add wireguard vpn into wheatley
This commit is contained in:
parent
b88cb6f85e
commit
5966956e26
|
@ -1,4 +1,5 @@
|
||||||
lillian-password: ENC[AES256_GCM,data:0mwqnvA+xrDD/m6uQtPbo9MpcFsOoqHE+Cg2gF6xZzNsqM3i/OmvAe7syp+mGBacZ3avoIHowLSWgXUkMcuFPeYa6XRkrX4LhA==,iv:f1kB54k6ZYWKlZ0Zowu8fOD0cf2WvNlX3GSpy1sUMdA=,tag:dsusc45E1BmYsNmiPzNccg==,type:str]
|
lillian-password: ENC[AES256_GCM,data:0mwqnvA+xrDD/m6uQtPbo9MpcFsOoqHE+Cg2gF6xZzNsqM3i/OmvAe7syp+mGBacZ3avoIHowLSWgXUkMcuFPeYa6XRkrX4LhA==,iv:f1kB54k6ZYWKlZ0Zowu8fOD0cf2WvNlX3GSpy1sUMdA=,tag:dsusc45E1BmYsNmiPzNccg==,type:str]
|
||||||
|
wg-private-key: ENC[AES256_GCM,data:CqXlIN0gKzMrZRJycAf96LUVNw9yCZpHtE8XP+JwV2Ftip46iUksg1uExxQ=,iv:LdcopSz8Hx5hO1M00B8r+C7XViwpjGOpvmoXUHIkFtc=,tag:rbskx98YjcYV1lB8OO2VxQ==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -14,8 +15,8 @@ sops:
|
||||||
eUZ6b09pYlRVWFBuUm1Ua2l6Z0dacW8KeQdAVsxXsDiDMtFA2koSpDsw7Ib63vA0
|
eUZ6b09pYlRVWFBuUm1Ua2l6Z0dacW8KeQdAVsxXsDiDMtFA2koSpDsw7Ib63vA0
|
||||||
GE/ubWDwwRc7wMPFGuofIe6TaDSFgtVXza+yo+i4y51+BOpwqxlYYA==
|
GE/ubWDwwRc7wMPFGuofIe6TaDSFgtVXza+yo+i4y51+BOpwqxlYYA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-02-21T10:15:11Z"
|
lastmodified: "2024-12-06T18:01:20Z"
|
||||||
mac: ENC[AES256_GCM,data:AnQfufrAVvN2f2kr2KLM8toFj4BUxM1xvwH48DE1OcoenBlzQHu76R35cc9q0rJjOBWXYnZPLEHncE46XyXt56HPboH/blIEZwa9aL1pwDOV5UwbaqZTuSy7/Ylnn0ZoZtcD4gFnavWBT9iUgu3VjRso1i6eXm0Lc1mvwRbH63M=,iv:zJW4Bzm+IGzgxsFE7QP+E4RY5UoPWTUeo9RfoLpbSt8=,tag:E29Pnjtp0w05hdEQCmkj7A==,type:str]
|
mac: ENC[AES256_GCM,data:UTzeVEUolw6oBrRL8NMEcb5WmJYUdKnnxKYTrV0AowX6B5Jk8e6hSHqMiEmY9yPdS0HGA0i+DirGvrW3TmsOk2XehsiNO9puXb0/6KiaTge4y3/ueVASAPs/qB9RR6EAdBiE1ZUKVy2vpL+x9xp5XY2F8aHIp22DmJ5Xg5oyWJc=,iv:1/Fj2xAKHUebsj1FLmmGAmvHXNYsLXIfP6F7PJ7EH9M=,tag:XvFBu2vCNj7UMbWVPgo94Q==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.9.1
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
lillian-password: ENC[AES256_GCM,data:aHJCYmnpGIWJMsNZ8aw51Rquuv4F7kgGvfIxHMELuDlEqgjkg+SAhh+UQEpv16F0WVxrYZ/EwxKFMBpfPv9M2NLZC98bav0D9g==,iv:uzYLfmxG46ubmgeFsfW7aqXZbcL+TQw0VdDcklV0/ZI=,tag:Ozcf5qXC7xh0VcsBzhyo2g==,type:str]
|
lillian-password: ENC[AES256_GCM,data:aHJCYmnpGIWJMsNZ8aw51Rquuv4F7kgGvfIxHMELuDlEqgjkg+SAhh+UQEpv16F0WVxrYZ/EwxKFMBpfPv9M2NLZC98bav0D9g==,iv:uzYLfmxG46ubmgeFsfW7aqXZbcL+TQw0VdDcklV0/ZI=,tag:Ozcf5qXC7xh0VcsBzhyo2g==,type:str]
|
||||||
|
wg-private-key: ENC[AES256_GCM,data:em6sci3eefw5TJHpzgTaGGuQp8UuvOmkHRsQltg0TKpMb1Lrcxicb23cQxo=,iv:VEeGmzncHyAgP5toTOwDK6qw0OT4/6Etxh8Zr4uYQD4=,tag:nvse11zMhzukzClx5ub4dw==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -14,8 +15,8 @@ sops:
|
||||||
MUZWTVh0dVdMZlRzelJ4WlROUlIyNmcKphNuMN9Wh8h/gvmtUxQWjPKtgjWriLRD
|
MUZWTVh0dVdMZlRzelJ4WlROUlIyNmcKphNuMN9Wh8h/gvmtUxQWjPKtgjWriLRD
|
||||||
+DpEEVGrmu0RJ8/wUqjxGoL4GzLAlZm4EnKlyUyA0tw8sbLZ2Lnl/w==
|
+DpEEVGrmu0RJ8/wUqjxGoL4GzLAlZm4EnKlyUyA0tw8sbLZ2Lnl/w==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-02-22T11:58:42Z"
|
lastmodified: "2024-12-06T17:57:35Z"
|
||||||
mac: ENC[AES256_GCM,data:TuNvE51hpHvOjB3G2y7UCT8BvlI1ulc8aeeBihtnGiGDjwU1Eze1bdA47hZYCZsCYdo3Tow1gY0gCkJACKeWqUXMLT8jxcUfiUWqQicQhBm/TT9m+oqLQiAqJCkh1Ez8XuaftqIg+oJstyy4wZyvMK8Bg+9EsSYiBnMrKfrgLBs=,iv:GXy93l1BBkkeKXJ1ntFI6Rw6QZmSbzDlWClJ16/Csv4=,tag:jBYynl6tLL/xN61ypMwvrw==,type:str]
|
mac: ENC[AES256_GCM,data:ZZx+FdrqSTWWEUakpicUtKA0PVrlNkAq7n0oNYCTWJCdoiMrkMfZAH26Iv2KmMzeg1IaW4rQ83jmlEVy2CTXBDLiB6n1sXa1sqe0vzO3aNqjzaXzFh8Sa1d8NOsGtn+MiTJ7DK4YAx1As/GnqGQIWbBBSM7otquBHLAuzvn1YRE=,iv:BpMQR40gDZZRddKscAs3jZ3uRE905vled4pDD9et648=,tag:tZOZq//4oRkbIemeFAM7qA==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.9.1
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
lillian-password: ENC[AES256_GCM,data:uPNBvMyhkiX3eedduFlsFUIcas/VBVSYrsmGTlgGUOzTQST59CYZRoq0ArphIJ3+Usy6KbR5tA5FCp4PoB3qVYBfjlAq6dhZIw==,iv:TiUIo2lvdL6SiDuW4gWn0TeJXkz5MldzqGxuK3MNPnE=,tag:d3p/h+q50JxygDtk2qxIeQ==,type:str]
|
lillian-password: ENC[AES256_GCM,data:uPNBvMyhkiX3eedduFlsFUIcas/VBVSYrsmGTlgGUOzTQST59CYZRoq0ArphIJ3+Usy6KbR5tA5FCp4PoB3qVYBfjlAq6dhZIw==,iv:TiUIo2lvdL6SiDuW4gWn0TeJXkz5MldzqGxuK3MNPnE=,tag:d3p/h+q50JxygDtk2qxIeQ==,type:str]
|
||||||
|
wg-private-key: ENC[AES256_GCM,data:PeuKeYRHfOzGlekLI95EH3qq+blntZrrboPKaKC0ghD5zIyaCYrFHYWLkug=,iv:BcugGYW7+i7d04H4EKn+BdJJPqwMVVvlHBETO0x0kQM=,tag:Z/ammSrFpWTIbVfi4VJZ9w==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -14,8 +15,8 @@ sops:
|
||||||
KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
|
KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
|
||||||
NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
|
NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-03-19T00:42:59Z"
|
lastmodified: "2024-12-06T18:02:27Z"
|
||||||
mac: ENC[AES256_GCM,data:WuwpvgM5WCmtsb9WH6us1dn0+qQuV/6+ooI8K7Wp+VFlMWLA4g509TgOFHG+cxWJeN2cRtilnHM1INv1U6uadjWis0LrjrqbHaMRJ5aAr3/zKoTXWTG4pRNykoYmCkwHLnx0gJi6hm4PbKOIFVM+6V5m9JCLKRVO6eqyW15SVww=,iv:xVR5ZGs2Ww+J57qreIlHSW8A+ADAOjzM7B+KLRFrRLw=,tag:6KTaeX8+Txz4j1UJUWRj+w==,type:str]
|
