Add wireguard to http proxy
Some checks failed
Run nix flake check / flake-check (push) Has been cancelled
Some checks failed
Run nix flake check / flake-check (push) Has been cancelled
This commit is contained in:
parent
f9a0a74435
commit
f15c318558
@ -60,6 +60,11 @@ creation_rules:
|
|||||||
- age:
|
- age:
|
||||||
- *admin_torjus
|
- *admin_torjus
|
||||||
- *server_nix-cache01
|
- *server_nix-cache01
|
||||||
|
- path_regex: secrets/http-proxy/.+
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- *admin_torjus
|
||||||
|
- *server_http-proxy
|
||||||
- path_regex: secrets/auth01/[^/]+\.(yaml|json|env|ini|)
|
- path_regex: secrets/auth01/[^/]+\.(yaml|json|env|ini|)
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
|
@ -3,5 +3,6 @@
|
|||||||
imports = [
|
imports = [
|
||||||
./configuration.nix
|
./configuration.nix
|
||||||
../../services/http-proxy
|
../../services/http-proxy
|
||||||
|
./wireguard.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
25
hosts/http-proxy/wireguard.nix
Normal file
25
hosts/http-proxy/wireguard.nix
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
{ config, ... }:
|
||||||
|
{
|
||||||
|
sops.secrets.wireguard_private_key = {
|
||||||
|
sopsFile = ../../secrets/http-proxy/wireguard.yaml;
|
||||||
|
key = "wg_private_key";
|
||||||
|
};
|
||||||
|
networking.wireguard = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
interfaces = {
|
||||||
|
wg0 = {
|
||||||
|
ips = [ "10.69.222.2/24" ];
|
||||||
|
listenPort = 51820;
|
||||||
|
privateKeyFile = config.sops.secrets.wireguard_private_key.path;
|
||||||
|
peers = [
|
||||||
|
{
|
||||||
|
publicKey = "32Rb13wExcy8uI92JTnFdiOfkv0mlQ6f181WA741DHs=";
|
||||||
|
allowedIPs = [ "10.69.222.0/24" ];
|
||||||
|
persistentKeepalive = 25;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
25
secrets/http-proxy/wireguard.yaml
Normal file
25
secrets/http-proxy/wireguard.yaml
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
wg_private_key: ENC[AES256_GCM,data:DlC9txcLkTnb7FoEd249oJV/Ehcp50P8uulbE4rY/xU16fkTlnKvPmYZ7u8=,iv:IsiTzdrh+BNSVgx1mfjpMGNV2J0c88q6AoP0kHX2aGY=,tag:OqFsOIyE71SBD1mcNS/PeQ==,type:str]
|
||||||
|
sops:
|
||||||
|
age:
|
||||||
|
- recipient: age1lznyk4ee7e7x8n92cq2n87kz9920473ks5u9jlhd3dczfzq4wamqept56u
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzdm9HTTN1amwxQ2Z6MUQv
|
||||||
|
dGJ0cEgyaHNOZWtWSWlXNXc5bGhUdSsvVlVzCkJkc3ZQdzlBNDNxb3Avdi96bXFt
|
||||||
|
TExZY29nUDI3RE5vanh6TVBRME1Fa1UKLS0tIG8vSHdCYzkvWmJpd0hNbnRtUmtk
|
||||||
|
aVcwaFJJclZ3YUlUTTNwR2VESmVyZWMKHvKUJBDuNCqacEcRlapetCXHKRb0Js09
|
||||||
|
sqxLfEDwiN2LQQjYHZOmnMfCOt/b2rwXVKEHdTcIsXbdIdKOJwuAIQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1gq8434ku0xekqmvnseeunv83e779cg03c06gwrusnymdsr3rpufqx6vr3m
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEeU01UTc2V1UyZXRadE5I
|
||||||
|
VE1aakVZUEZUNnJxbzJ1K3J1R3ZQdFdMbUhBCjZBMDM3ZkYvQWlyNHBtaDZRWkd4
|
||||||
|
VzY0L3l4N2RNZjJRTDJWZTZyZVhHbW8KLS0tIGVNZ0N0emVmaVRCV09jNmVKRlla
|
||||||
|
cWVSNkJqWHh5c21KcWFac2FlZTVaMTAK1UvfPgZAZYtwiONKIAo5HlaDpN+UT/S/
|
||||||
|
JfPUfjxgRQid8P20Eh/jUepxrDY8iXRZdsUMON+OoQ8mpwoAh5eN1A==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2025-05-15T18:56:55Z"
|
||||||
|
mac: ENC[AES256_GCM,data:J2kHY7pXBJZ0UuNCZOhkU11M8rDqCYNzY71NyuDRmzzRCC9ZiNIbavyQAWj2Dpk1pjGsYjXsVoZvP7ti1wTFqahpaR/YWI5gmphrzAe32b9qFVEWTC3YTnmItnY0YxQZYehYghspBjnJtfUK0BvZxSb17egpoFnvHmAq+u5dyxg=,iv:/aLg02RLuJZ1bRzZfOD74pJuE7gppCBztQvUEt557mU=,tag:toxHHBuv3WRblyc9Sth6Iw==,type:str]
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.10.2
|
Loading…
x
Reference in New Issue
Block a user