Configure Wireguard for Phoenix
This commit is contained in:
parent
8543999a8a
commit
7a704851c0
|
@ -19,4 +19,28 @@
|
|||
|
||||
networking.defaultGateway = "192.168.0.1";
|
||||
networking.nameservers = [ "192.168.0.1" ];
|
||||
|
||||
networking.nat = {
|
||||
enable = true;
|
||||
internalInterfaces = ["ve-+"];
|
||||
externalInterface = "wg0";
|
||||
enableIPv6 = true;
|
||||
};
|
||||
|
||||
networking.wireguard.interfaces = {
|
||||
wg0 = {
|
||||
ips = [ "10.175.197.82/32" "fd7d:76ee:e68f:a993:f6b2:9dab:ddd3:a02/128" ];
|
||||
privateKeyFile = "/run/secrets/services/wireguard/airvpn.private";
|
||||
|
||||
peers = [
|
||||
{
|
||||
publicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk=";
|
||||
presharedKeyFile = "/run/secrets/services/wireguard/airvpn.psk";
|
||||
allowedIPs = [ "10.128.0.1" ];
|
||||
endpoint = "134.19.179.213:1637";
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -2,9 +2,23 @@
|
|||
{
|
||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
|
||||
# Vaultwarden
|
||||
# MSMTP
|
||||
sops.secrets."services/msmtp/password" = {
|
||||
mode = "0777";
|
||||
sopsFile = ./secrets/msmtp.yaml;
|
||||
};
|
||||
|
||||
# Wireguard
|
||||
sops.secrets."services/wireguard/airvpn.private" = {
|
||||
mode = "0400";
|
||||
owner = config.users.users.root.name;
|
||||
group = config.users.users.root.group;
|
||||
sopsFile = ./secrets/wireguard.yaml;
|
||||
};
|
||||
sops.secrets."services/wireguard/airvpn.psk" = {
|
||||
mode = "0400";
|
||||
owner = config.users.users.root.name;
|
||||
group = config.users.users.root.group;
|
||||
sopsFile = ./secrets/wireguard.yaml;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -0,0 +1,33 @@
|
|||
services:
|
||||
wireguard:
|
||||
airvpn.private: ENC[AES256_GCM,data:COgDVq0CpZcTsjLMx4FLHSv/ZI8eSPRLTxVtJ8XrevzRXc25sVSNMdHiMFA=,iv:QSFKc2U2v58PiOF79PFanx+QlFge3FiMjEOJudr7qKU=,tag:N7KjBhK+59IeRALJeGKc6A==,type:str]
|
||||
airvpn.psk: ENC[AES256_GCM,data:bxZ/Pk75jCPU/Nhx96JJkmrJCqSAudZLDQjKCXnvAJf/pPpZdwJTw3o7ywM=,iv:EwHiUZTs8py8TZxJciqW53m7O/rU5V8+ZgSCEXlrIJc=,tag:tOtlgWs8VLgt7T6/apkZeA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age17wdazshqnfe63cy7mmsmwld75e5wedgn8gngvmvlqdktlr86c4us87tjxv
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvTndabjF2YXFpTU5RcG9U
|
||||
UFV4SXVQZDNIK3htYi93U1BhbGNGMUtPcENFCi9nWWR0TmdYV0NhdDJhMFExRm9K
|
||||
SDYzVXVZbmdOWGFybGxOTWs0K3Y2MlUKLS0tIGJLendISXNaWWdpVU5zcVgyeitJ
|
||||
ZTZ4eTlxdVpha0NxK3h4dEU2S1dGaXcKkGlvEp+aosaFlnO4zUiQHkU1EFxxIuUU
|
||||
L3y56QiCJxHo9bv9yvn0cIbxWLl+ow7I88FBf89z0OQxTqKxcpniYQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1tf5077gpdp3cp4hedvng5wltzvp9jg0ehpt7czhnczlx6ctvqpjstvrmmh
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkUGwvZ3hzaXBkTlA0Z1JX
|
||||
N2R2cWNzWUIzVml0WGZxQ3FDUXFWOVJkWXdnCnNNbnFrYUVWYzBpdnRSdkdFZXRv
|
||||
UHFKL3FQZEtST0tiaHZ0QUNzZWpWbTQKLS0tIGpLVW1EVXU5V0Q4QXF1b0xCeWlL
|
||||
TFlUV2Vkak94YnI0OWpQR1A1TUlaUzAKEDaX7yhVViNG2/2EOcWWEynOOCYlzWZS
|
||||
tsnOZcBkIDWkk6ZrZFXZ/iKzQiYTSWcznGPJuNd1Q9CnCCVKXtJmbQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-02-04T18:18:03Z"
|
||||
mac: ENC[AES256_GCM,data:WM8D1TKT48WomrVcoT84cr8y7GajxbZ7ErQXwDZoPvw3phRLn7PuVdljtykIaTjQ9c0KrjSlLlTeRUhVUdFLJ5qB1ZA5N15wlDSRl7jtuaF8VKeAoS4txmh9YQXutrst1ldjk13nboOdRirNrYjqycdPtCBYQZc/bfvJUekoU7s=,iv:wpi+GlNNrpeMdW6CsLqhchgoyfbFOdTs2bD2pAAORtk=,tag:4QBEhFWszcJ+Gsml4K3Q9A==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
Loading…
Reference in New Issue