From d8e5475667eb85b862569776f9412aa2263ffe89 Mon Sep 17 00:00:00 2001 From: iFargle Date: Fri, 12 Jan 2024 17:23:27 +0900 Subject: [PATCH] Update wireguard link --- nixos/hosts/framework-server/wireguard.nix | 10 +++++----- nixos/hosts/osaka-linode-01/wireguard.nix | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/nixos/hosts/framework-server/wireguard.nix b/nixos/hosts/framework-server/wireguard.nix index 715b1ae3..5ac7732c 100644 --- a/nixos/hosts/framework-server/wireguard.nix +++ b/nixos/hosts/framework-server/wireguard.nix @@ -9,11 +9,11 @@ networking.firewall.interfaces.wireguard0.allowedTCPPorts = [ 22 ]; # Set up the secrets file: - sops.secrets."wireguard_keys/framework-server" = { + sops.secrets."wireguard_key" = { owner = "root"; - sopsFile = ../../../secrets/wireguard.yaml; + sopsFile = ../../../secrets/hosts/framework-server.yaml; }; - sops.secrets."wireguard_keys/preshared_key" = { + sops.secrets."preshared_key" = { owner = "root"; sopsFile = ../../../secrets/wireguard.yaml; }; @@ -26,12 +26,12 @@ "wireguard0" = { ips = [ "10.100.0.2/24" ]; listenPort = 51820; - privateKeyFile = "/run/secrets/wireguard_keys/framework-server"; + privateKeyFile = "/run/secrets/wireguard_key"; # Testing peers = [ { # osaka-linode-01 publicKey = "yPZ3EmmIqCkReXf1DRTxzVaKQ2k+ifGmYJHji5nnMmE="; - presharedKeyFile = "/run/secrets/wireguard_keys/preshared_key"; + presharedKeyFile = "/run/secrets/preshared_key"; persistentKeepalive = 5; allowedIPs = [ "10.100.0.1/32" ]; endpoint = "172.234.84.222:51820"; # osaka-linode-01 diff --git a/nixos/hosts/osaka-linode-01/wireguard.nix b/nixos/hosts/osaka-linode-01/wireguard.nix index f3cd9276..cf03a11e 100644 --- a/nixos/hosts/osaka-linode-01/wireguard.nix +++ b/nixos/hosts/osaka-linode-01/wireguard.nix @@ -15,12 +15,12 @@ networking.firewall.interfaces.wireguard0.allowedTCPPorts = [ 22 ]; # Set up the secrets file: - sops.secrets."wireguard_keys/osaka-linode-01" = { + sops.secrets."wireguard_key" = { owner = "root"; - sopsFile = ../../../secrets/wireguard.yaml; + sopsFile = ../../../secrets/hosts/osaka-linode-01.yaml; }; - sops.secrets."wireguard_keys/preshared_key" = { + sops.secrets."preshared_key" = { owner = "root"; sopsFile = ../../../secrets/wireguard.yaml; }; @@ -38,13 +38,13 @@ "wireguard0" = { ips = [ "10.100.0.1/24" ]; listenPort = 51820; - privateKeyFile = "/run/secrets/wireguard_keys/osaka-linode-01"; + privateKeyFile = "/run/secrets/wireguard_key"; postSetup = ''${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o enp0s4 -j MASQUERADE''; postShutdown = ''${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o enp0s4 -j MASQUERADE''; peers = [ { # nixos-rpi4-03 publicKey = "trHvfNtQ7HKMiJjxEXo2Iubq5G6egjx7gHiBlDmJ5Ek="; - presharedKeyFile = "/run/secrets/wireguard_keys/preshared_key"; + presharedKeyFile = "/run/secrets/preshared_key"; persistentKeepalive = 5; allowedIPs = [ "10.100.0.2/32" ]; }