mac: ENC[AES256_GCM,data:qMvaXA/3B7rp2BvG10lvLdY/rD1ooh0QwwdfgzixeoHZxnqxmz7HZGP1UE1bGIbLYYeWGEJW440uDll5Q3ky+0qz7W8VbFEYBjaCyNcicnlLgFZXKh2nxeErubzF+I82X8wfNndAH1HWZZmPasTdDHfudjWyZF4/JKPboiyr5xE=,iv:ikj6goYS81rixJDHCWag1pYD6bSasSVOYyENlRjqn9w=,tag:Q3hQO9rqwnCBRLxec0/LTg==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.9.1
|
||||||
|
|
|
@ -138,9 +138,12 @@
|
||||||
|
|
||||||
sops.secrets."protonvpn-priv-key".mode = "0440";
|
sops.secrets."protonvpn-priv-key".mode = "0440";
|
||||||
sops.secrets."protonvpn-priv-key".owner = config.users.users.root.name;
|
sops.secrets."protonvpn-priv-key".owner = config.users.users.root.name;
|
||||||
|
sops.secrets."wg-private-key".mode = "0440";
|
||||||
|
sops.secrets."wg-private-key".owner = config.users.users.root.name;
|
||||||
|
|
||||||
networking.wireguard.enable = true;
|
networking.wireguard.enable = true;
|
||||||
|
|
||||||
|
# wg public key for host: A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=
|
||||||
networking.wg-quick.interfaces = {
|
networking.wg-quick.interfaces = {
|
||||||
# "wg0" is the network interface name. You can name the interface arbitrarily.
|
# "wg0" is the network interface name. You can name the interface arbitrarily.
|
||||||
wg0 = {
|
wg0 = {
|
||||||
|
@ -171,6 +174,35 @@
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
wg1 = {
|
||||||
|
autostart = true;
|
||||||
|
address = ["10.5.5.1/24"];
|
||||||
|
listenPort = 51820;
|
||||||
|
privateKeyFile = config.sops.secrets."wg-private-key".path;
|
||||||
|
|
||||||
|
peers = [
|
||||||
|
{
|
||||||
|
#GLaDOS public key
|
||||||
|
publicKey = "yieF2yQptaE3jStoaGytUnN+HLxyVhFBZIUOGUNAV38=";
|
||||||
|
allowedIPs = ["10.5.5.2/32"];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
#EDI public key
|
||||||
|
publicKey = "i4nDZbU+a2k5C20tFJRNPVE1vhYKJwhoqGHEdeC4704=";
|
||||||
|
allowedIPs = ["10.5.5.3/32"];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
#Shodan public key
|
||||||
|
publicKey = "Zah2nZDaHF8jpP5AtMA5bhE7t38fMB2UHzbXAc96/jw=";
|
||||||
|
allowedIPs = ["10.5.5.4/32"];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
#ADA public key
|
||||||
|
publicKey = "SHu7xxRVWuqp4U4uipMoITKrFPWZATGsJevUeqBSzWo=";
|
||||||
|
allowedIPs = ["10.5.5.5/32"];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.firewall = {
|
networking.firewall = {
|
||||||
|
|
|
@ -3,6 +3,7 @@ lillian-password: ENC[AES256_GCM,data:GY7WyfLRc/q4fecnazWzfoZsruN/F0ar7mJ9RaqTHS
|
||||||
