Lillian-Violet/NixOS-Config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

added protonvpn to wheatley

Browse source
This commit is contained in:
Lillian Violet 2024-12-04 17:56:37 +01:00
parent f1474f22d1
commit 09dffb5d93
2 changed files with 39 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
nixos/hosts/wheatley/configuration.nix
View file

@ -3,6 +3,7 @@
pkgs, pkgs,
inputs, inputs,
outputs, outputs,
config,
modulesPath, modulesPath,
... ...
}: { }: {
@ -56,6 +57,40 @@
services.cage.program = "${pkgs.stremio}/bin/stremio"; services.cage.program = "${pkgs.stremio}/bin/stremio";
services.cage.enable = true; services.cage.enable = true;
sops.secrets."protonvpn-priv-key".mode = "0440";
sops.secrets."protonvpn-priv-key".owner = config.users.users.wireguard.name;
networking.wireguard.interfaces = {
# "wg0" is the network interface name. You can name the interface arbitrarily.
wg0 = {
# Determines the IP address and subnet of the server's end of the tunnel interface.
ips = ["10.2.0.2/32"];
# The port that WireGuard listens to. Must be accessible by the client.
listenPort = 51820;
dns = ["10.2.0.1"];
# Path to the private key file.
#
# Note: The private key can also be included inline via the privateKey option,
# but this makes the private key world-readable; thus, using privateKeyFile is
# recommended.
privateKeyFile = config.sops.secrets."protonvpn-priv-key".path;
peers = [
# List of allowed peers.
{
# Feel free to give a meaning full name
# Public key of the peer (not a file path).
publicKey = "/i7jCNpcqVBUkY07gVlILN4nFdvZHmxvreAOgLGoZGg=";
# List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
allowedIPs = ["0.0.0.0/0"];
endpoint = "146.70.86.114:51820";
}
];
};
};
networking.firewall = { networking.firewall = {
enable = true; enable = true;
allowPing = false; allowPing = false;

7
nixos/hosts/wheatley/secrets/sops.yaml
View file

@ -1,5 +1,6 @@
wireless.env: ENC[AES256_GCM,data:a5sUW0Lc4GRd9aUJwHbmQvzvRB8WaRjMSQ==,iv:+3ncL38E3aqbejoCzzeBtMukLk4n/AQBJELlqhXDqSA=,tag:buY9Mp10DAEEEKqSyHwB3g==,type:str] wireless.env: ENC[AES256_GCM,data:a5sUW0Lc4GRd9aUJwHbmQvzvRB8WaRjMSQ==,iv:+3ncL38E3aqbejoCzzeBtMukLk4n/AQBJELlqhXDqSA=,tag:buY9Mp10DAEEEKqSyHwB3g==,type:str]
lillian-password: ENC[AES256_GCM,data:GY7WyfLRc/q4fecnazWzfoZsruN/F0ar7mJ9RaqTHSb9K6xhEmifmJeqpR5xGIJYW6MYciCsZ9YmRsJbuSHTIlo9PrCTYBGvXg==,iv:bzml3abPox3RdvtKBQiBAcVXHUdGAn0ETMsDpBtT8T0=,tag:2iaBJ4hFFBUbonslTvQH5Q==,type:str] lillian-password: ENC[AES256_GCM,data:GY7WyfLRc/q4fecnazWzfoZsruN/F0ar7mJ9RaqTHSb9K6xhEmifmJeqpR5xGIJYW6MYciCsZ9YmRsJbuSHTIlo9PrCTYBGvXg==,iv:bzml3abPox3RdvtKBQiBAcVXHUdGAn0ETMsDpBtT8T0=,tag:2iaBJ4hFFBUbonslTvQH5Q==,type:str]
protonvpn-priv-key: ENC[AES256_GCM,data:s4LAq1Rqm+jGaK3OKcjIBCQYXPs3oEuTKJMAM+gFxIpZdwcJCIU7uyoCy6c=,iv:zoWv5u0xgJHldwdRGRv3bXI1kasaWQz1YD7wt0J890I=,tag:cFXnayZRq13UqP+XWuHnWw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -15,8 +16,8 @@ sops:
Vm9mWk5JRGtZNVVhN1JQWTBlb2kySkEKoLI1MzS3uGNUbyn7kI5DylKZiPtc1div Vm9mWk5JRGtZNVVhN1JQWTBlb2kySkEKoLI1MzS3uGNUbyn7kI5DylKZiPtc1div
bKIboWoobTfDt0EURfmZ5+JrX6DlZxRyNQyl9dsKmZT6pLdaIppStA== bKIboWoobTfDt0EURfmZ5+JrX6DlZxRyNQyl9dsKmZT6pLdaIppStA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-22T11:57:45Z" lastmodified: "2024-12-04T16:49:22Z"
mac: ENC[AES256_GCM,data:V9vscu55woZjJGFV3aDgdHKqmIopYw6cajdOHG1/45Qel6l5YJkt8VyLMzYlUOlFGatXBlfTB7VC9zhhaY4lduww2XLrARcTk61BT+GSHp5sawND+RIDghY6CJBuoPUbtsfmmlmg+J2DljBlSbrcVmvfjMV12Ql6Zb8PEPM9K68=,iv:TFrDt1XpuIFLUyDN6+8n+0OypBkr1OrZOmXWvnY9ApI=,tag:EfsFhToEGFCZJSXh0WBrIw==,type:str] mac: ENC[AES256_GCM,data:I+cWQh8NyXBMaciGvwk/oW0VlpV9j3yOwHUTsfd3t6dfY5EwVwVBHv6ZhdN53w5nB/nThhnnDH32fT7rPZ0X9CfgBuS1Sa05ASnZ460kezAqUIYNoNs5Zmbz3OYJTImMj8oFcg6q9dtCBO5BFfQvBj+21iwlNt9bRehqbsN0M/0=,iv:na3ytABXIhmv9Iq+abQQDT43n5q9j9Jc30+7S3lft5w=,tag:aS0HvqIx5H4kN5M9/OqQuA==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.9.1