wireguard: port private key to secrets.nix
This commit is contained in:
parent
0f54253cf7
commit
a407bd9920
|
@ -1,4 +1,4 @@
|
|||
{ config, pkgs, ... }:
|
||||
{ config, pkgs, secrets, ... }:
|
||||
|
||||
{
|
||||
networking.domain = "uninsane.org";
|
||||
|
@ -35,10 +35,7 @@
|
|||
# DOCS: https://nixos.wiki/wiki/WireGuard
|
||||
networking.wireguard.enable = true;
|
||||
networking.wireguard.interfaces.wg0 = {
|
||||
# to generate:
|
||||
# wg genkey > /etc/nixos/secrets/wg0.private
|
||||
# wg pubkey < /etc/nixos/secrets/wg0.private > /etc/nixos/secrets/wg0.public
|
||||
privateKeyFile = "/etc/nixos/secrets/wg0.private";
|
||||
privateKey = secrets.wireguard.privateKey;
|
||||
# wg is active only in this namespace.
|
||||
# run e.g. ip netns exec ovpns <some command like ping/curl/etc, it'll go through wg>
|
||||
# sudo ip netns exec ovpns ping www.google.com
|
||||
|
|
|
@ -1,8 +1,14 @@
|
|||
{
|
||||
ddns-he.password = "<REPLACEME>";
|
||||
|
||||
# format: b2://$key_id:$app_key@$bucket
|
||||
# create key with: b2 create-key --bucket uninsane-host-duplicity uninsane-host-duplicity-safe listBuckets,listFiles,readBuckets,readFiles,writeFiles
|
||||
# ^ run this until you get a key with no forward slashes :upside_down:
|
||||
# web-created keys are allowed to delete files, which you probably don't want for an incremental backup program
|
||||
duplicity.url = "b2://<REPLACEME:KEY_ID>:<REPLACEME:APPKEY>:<REPLACEME:BUCKET>";
|
||||
|
||||
# to generate:
|
||||
# wg genkey > wg0.private
|
||||
# wg pubkey < wg0.private > wg0.public
|
||||
wireguard.privateKey = "<REPLACEME>";
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue