From 125732e03af437069ec09aec2c751af37587d45b Mon Sep 17 00:00:00 2001 From: Max Date: Sat, 4 Nov 2023 00:27:30 +0100 Subject: [PATCH] cluster/services/wireguard: add grail to mesh --- cluster/services/wireguard/default.nix | 12 +++++++++++- cluster/services/wireguard/mesh-keys/grail.age | 12 ++++++++++++ secrets.nix | 1 + 3 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 cluster/services/wireguard/mesh-keys/grail.age diff --git a/cluster/services/wireguard/default.nix b/cluster/services/wireguard/default.nix index 545bd99..fdf5d40 100644 --- a/cluster/services/wireguard/default.nix +++ b/cluster/services/wireguard/default.nix @@ -27,6 +27,16 @@ in extraRoutes = []; }; }; + grail.mesh = { + ipv4 = getExtAddr hours.grail; + extra = { + meshIp = "10.1.1.6"; + inherit meshNet; + pubKey = "0WAiQGdWySsGWFUk+a9e0I+BDTKwTyWQdFT2d7BMfDQ="; + privKeyFile = ./mesh-keys/grail.age; + extraRoutes = []; + }; + }; thunderskin.mesh = { ipv4 = getExtAddr hours.thunderskin; extra = { @@ -60,7 +70,7 @@ in }; services.wireguard = { nodes = { - mesh = [ "checkmate" "thunderskin" "VEGAS" "prophet" ]; + mesh = [ "checkmate" "grail" "thunderskin" "VEGAS" "prophet" ]; }; nixos = { mesh = ./mesh.nix; diff --git a/cluster/services/wireguard/mesh-keys/grail.age b/cluster/services/wireguard/mesh-keys/grail.age new file mode 100644 index 0000000..6ca1dc0 --- /dev/null +++ b/cluster/services/wireguard/mesh-keys/grail.age @@ -0,0 +1,12 @@ +age-encryption.org/v1 +-> ssh-ed25519 NO562A BNIU8M5X5C4LSiie6S4zVraFQAsyGKAv7BwLVIXHiFM +LLcXZ7tiTUnN+tJLwqqs1hLZ8usCDWqNVGr1lAn5OQs +-> ssh-ed25519 5/zT0w H/SGf0oYVg/JCd07bicWL1LWQwExr0gbi+gV1j7Fy2M +yHjguPtS8ItpY+pAR3lLVpXQxq7d3cuQYU5DHs2qjMc +-> ssh-ed25519 P/nEqQ z1us0mTbOuLrkI7n6doG+JVFAuqwZvC0dEfdGauM+Fg +P/tKnt5gZ66HAWR0/pqpmJMHp6hLbcjwE3BhO9NCkZY +-> ((I-grease +r66LwGiqumMp/NlcnLgOaxZ7cfQMBCr4Rq9aJdjUck69113hNf4orC/bGVCDhmdu +s1cSHPVw1hys +--- FxWSO98U5IDaGPs57hzO70gVN/ELN0/UxKKmIoxadks +1ÊnûEHvóî_QíÄV†7¬Çæ•Ãܲé¶m¡z2'ÛÎ¥¯zWÚ)¼Ôç.»!ãi#¬TXÎT‰k[Fy üˆEë!>á¨tÁ !‹‚*à \ No newline at end of file diff --git a/secrets.nix b/secrets.nix index 8c918d1..6babb29 100644 --- a/secrets.nix +++ b/secrets.nix @@ -49,6 +49,7 @@ in with hosts; "cluster/services/storage/secrets/garage-rpc-secret.age".publicKeys = max ++ map systemKeys [ checkmate VEGAS prophet ]; "cluster/services/storage/secrets/storage-box-credentials.age".publicKeys = max ++ map systemKeys [ checkmate VEGAS prophet ]; "cluster/services/wireguard/mesh-keys/checkmate.age".publicKeys = max ++ map systemKeys [ checkmate ]; + "cluster/services/wireguard/mesh-keys/grail.age".publicKeys = max ++ map systemKeys [ grail ]; "cluster/services/wireguard/mesh-keys/thunderskin.age".publicKeys = max ++ map systemKeys [ thunderskin ]; "cluster/services/wireguard/mesh-keys/VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "cluster/services/wireguard/mesh-keys/prophet.age".publicKeys = max ++ map systemKeys [ prophet ];