From d20bf67a28ae31dd200c6a9b0a238198e5f1ff6a Mon Sep 17 00:00:00 2001 From: iFargle Date: Fri, 6 Oct 2023 13:08:55 +0900 Subject: [PATCH] Add preshared key to Wireguard --- nixos/hosts/nixos-rpi4-01/default.nix | 5 +++++ nixos/hosts/osaka-vultr-01/default.nix | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/nixos/hosts/nixos-rpi4-01/default.nix b/nixos/hosts/nixos-rpi4-01/default.nix index 408ced23..1b99de5f 100644 --- a/nixos/hosts/nixos-rpi4-01/default.nix +++ b/nixos/hosts/nixos-rpi4-01/default.nix @@ -56,6 +56,10 @@ owner = "root"; sopsFile = ../../../secrets/wireguard.yaml; }; + sops.secrets."wireguard_keys/preshared_key" = { + owner = "root"; + sopsFile = ../../../secrets/wireguard.yaml; + }; # Wireguard Forwarder networking.wireguard = { @@ -70,6 +74,7 @@ persistentKeepalive = 5; allowedIPs = [ "0.0.0.0/0" ]; endpoint = "64.176.54.57:51820"; + presharedKeyFile = "/run/secrets/wireguard_keys/preshared_key"; } ] }; diff --git a/nixos/hosts/osaka-vultr-01/default.nix b/nixos/hosts/osaka-vultr-01/default.nix index 515947ee..4c277ab7 100644 --- a/nixos/hosts/osaka-vultr-01/default.nix +++ b/nixos/hosts/osaka-vultr-01/default.nix @@ -23,6 +23,10 @@ owner = "root"; sopsFile = ../../../secrets/wireguard.yaml; }; + sops.secrets."wireguard_keys/preshared_key" = { + owner = "root"; + sopsFile = ../../../secrets/wireguard.yaml; + }; # Wireguard Forwarder boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; }; @@ -41,6 +45,7 @@ publicKey = ""; allowedIPs = [ "10.100.0.2/32" ]; persistentKeepalive = 5; + presharedKeyFile = "/run/secrets/wireguard_keys/preshared_key"; } ]; };