mirror of
https://gitlab.com/upRootNutrition/dotfiles.git
synced 2025-06-15 17:45:12 -05:00
67 lines
1.6 KiB
Nix
Executable file
67 lines
1.6 KiB
Nix
Executable file
{ config, flake, ... }:
|
|
let
|
|
inherit (flake.config.services.instances) wireGuard;
|
|
service = wireGuard;
|
|
|
|
wireGuardInterface =
|
|
{
|
|
secret,
|
|
publicKey,
|
|
endpoint,
|
|
}:
|
|
{
|
|
name = "Proton-${secret}";
|
|
value = {
|
|
autostart = false;
|
|
address = [ "10.2.0.2/32" ];
|
|
dns = [ "10.2.0.1" ];
|
|
privateKeyFile = config.sops.secrets."${service.name}-${secret}".path;
|
|
peers = [
|
|
{
|
|
inherit publicKey endpoint;
|
|
allowedIPs = [ "0.0.0.0/0,::/0" ];
|
|
persistentKeepalive = 25;
|
|
}
|
|
];
|
|
};
|
|
};
|
|
|
|
interfaces = [
|
|
{
|
|
secret = "CA363";
|
|
publicKey = "9mTDh5Tku0gxDdzqxnpnzItHQBm2h2B2hXnUHvhGCFw=";
|
|
endpoint = "149.88.97.110:51820";
|
|
}
|
|
{
|
|
secret = "CA220";
|
|
publicKey = "UR8vjVYrrWYadCwLKiAabKTIdxM4yikmCXnvKWm89D8=";
|
|
endpoint = "139.28.218.130:51820";
|
|
}
|
|
{
|
|
secret = "CA358";
|
|
publicKey = "9mTDh5Tku0gxDdzqxnpnzItHQBm2h2B2hXnUHvhGCFw=";
|
|
endpoint = "149.88.97.110:51820";
|
|
}
|
|
{
|
|
secret = "CA627";
|
|
publicKey = "xLFgU430Tt7PdHJydVbIKvtjXJodoPpGKW7fhF7XE2k=";
|
|
endpoint = "139.28.218.130:51820";
|
|
}
|
|
];
|
|
|
|
sopsPath = secret: {
|
|
path = "${service.sops.path0}/${service.name}-${secret}";
|
|
owner = "root";
|
|
mode = "600";
|
|
};
|
|
in
|
|
{
|
|
networking.wg-quick.interfaces = builtins.listToAttrs (map wireGuardInterface interfaces);
|
|
|
|
sops.secrets = builtins.listToAttrs (
|
|
map (interface: {
|
|
name = "${service.name}-${interface.secret}";
|
|
value = sopsPath interface.secret;
|
|
}) interfaces
|
|
);
|
|
}
|