wg-home: make wireguard pubkeys configurable; we'll want one per host
This commit is contained in:
parent
02f316f7f8
commit
7c18d77046
|
@ -20,6 +20,13 @@ let
|
||||||
e.g. "ssh-ed25519 AAAA<base64>".
|
e.g. "ssh-ed25519 AAAA<base64>".
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
wg-home.pubkey = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
description = ''
|
||||||
|
wireguard public key for the wg-home VPN.
|
||||||
|
e.g. "pWtnKW7f7sNIZQ2M83uJ7cHg3IL1tebE3IoVkCgjkXM=".
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
in
|
in
|
||||||
|
@ -41,18 +48,24 @@ in
|
||||||
ssh.user_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPU5GlsSfbaarMvDA20bxpSZGWviEzXGD8gtrIowc1pX";
|
ssh.user_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPU5GlsSfbaarMvDA20bxpSZGWviEzXGD8gtrIowc1pX";
|
||||||
ssh.host_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFw9NoRaYrM6LbDd3aFBc4yyBlxGQn8HjeHd/dZ3CfHk";
|
ssh.host_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFw9NoRaYrM6LbDd3aFBc4yyBlxGQn8HjeHd/dZ3CfHk";
|
||||||
};
|
};
|
||||||
|
|
||||||
sane.hosts.by-name."lappy" = {
|
sane.hosts.by-name."lappy" = {
|
||||||
ssh.user_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDpmFdNSVPRol5hkbbCivRhyeENzb9HVyf9KutGLP2Zu";
|
ssh.user_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDpmFdNSVPRol5hkbbCivRhyeENzb9HVyf9KutGLP2Zu";
|
||||||
ssh.host_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSJnqmVl9/SYQ0btvGb0REwwWY8wkdkGXQZfn/1geEc";
|
ssh.host_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSJnqmVl9/SYQ0btvGb0REwwWY8wkdkGXQZfn/1geEc";
|
||||||
|
wg-home.pubkey = "pWtnKW7f7sNIZQ2M83uJ7cHg3IL1tebE3IoVkCgjkXM=";
|
||||||
};
|
};
|
||||||
|
|
||||||
sane.hosts.by-name."moby" = {
|
sane.hosts.by-name."moby" = {
|
||||||
ssh.user_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICrR+gePnl0nV/vy7I5BzrGeyVL+9eOuXHU1yNE3uCwU";
|
ssh.user_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICrR+gePnl0nV/vy7I5BzrGeyVL+9eOuXHU1yNE3uCwU";
|
||||||
ssh.host_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1N/IT3nQYUD+dBlU1sTEEVMxfOyMkrrDeyHcYgnJvw";
|
ssh.host_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1N/IT3nQYUD+dBlU1sTEEVMxfOyMkrrDeyHcYgnJvw";
|
||||||
};
|
};
|
||||||
|
|
||||||
sane.hosts.by-name."servo" = {
|
sane.hosts.by-name."servo" = {
|
||||||
ssh.user_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPS1qFzKurAdB9blkWomq8gI1g0T3sTs9LsmFOj5VtqX";
|
ssh.user_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPS1qFzKurAdB9blkWomq8gI1g0T3sTs9LsmFOj5VtqX";
|
||||||
ssh.host_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfdSmFkrVT6DhpgvFeQKm3Fh9VKZ9DbLYOPOJWYQ0E8";
|
ssh.host_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfdSmFkrVT6DhpgvFeQKm3Fh9VKZ9DbLYOPOJWYQ0E8";
|
||||||
|
wg-home.pubkey = "cy9tvnwGMqWhLxRZlvxDtHmknzqmedAaJz+g3Z0ILG0=";
|
||||||
};
|
};
|
||||||
|
|
||||||
sane.hosts.by-name."rescue" = {
|
sane.hosts.by-name."rescue" = {
|
||||||
ssh.user_pubkey = null;
|
ssh.user_pubkey = null;
|
||||||
ssh.host_pubkey = null;
|
ssh.host_pubkey = null;
|
||||||
|
|
|
@ -37,7 +37,7 @@ in
|
||||||
peers = [
|
peers = [
|
||||||
{
|
{
|
||||||
# server pubkey
|
# server pubkey
|
||||||
publicKey = "cy9tvnwGMqWhLxRZlvxDtHmknzqmedAaJz+g3Z0ILG0=";
|
publicKey = config.sane.hosts.by-name."servo".wg-home.pubkey;
|
||||||
|
|
||||||
# accept traffic from any IP addr on the other side of the tunnel
|
# accept traffic from any IP addr on the other side of the tunnel
|
||||||
# allowedIPs = [ "0.0.0.0/0" ];
|
# allowedIPs = [ "0.0.0.0/0" ];
|
||||||
|
@ -61,7 +61,7 @@ in
|
||||||
peers = [
|
peers = [
|
||||||
{
|
{
|
||||||
# lappy
|
# lappy
|
||||||
publicKey = "pWtnKW7f7sNIZQ2M83uJ7cHg3IL1tebE3IoVkCgjkXM=";
|
publicKey = config.sane.hosts.by-name."lappy".wg-home.pubkey;
|
||||||
allowedIPs = [ "10.0.10.20/32" ];
|
allowedIPs = [ "10.0.10.20/32" ];
|
||||||
# allowedIPs = [ "10.0.10.0/24" "192.168.0.0/24" ];
|
# allowedIPs = [ "10.0.10.0/24" "192.168.0.0/24" ];
|
||||||
# allowedIPs = [ "0.0.0.0/0" ];
|
# allowedIPs = [ "0.0.0.0/0" ];
|
||||||
|
|
Loading…
Reference in New Issue
Block a user