implement OVPN wireguard service
This commit is contained in:
parent
2f08252432
commit
cf4cde548a
|
@ -7,6 +7,7 @@
|
|||
./nix-cache.nix
|
||||
./secrets.nix
|
||||
./users.nix
|
||||
./vpn.nix
|
||||
];
|
||||
|
||||
time.timeZone = "America/Los_Angeles";
|
||||
|
|
|
@ -32,7 +32,7 @@
|
|||
# This will add secrets.yml to the nix store
|
||||
# You can avoid this by adding a string to the full path instead, i.e.
|
||||
# sops.defaultSopsFile = "/root/.sops/secrets/example.yaml";
|
||||
sops.defaultSopsFile = ./../../secrets/example.yaml;
|
||||
sops.defaultSopsFile = ./../../secrets/universal.yaml;
|
||||
# This will automatically import SSH keys as age keys
|
||||
sops.age.sshKeyPaths = [
|
||||
"/etc/ssh/ssh_host_ed25519_key"
|
||||
|
@ -44,9 +44,9 @@
|
|||
# This will generate a new key if the key specified above does not exist
|
||||
# sops.age.generateKey = true;
|
||||
# This is the actual specification of the secrets.
|
||||
sops.secrets.example_key = {
|
||||
owner = config.users.users.colin.name;
|
||||
};
|
||||
# sops.secrets.example_key = {
|
||||
# owner = config.users.users.colin.name;
|
||||
# };
|
||||
# sops.secrets."myservice/my_subdir/my_secret" = {};
|
||||
}
|
||||
|
||||
|
|
29
modules/universal/vpn.nix
Normal file
29
modules/universal/vpn.nix
Normal file
|
@ -0,0 +1,29 @@
|
|||
{ config, ... }:
|
||||
|
||||
{
|
||||
networking.wg-quick.interfaces.ovpnd = {
|
||||
address = [
|
||||
"172.27.237.218/32"
|
||||
"fd00:0000:1337:cafe:1111:1111:ab00:4c8f/128"
|
||||
];
|
||||
dns = [
|
||||
"46.227.67.134"
|
||||
"192.165.9.158"
|
||||
];
|
||||
peers = [
|
||||
{
|
||||
allowedIPs = [
|
||||
"0.0.0.0/0"
|
||||
"::/0"
|
||||
];
|
||||
endpoint = "vpn31.prd.losangeles.ovpn.com:9929";
|
||||
publicKey = "VW6bEWMOlOneta1bf6YFE25N/oMGh1E1UFBCfyggd0k=";
|
||||
}
|
||||
];
|
||||
privateKeyFile = config.sops.secrets.wg_ovpnd_privkey.path;
|
||||
# to start: `systemctl start wg-quick-ovpnd`
|
||||
autostart = false;
|
||||
};
|
||||
|
||||
sops.secrets."wg_ovpnd_privkey" = {};
|
||||
}
|
|
@ -1,13 +1,4 @@
|
|||
#ENC[AES256_GCM,data:AAbDZxW7S1fPR86UqIUvZZEKp9LPhZFBz6WtBFmRqeYaPKOJpQMr0UqJzF1r9Qy8Mhl9Ruc=,iv:8CkXkab3jkLx1F6yFGwvS8AObP0+zVqthuEZxD6fVFQ=,tag:NTXhSKgr3nLEuqVUU2qPeg==,type:comment]
|
||||
example_key: ENC[AES256_GCM,data:gag/QcjPTiwcnOTs6w==,iv:3WbDtKwoZdZl0M87pWFxGCEsdbEDoCpnN9nJ0s+4uFg=,tag:UmDD/dTU96QsvSjKVLm8nQ==,type:str]
