb57nh0/bRiVjr4bvVlYvlTq/v0A2oBJmP6TePJYQwSqUCkGjD67tsl9Mc2xHMxsx9dJLMt2tJZvZ9Gtu/34z0KWI+F5LqRhgPJ5mH0CQIRnX5U0EaeBBHF0GPuAactdeTxYnB+XgLVfnRVPtZzO/84rD0lealrfrupAdmzLsRl3Su9MPaGw6xLFWDIFu+F4wY5mywDkauO1wI/knceWDyiVY9Q3ahnbY0AiyTI2cUedIkzw+U6/2/Yds8MzwnCAsR2hma7j4ZNVx6LmbmP1te4fc9Z1I+xvXZCiyCYwJ/U4rm7o1BSBSW+jrIvHGj2sfScg3NgvfvFOjYlpdl0dwNB71bHA5sYt8xw/8MpLQiz9OJSxv4cgPEDIBlhHNPR9oH++0l9YU6Xq/2lqFhOVbg2L6D/aadBZJGc9VCdg8pCiCW0OVpiNAQrWg+3LKlf6bXAvyPhqjHWJL1tYaGw8BLxZCW3skSFcWghlCMRKza1nLFWQUMi0DreTmDgssAvNcCToewdk1gSOERBMmky3jow7gJuS8c/0T8DZ93n5/sMm0av7Ccslpm+rHym1g5Hp9zsPJpnbXHvf4SBexccvzEpH68OgO9OAB7bMIujgxZn7rnCifnLBpBAq3G7APNKzkxGA3KSTV+nVU5Pn5hlVudmlbFa8TXSdL84AGrV5o+OxuOSB8XHdIA+G86XlRNADBdbCPRoovJVDW7yHxGQGbUj0AQCO6AHNUs+5nXOemEPU2TXURn1Xzjz8CQF4FHlkZz3FaAR0VvlBbiIIH3llfEF2GzK9MKReUFQSD5Lpwxq1HpPMIwFIcXMe8P93pecmZLvE8jZUi1I6CyS6IQZPE/JWbyJH6Mzm2uXidNbWs+FZXZu9dDrPx3t0k/rgwrVilqB/CChboP6N1T3LdeoYUZbTrQMC7TU7nv4HFMfKFCdXjEIb7Kt3skY7+krsnsBU98e7OdK8xWg7mSfnCcgH/VCE7v4T1Jf859ECZjFRrkfqO12u6FyUQLDzPsANPLCXG8ciq5yD14+/fYvo2lGVURwU6NG6B4WElpUJuIBjLfKvmKHnLOpZYQXw7IUHqCXyYlfWeM+HwNHAWwpE/1QTlIxJUjYtKSVhRZStHowJDrEqAIk4Ovpo2qpPK3qxr8g/q2ojmeiXwPcTcQ6owcaaCviz77BkaILm6se2NWj0Mc8MyFPkw17gzjS9nqMuXFUC2A+wLsKHjSe+n5dyxArKcxGR+8X/Fd8tIREKDmcSoSqQgfevnGq55Cij/iKJQfYJwsqThTa2g5iqlH5CfCMhjXvz3P2/Hq0gng3Rr/CAyR9H5ZqZpMKlocVzlevpymlgWIsppj+XBbE/lR2Frzmu7uUmUPasuH70y/j/YmlipFgdmIZ9iTHPORY5VJAyljFnIwv41x7ImPpF/IpyRjnaefWDDQEncZ1vAjQ3ZLbfwXvpqMpPeBAI1i4cG0zN14LhfqvlowOopWHSJjBa34UqE0eYIxY7ODwkDQypRPbui3o0lW35ufiQmKxbjpHArWsb0q457fuC2uuZDGh+RfKMOpqouL+GBRvw5rXu54NIlvy0evV5r5EkI3Dc1Rz1A+LGyLkLUD8odkTdg2rSAfzJve6WVorwA64SRKhhWrzyS0ugWMcO1wBa6/8a+m5jK+WphSXt1KuMTEJ/X//YkcB1Ve2tBmz0/2PaHnyBnFQsc6254OfDHVhhjDRUjTmV0GDglu+nqgq7ax2t6QFmFj0hvQVqAy8JUnI99mm1MDrlchCmMbUa0MrPy7eQUqAvCJcMP3QgjAxHkZTy2UD7g1LB7CVuDDLf8eGGV4VfUopBKAqbqSAPEymk6TvtKP6l2KeL+9F51E2I2Fz+Uutfm1nl0wrd9Bqx7fVjyEv78Rp0TPhlZBVyxMStR1aMGfP+xKl8yZpya9YL5uvf+uIzPvHPBCtjOPQGeCNoA2rWIBi7sN6BS1cHuXpupHZWo1HFFpKxtrvKAQ9DrjW3r1Sf24ztAezxRexaHqk/4kPkpTFTqHM4J5Saj8UXqKO1yLZmbxObLBT/HIOL+quwIcFcC6rHlg60MC4XtOIHf6+WqbhKoDbh3wfZVwSkUx0E8/HCHQMXoHFA8jyQ==,iv:A/bZIn1p733L2J47hdOFgqEEeUAGm4LiZof/jre+gW4=,tag:q9ZOiiwkMu0L2Z4XtcuYng==,type:str]
@@ -19,8 +21,8 @@ sops:
             UnlsMmp5OFowa3N3RTJ5VUFZZkFWMXcK2JO3LPdAopTUyuJTlHA3wIkKyQe9YOFz
             DTn0pOf6tPiN9DfwQbbfNiI+KwpGvNpW1zK6jnmwqq0Bpl30C0A9cw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-09-18T22:50:04Z"
-    mac: ENC[AES256_GCM,data:6VVKIexzqWAdeHH8Tv7ngPmPlHbellh3AZJpu+w8wW+jQRv2uyM9jtvlDfaKq0tzk/tt2JSWt7w5da3r1dLE26p4ykPt5tC7Ysh1wVs8ga2aVMeInvgekVbJtf8iffmhJi7jTZsneicFEwhi6vl00oEae5Hu5mtgivmkIqnLjZQ=,iv:PtIaokUFEkCMQnotKha+k7EbAeGySTyI75BQEpSuWhE=,tag:1Fp7O9gTbXfRsRB2/qfPdA==,type:str]
+    lastmodified: "2023-09-22T22:53:20Z"
+    mac: ENC[AES256_GCM,data:Xy3+Md34YBACHQmmGx2A3RVCFaXqdD3EqFUvS7z0evepfndGll9/ntgS0/r90k3PZVvXA1rifVlgMPYuY6lejpAyTGQ7EmH5c3+dbCG/pldjTyQtuOO/wq63dkT9LQEJ9ShKb9eVIjsrtmAl6V/b2A9gQxTjbIchV6bbLoumHRE=,iv:+MqZh/50ZL3Szt5yb0Y8C+iAl/Dbs8XxJVZn7tMwh1M=,tag:M5EAueNj969h0DwwiFCN0w==,type:str]
     pgp:
         - created_at: "2023-07-23T04:08:39Z"
           enc: |