add wireguard vpn into wheatley
This commit is contained in:
parent
b88cb6f85e
commit
5966956e26
5 changed files with 47 additions and 11 deletions
|
|
@ -138,9 +138,12 @@
|
|||
|
||||
sops.secrets."protonvpn-priv-key".mode = "0440";
|
||||
sops.secrets."protonvpn-priv-key".owner = config.users.users.root.name;
|
||||
sops.secrets."wg-private-key".mode = "0440";
|
||||
sops.secrets."wg-private-key".owner = config.users.users.root.name;
|
||||
|
||||
networking.wireguard.enable = true;
|
||||
|
||||
# wg public key for host: A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=
|
||||
networking.wg-quick.interfaces = {
|
||||
# "wg0" is the network interface name. You can name the interface arbitrarily.
|
||||
wg0 = {
|
||||
|
|
@ -171,6 +174,35 @@
|
|||
}
|
||||
];
|
||||
};
|
||||
wg1 = {
|
||||
autostart = true;
|
||||
address = ["10.5.5.1/24"];
|
||||
listenPort = 51820;
|
||||
privateKeyFile = config.sops.secrets."wg-private-key".path;
|
||||
|
||||
peers = [
|
||||
{
|
||||
#GLaDOS public key
|
||||
publicKey = "yieF2yQptaE3jStoaGytUnN+HLxyVhFBZIUOGUNAV38=";
|
||||
allowedIPs = ["10.5.5.2/32"];
|
||||
}
|
||||
{
|
||||
#EDI public key
|
||||
publicKey = "i4nDZbU+a2k5C20tFJRNPVE1vhYKJwhoqGHEdeC4704=";
|
||||
allowedIPs = ["10.5.5.3/32"];
|
||||
}
|
||||
{
|
||||
#Shodan public key
|
||||
publicKey = "Zah2nZDaHF8jpP5AtMA5bhE7t38fMB2UHzbXAc96/jw=";
|
||||
allowedIPs = ["10.5.5.4/32"];
|
||||
}
|
||||
{
|
||||
#ADA public key
|
||||
publicKey = "SHu7xxRVWuqp4U4uipMoITKrFPWZATGsJevUeqBSzWo=";
|
||||
allowedIPs = ["10.5.5.5/32"];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall = {
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ lillian-password: ENC[AES256_GCM,data:GY7WyfLRc/q4fecnazWzfoZsruN/F0ar7mJ9RaqTHS
|
|||
protonvpn-priv-key: ENC[AES256_GCM,data:s4LAq1Rqm+jGaK3OKcjIBCQYXPs3oEuTKJMAM+gFxIpZdwcJCIU7uyoCy6c=,iv:zoWv5u0xgJHldwdRGRv3bXI1kasaWQz1YD7wt0J890I=,tag:cFXnayZRq13UqP+XWuHnWw==,type:str]
|
||||
rpcSecret: ENC[AES256_GCM,data:3tCZk2csB/ofxPc6,iv:NwT6k1hh73moH6eErT23/Dvwgb1wP/qIuoxXnCgNSao=,tag:nh0mFsh9I4R1baCL1oH+AA==,type:str]
|
||||
webdav-secret: ENC[AES256_GCM,data:SDFyHaE+HprkguOmDfnzwQ/n5OYgbTpxcVl4FGiLcsItefbSDOIQg5l01fqVB8zv+rRGlPcyRrIn7KTPrTpBx7X4RNHfFK4FKKvAANt6z0e5pu1+wnoObWxTShCFjfFoRCLkoh/j/CmLFyFIafrI7rzZUhs=,iv:stygLmNVWXkZL5A0J83CKPefRr7TqXeygQVLszr28eY=,tag:9hss2c77JELSASnwUyAF4w==,type:str]
|
||||
wg-private-key: ENC[AES256_GCM,data:5WGAAst0qVqn1siX3snkAhsSDhZaS33XHT44BfViWLZqvzw+OhPB/jkSr4U=,iv:yXfN50SM3OWdycINB8iWXtvCSS01NBTrGBs1kxd1j0M=,tag:yhjDY1AM5aQ6DFeFEjo2Mw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
|
@ -18,8 +19,8 @@ sops:
|
|||
Vm9mWk5JRGtZNVVhN1JQWTBlb2kySkEKoLI1MzS3uGNUbyn7kI5DylKZiPtc1div
|
||||
bKIboWoobTfDt0EURfmZ5+JrX6DlZxRyNQyl9dsKmZT6pLdaIppStA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-12-04T22:37:22Z"
|
||||
mac: ENC[AES256_GCM,data:sOC3EwlVuPXRNDY9mMkp5+qiPvRc439DD2r9pfjPThV0YXb/HqFIyHEdNJDzvAj1hm20Qp0I45A3Hy2hKI6AKKtY9B8/fMu9EMdtkmmWk5Iav4jTYd8bbVyegILFfxix2DNbRrR95qPqwfjrq3E47c/JuM7DVCwueS5d22rbNrs=,iv:gcrCQs1fHRfU2IQo/vJ2u2ITau7wn+Zo0L4AO9RZbCE=,tag:PCYsDxhAHjIglHMikg97+A==,type:str]
|
||||
lastmodified: "2024-12-06T17:42:47Z"
|
||||
mac: ENC[AES256_GCM,data:Fcc8x/C6iv62OJeLSGZlfsLzscWVAki1vdJvPiApx8N0Uazkq0G5PS6haoLEtOzDw2Fi/0pvVWef+O+lOg/mtqxxNBXozv1f66Q9HQCZOZP0PRQPEVcWJJ/vuPMSOlQDEiGJnuakJZeOmtuZkGStcfmlcybsOlyvEYwvbpeweDI=,iv:oDpoDDcQ/+ovsjkCeRLx9Fpiv+0/f/KkC4fFDdUmxHo=,tag:SiYHQmVz0vLFCOs0xhgr4g==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue