albert/nix
albert/nix
1
0
Fork 0
Code Issues Pull requests Activity Actions

Add preshared key to Wireguard

Browse source
This commit is contained in:
iFargle 2023-10-06 13:08:55 +09:00
parent 37391cf226
commit d20bf67a28
2 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
nixos/hosts/nixos-rpi4-01/default.nix
View file

@ -56,6 +56,10 @@
owner = "root"; owner = "root";
sopsFile = ../../../secrets/wireguard.yaml; sopsFile = ../../../secrets/wireguard.yaml;
}; };
sops.secrets."wireguard_keys/preshared_key" = {
owner = "root";
sopsFile = ../../../secrets/wireguard.yaml;
};
# Wireguard Forwarder # Wireguard Forwarder
networking.wireguard = { networking.wireguard = {
@ -70,6 +74,7 @@
persistentKeepalive = 5; persistentKeepalive = 5;
allowedIPs = [ "0.0.0.0/0" ]; allowedIPs = [ "0.0.0.0/0" ];
endpoint = "64.176.54.57:51820"; endpoint = "64.176.54.57:51820";
presharedKeyFile = "/run/secrets/wireguard_keys/preshared_key";
} }
] ]
}; };

5
nixos/hosts/osaka-vultr-01/default.nix
View file

@ -23,6 +23,10 @@
owner = "root"; owner = "root";
sopsFile = ../../../secrets/wireguard.yaml; sopsFile = ../../../secrets/wireguard.yaml;
}; };
sops.secrets."wireguard_keys/preshared_key" = {
owner = "root";
sopsFile = ../../../secrets/wireguard.yaml;
};
# Wireguard Forwarder # Wireguard Forwarder
boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; }; boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; };
@ -41,6 +45,7 @@
publicKey = ""; publicKey = "";
allowedIPs = [ "10.100.0.2/32" ]; allowedIPs = [ "10.100.0.2/32" ];
persistentKeepalive = 5; persistentKeepalive = 5;
presharedKeyFile = "/run/secrets/wireguard_keys/preshared_key";
} }
]; ];
}; };