services/backbone-routing: add Mullvad connection

hosts/VEGAS/services/backbone-routing/peering.nix

@@ -11,6 +11,12 @@
     group = "root";
     mode = "0400";
   };
+  age.secrets.wireguard-key-wgmv = {
+    file = ../../../../secrets/wireguard-key-wgmv.age;
+    owner = "root";
+    group = "root";
+    mode = "0400";
+  };
 
   networking.wireguard = {
     enable = true;
@@ -29,5 +35,24 @@
         }
       ];
     };
+    interfaces.wgmv-es7 = {
+      ips = [ "10.66.207.76/32" ];
+      privateKeyFile = config.age.secrets.wireguard-key-wgmv.path;
+      allowedIPsAsRoutes = false;
+      peers = [
+        # es7-wireguard
+        {
+          publicKey = "azJb0GofbDjSh2KTPReEeVdB8QVs4QC7E57P7MC7dQg=";
+          allowedIPs = [ "10.64.0.1/32" "0.0.0.0/0" ];
+          endpoint = "45.134.213.207:51820";
+        }
+      ];
+    };
+  };
+  networking.interfaces = {
+    wgmv-es7.ipv4.routes = [
+      { address = "10.64.0.1"; prefixLength = 32; }
+      { address = "10.124.0.0"; prefixLength = 16; }
+    ];
   };
 }

secrets/secrets.nix

@@ -43,4 +43,5 @@ in with hosts;
   "synapse-turn.age".publicKeys = max ++ map systemKeys [ VEGAS ];
   "wireguard-key-storm-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
   "wireguard-key-wgautobahn.age".publicKeys = max ++ map systemKeys [ VEGAS ];
+  "wireguard-key-wgmv.age".publicKeys = max ++ map systemKeys [ VEGAS ];
 }

secrets/wireguard-key-wgmv.age

@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 NO562A eC6bEAR5fxQ1U2tBNdYVBPLBM7rDcFYDDZd1oWtb1Hw
+/Efcbzyc8I8SaJW/wh9Lzamp0ZB7jAKxJh73/X+Jy5A
+-> ssh-ed25519 5/zT0w J5P8XAcREK8elnqhkfTW+rbd2NrMOT2yJBj0QyxCRDE
+jwEJkHJBUTyiailTw6+Z3BytiiGEYtb26b1R+qcnXD8
+-> ssh-ed25519 d3WGuA Xc11x0GvIVePn9SsMYc/LT17/JbDGHrSz+gekxvwcgI
+1j/dFaRlYVjpdbdHKnnhrmxqUh6YjJbsYV3hZg2I50M
+-> Z-grease PGM
+XPF0DZ6AXL4QrteN
+--- 4MLtCMJYBipDGb9zfTUopTQThvfYP+mMv+B7UzMGx/k
+ꇇ”²³ÕÑ×|µ7yöÀêsh÷@:03ÿV§[÷¸Q1™ßL"Ò<>fUÔs*Oº“è#8êÍ ÆÐó_\*£bX9–­üÝm