protonvpn-priv-key: ENC[AES256_GCM,data:s4LAq1Rqm+jGaK3OKcjIBCQYXPs3oEuTKJMAM+gFxIpZdwcJCIU7uyoCy6c=,iv:zoWv5u0xgJHldwdRGRv3bXI1kasaWQz1YD7wt0J890I=,tag:cFXnayZRq13UqP+XWuHnWw==,type:str]
|
protonvpn-priv-key: ENC[AES256_GCM,data:s4LAq1Rqm+jGaK3OKcjIBCQYXPs3oEuTKJMAM+gFxIpZdwcJCIU7uyoCy6c=,iv:zoWv5u0xgJHldwdRGRv3bXI1kasaWQz1YD7wt0J890I=,tag:cFXnayZRq13UqP+XWuHnWw==,type:str]
|
||||||
rpcSecret: ENC[AES256_GCM,data:3tCZk2csB/ofxPc6,iv:NwT6k1hh73moH6eErT23/Dvwgb1wP/qIuoxXnCgNSao=,tag:nh0mFsh9I4R1baCL1oH+AA==,type:str]
|
rpcSecret: ENC[AES256_GCM,data:3tCZk2csB/ofxPc6,iv:NwT6k1hh73moH6eErT23/Dvwgb1wP/qIuoxXnCgNSao=,tag:nh0mFsh9I4R1baCL1oH+AA==,type:str]
|
||||||
webdav-secret: ENC[AES256_GCM,data:SDFyHaE+HprkguOmDfnzwQ/n5OYgbTpxcVl4FGiLcsItefbSDOIQg5l01fqVB8zv+rRGlPcyRrIn7KTPrTpBx7X4RNHfFK4FKKvAANt6z0e5pu1+wnoObWxTShCFjfFoRCLkoh/j/CmLFyFIafrI7rzZUhs=,iv:stygLmNVWXkZL5A0J83CKPefRr7TqXeygQVLszr28eY=,tag:9hss2c77JELSASnwUyAF4w==,type:str]
|
webdav-secret: ENC[AES256_GCM,data:SDFyHaE+HprkguOmDfnzwQ/n5OYgbTpxcVl4FGiLcsItefbSDOIQg5l01fqVB8zv+rRGlPcyRrIn7KTPrTpBx7X4RNHfFK4FKKvAANt6z0e5pu1+wnoObWxTShCFjfFoRCLkoh/j/CmLFyFIafrI7rzZUhs=,iv:stygLmNVWXkZL5A0J83CKPefRr7TqXeygQVLszr28eY=,tag:9hss2c77JELSASnwUyAF4w==,type:str]
|
||||||
|
wg-private-key: ENC[AES256_GCM,data:5WGAAst0qVqn1siX3snkAhsSDhZaS33XHT44BfViWLZqvzw+OhPB/jkSr4U=,iv:yXfN50SM3OWdycINB8iWXtvCSS01NBTrGBs1kxd1j0M=,tag:yhjDY1AM5aQ6DFeFEjo2Mw==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -18,8 +19,8 @@ sops:
|
||||||
Vm9mWk5JRGtZNVVhN1JQWTBlb2kySkEKoLI1MzS3uGNUbyn7kI5DylKZiPtc1div
|
Vm9mWk5JRGtZNVVhN1JQWTBlb2kySkEKoLI1MzS3uGNUbyn7kI5DylKZiPtc1div
|
||||||
bKIboWoobTfDt0EURfmZ5+JrX6DlZxRyNQyl9dsKmZT6pLdaIppStA==
|
bKIboWoobTfDt0EURfmZ5+JrX6DlZxRyNQyl9dsKmZT6pLdaIppStA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-12-04T22:37:22Z"
|
lastmodified: "2024-12-06T17:42:47Z"
|
||||||
mac: ENC[AES256_GCM,data:sOC3EwlVuPXRNDY9mMkp5+qiPvRc439DD2r9pfjPThV0YXb/HqFIyHEdNJDzvAj1hm20Qp0I45A3Hy2hKI6AKKtY9B8/fMu9EMdtkmmWk5Iav4jTYd8bbVyegILFfxix2DNbRrR95qPqwfjrq3E47c/JuM7DVCwueS5d22rbNrs=,iv:gcrCQs1fHRfU2IQo/vJ2u2ITau7wn+Zo0L4AO9RZbCE=,tag:PCYsDxhAHjIglHMikg97+A==,type:str]
|
mac: ENC[AES256_GCM,data:Fcc8x/C6iv62OJeLSGZlfsLzscWVAki1vdJvPiApx8N0Uazkq0G5PS6haoLEtOzDw2Fi/0pvVWef+O+lOg/mtqxxNBXozv1f66Q9HQCZOZP0PRQPEVcWJJ/vuPMSOlQDEiGJnuakJZeOmtuZkGStcfmlcybsOlyvEYwvbpeweDI=,iv:oDpoDDcQ/+ovsjkCeRLx9Fpiv+0/f/KkC4fFDdUmxHo=,tag:SiYHQmVz0vLFCOs0xhgr4g==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.9.1
|
version: 3.9.1
|
||||||
|
|
Loading…
Reference in a new issue