|
||||
#ENC[AES256_GCM,data:qwFF9yIBquSi77GLsqoh5Vg=,iv:hJCpayOTOJndiwmxb32pO4RhH+92C8tFo3CThLBUzg4=,tag:I+fM3LE+8a7sSiNhA9xPIg==,type:comment]
|
||||
#ENC[AES256_GCM,data:pOJQW/WI9kB9oBRBZUk=,iv:nbc7gmgwvp2+e81gXJb7oGJFxd0IL3ezEzTRhZvZPks=,tag:Xeeh+LYR8IrVjSQMxCDR/A==,type:comment]
|
||||
#ENC[AES256_GCM,data:cFpWD8Ul9rZovu+gXHUK5qY2T74=,iv:wE1ykWPxNegTOBrOZKuXDS/ToTQ7uSQ5Ipk77zBeva4=,tag:HoW8U9HZGSG7qwVr10gBHA==,type:comment]
|
||||
#ENC[AES256_GCM,data:lNhCWy1l2tZ5smucunZFszd7dIY=,iv:vHOxwiyubDskeoENEwlzDV3pmxEKU0P+KJmwLijzj/Q=,tag:3iLW04LWFiznc+gKOOCYtw==,type:comment]
|
||||
#ENC[AES256_GCM,data:DE55QRx9NQjaPoTFVPDHtmxEvNSJRZTdQIo=,iv:MI67iZuHlwuKg4gkeSCutaNGWaFmF7eymuGkPsZSi94=,tag:YUb+62kKPcKU/WunbwqrzQ==,type:comment]
|
||||
#ENC[AES256_GCM,data:XiLZ7+vIX4bpeeEbsP0DpAA=,iv:HsmzKRESXMStssiECODj9bcsahmzxqtzOfodQ3Ze4Fo=,tag:gUBEreck3v9ySvAle9LIyQ==,type:comment]
|
||||
#ENC[AES256_GCM,data:exigJhzg3dKrLw==,iv:ZiTyNtYSbJpy7k86oOm5jNp/Aj+u+WVjr4hoDha3Jfw=,tag:e1IrQ7GL9StnLXeSeMN6vQ==,type:comment]
|
||||
#ENC[AES256_GCM,data:pwKO2o2lgbAFR9g=,iv:GF0NtijdFrXLPbKN6nMXavvdSV0jCaey3qm+8JxC9bk=,tag:XZ80r545lJEdTZ9XWhBABg==,type:comment]
|
||||
wg_ovpnd_privkey: ENC[AES256_GCM,data:qmyCOcD5TA7SKqSDCTZOTahkfYVZMJUGuyselmQbqj1uer3e4cBRSMuIiRI=,iv:jnHvGgVu/8HWT8MkI2wtGqlCs6wTu0C8huHpkdDmBYk=,tag:a0r0f/6LTBUuhvLGu+SFug==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -86,8 +77,8 @@ sops:
|
|||
U2oyUUNiVm14bkJEcXlIUFpiaDFTRUEKTrtvjVgsUbRJDV640i84flkBD9RgtEZ2
|
||||
mFPEMDOobtEvqEYlUTUsYeHjVQe0gEHXkLd3zFPErVx4FB0dLZpGrg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2022-06-06T23:21:20Z"
|
||||
mac: ENC[AES256_GCM,data:pU5882gcNu2hmINn/xnDriHX8PvrEqepnf8/B+WGYrkd6yqpsVPCivlhGFmPvPaRt/o0AVMuH7Wbwm3+rmOpR1LFfJUtnFcejWVpVNE6BuxuWTdF90EENUStKg3DWV4uspRlQds856GR7pkDblkmAOgWZ7zD3ILS3sF/fLuFLr0=,iv:TCsuetCjhhJc/0K4UQrCD9+zWEVssI6Yx0AQ/+eDSn0=,tag:ZsKZZB5S9bgLIRJBLO/KgQ==,type:str]
|
||||
lastmodified: "2022-06-10T00:01:27Z"
|
||||
mac: ENC[AES256_GCM,data:Bjzzhxg94zCo9drdD5uAaaTa3a/aQv4R/Bk0HJa/bbL8U9w+IBROha6lZtp8S3l6vdTXWW88xfqGVAvWLHv0zADqa5e48lQf+osJzMYxoL8cMtB71q6Yz/9CTNZ2CxumGO4hnBiEQaCx52OijhSELu2tWFt+e6i20cVqUJSo3yM=,iv:TQW2B/E5TuS9zAQBHyx0yC1ekPjSieUZ1SBzyDQWhic=,tag:f7791BJEtAL1Y6VHgq6WyA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
Loading…
Reference in New Issue
Block a user