From 9b5571afa4ff67213bb05f3d285da42fd69a89b7 Mon Sep 17 00:00:00 2001 From: Max Date: Tue, 23 Jul 2024 02:46:34 +0200 Subject: [PATCH] cluster/services/wireguard: make simulacrum compatible --- cluster/services/wireguard/default.nix | 31 ++++++++++++++----- .../simulacrum/keys/snakeoilPrivateKey-VEGAS | 1 + .../keys/snakeoilPrivateKey-checkmate | 1 + .../simulacrum/keys/snakeoilPrivateKey-grail | 1 + .../keys/snakeoilPrivateKey-prophet | 1 + .../keys/snakeoilPrivateKey-thunderskin | 1 + .../wireguard/simulacrum/snakeoil-keys.nix | 6 ++++ 7 files changed, 35 insertions(+), 7 deletions(-) create mode 100644 cluster/services/wireguard/simulacrum/keys/snakeoilPrivateKey-VEGAS create mode 100644 cluster/services/wireguard/simulacrum/keys/snakeoilPrivateKey-checkmate create mode 100644 cluster/services/wireguard/simulacrum/keys/snakeoilPrivateKey-grail create mode 100644 cluster/services/wireguard/simulacrum/keys/snakeoilPrivateKey-prophet create mode 100644 cluster/services/wireguard/simulacrum/keys/snakeoilPrivateKey-thunderskin create mode 100644 cluster/services/wireguard/simulacrum/snakeoil-keys.nix diff --git a/cluster/services/wireguard/default.nix b/cluster/services/wireguard/default.nix index a1f25eb..54b893a 100644 --- a/cluster/services/wireguard/default.nix +++ b/cluster/services/wireguard/default.nix @@ -10,6 +10,19 @@ let }; getExtAddr = host: host.interfaces.primary.addrPublic; + + snakeoilPublicKeys = { + checkmate = "TESTtbFybW5YREwtd18a1A4StS4YAIUS5/M1Lv0jHjA="; + grail = "TEsTh7bthkaDh9A1CpqDi/F121ao5lRZqIJznLH8mB4="; + thunderskin = "tEST6afFmVN18o+EiWNFx+ax3MJwdQIeNfJSGEpffXw="; + VEGAS = "tEsT6s7VtM5C20eJBaq6UlQydAha8ATlmrTRe9T5jnM="; + prophet = "TEstYyb5IoqSL53HbSQwMhTaR16sxcWcMmXIBPd+1gE="; + }; + + grease = hourName: realPublicKey: if config.simulacrum then + snakeoilPublicKeys.${hourName} + else + realPublicKey; in { vars = { @@ -22,7 +35,7 @@ in extra = { meshIp = "10.1.1.32"; inherit meshNet; - pubKey = "fZMB9CDCWyBxPnsugo3Uxm/TIDP3VX54uFoaoC0bP3U="; + pubKey = grease "checkmate" "fZMB9CDCWyBxPnsugo3Uxm/TIDP3VX54uFoaoC0bP3U="; extraRoutes = []; }; }; @@ -31,7 +44,7 @@ in extra = { meshIp = "10.1.1.6"; inherit meshNet; - pubKey = "0WAiQGdWySsGWFUk+a9e0I+BDTKwTyWQdFT2d7BMfDQ="; + pubKey = grease "grail" "0WAiQGdWySsGWFUk+a9e0I+BDTKwTyWQdFT2d7BMfDQ="; extraRoutes = []; }; }; @@ -40,7 +53,7 @@ in extra = { meshIp = "10.1.1.4"; inherit meshNet; - pubKey = "xvSsFvCVK8h2wThZJ7E5K0fniTBIEIYOblkKIf3Cwy0="; + pubKey = grease "thunderskin" "xvSsFvCVK8h2wThZJ7E5K0fniTBIEIYOblkKIf3Cwy0="; extraRoutes = []; }; }; @@ -49,7 +62,7 @@ in extra = { meshIp = "10.1.1.5"; inherit meshNet; - pubKey = "NpeB8O4erGTas1pz6Pt7qtY9k45YV6tcZmvvA4qXoFk="; + pubKey = grease "VEGAS" "NpeB8O4erGTas1pz6Pt7qtY9k45YV6tcZmvvA4qXoFk="; extraRoutes = [ "${hours.VEGAS.interfaces.vstub.addr}/32" "10.10.0.0/16" ]; }; }; @@ -58,7 +71,7 @@ in extra = { meshIp = "10.1.1.9"; inherit meshNet; - pubKey = "MMZAbRtNE+gsLm6DJy9VN/Y39E69oAZnvOcFZPUAVDc="; + pubKey = grease "prophet" "MMZAbRtNE+gsLm6DJy9VN/Y39E69oAZnvOcFZPUAVDc="; extraRoutes = []; }; }; @@ -69,8 +82,12 @@ in storm = [ "VEGAS" ]; }; nixos = { - mesh = ./mesh.nix; - storm = ./storm.nix; + mesh = [ + ./mesh.nix + ] ++ lib.optionals config.simulacrum [ + ./simulacrum/snakeoil-keys.nix + ]; + storm = [ ./storm.nix ]; }; secrets.meshPrivateKey = { nodes = config.services.wireguard.nodes.mesh; diff --git a/cluster/services/wireguard/simulacrum/keys/snakeoilPrivateKey-VEGAS b/cluster/services/wireguard/simulacrum/keys/snakeoilPrivateKey-VEGAS new file mode 100644 index 0000000..e15616d --- /dev/null +++ b/cluster/services/wireguard/simulacrum/keys/snakeoilPrivateKey-VEGAS @@ -0,0 +1 @@ +MNvWpMluuzQvPyGTp7jtyPSyz6n9lIly/WX1gW2NAHg= diff --git a/cluster/services/wireguard/simulacrum/keys/snakeoilPrivateKey-checkmate b/cluster/services/wireguard/simulacrum/keys/snakeoilPrivateKey-checkmate new file mode 100644 index 0000000..f498b5b --- /dev/null +++ b/cluster/services/wireguard/simulacrum/keys/snakeoilPrivateKey-checkmate @@ -0,0 +1 @@ +YHzP8rBP6qiXs6ZdnvHop9KnCYRADIEejwZzAzvj8m4= diff --git a/cluster/services/wireguard/simulacrum/keys/snakeoilPrivateKey-grail b/cluster/services/wireguard/simulacrum/keys/snakeoilPrivateKey-grail new file mode 100644 index 0000000..7496093 --- /dev/null +++ b/cluster/services/wireguard/simulacrum/keys/snakeoilPrivateKey-grail @@ -0,0 +1 @@ +uD7X5E6N9d0sN+xPr/bWnehSa3bAok741GO7Z4I+Z3I= diff --git a/cluster/services/wireguard/simulacrum/keys/snakeoilPrivateKey-prophet b/cluster/services/wireguard/simulacrum/keys/snakeoilPrivateKey-prophet new file mode 100644 index 0000000..d46aa5e --- /dev/null +++ b/cluster/services/wireguard/simulacrum/keys/snakeoilPrivateKey-prophet @@ -0,0 +1 @@ +QHyIJ3HoKGGFN28qOrQP4UyoQMP5bM7Idn2MzayKzEM= diff --git a/cluster/services/wireguard/simulacrum/keys/snakeoilPrivateKey-thunderskin b/cluster/services/wireguard/simulacrum/keys/snakeoilPrivateKey-thunderskin new file mode 100644 index 0000000..6088510 --- /dev/null +++ b/cluster/services/wireguard/simulacrum/keys/snakeoilPrivateKey-thunderskin @@ -0,0 +1 @@ +YLl+hkWaCWx/5PpWs3cQ+bKqYdJef/qZ+FMTsM9ammM= diff --git a/cluster/services/wireguard/simulacrum/snakeoil-keys.nix b/cluster/services/wireguard/simulacrum/snakeoil-keys.nix new file mode 100644 index 0000000..d3dd500 --- /dev/null +++ b/cluster/services/wireguard/simulacrum/snakeoil-keys.nix @@ -0,0 +1,6 @@ +{ lib, config, ... }: { + config.environment.etc = { + "dummy-secrets/cluster-wireguard-meshPrivateKey".source = lib.mkForce ./keys/snakeoilPrivateKey-${config.networking.hostName}; + "dummy-secrets/wireguard-key-storm".source = lib.mkForce ./keys/snakeoilPrivateKey-${config.networking.hostName}; + }; +}