privatevoid.net/depot
1
1
Fork 0
Code Issues 23 Pull requests 2 Projects 3 Releases Packages Wiki Activity Actions

cluster/services/wireguard: add checkmate to host mesh

Browse source
This commit is contained in:
Max Headroom 2023-03-01 01:02:41 +01:00
parent 50a18fc9a1
commit f6311ec7c4
3 changed files with 25 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
cluster/services/wireguard/default.nix
View file

@ -14,12 +14,23 @@ in
{
vars = {
mesh = {
checkmate = config.links.mesh-node-checkmate.extra;
VEGAS = config.links.mesh-node-VEGAS.extra;
prophet = config.links.mesh-node-prophet.extra;
};
inherit meshNet;
};
links = {
mesh-node-checkmate = {
ipv4 = getExtAddr hosts.checkmate;
extra = {
meshIp = "10.1.1.32";
inherit meshNet;
pubKey = "fZMB9CDCWyBxPnsugo3Uxm/TIDP3VX54uFoaoC0bP3U=";
privKeyFile = ./mesh-keys/checkmate.age;
extraRoutes = [];
};
};
mesh-node-VEGAS = {
ipv4 = getExtAddr hosts.VEGAS;
extra = {
@ -43,7 +54,7 @@ in
};
services.wireguard = {
nodes = {
mesh = [ "VEGAS" "prophet" ];
mesh = [ "checkmate" "VEGAS" "prophet" ];
};
nixos = {
mesh = ./mesh.nix;

12
cluster/services/wireguard/mesh-keys/checkmate.age Normal file
View file

@ -0,0 +1,12 @@
age-encryption.org/v1
-> ssh-ed25519 NO562A rE85lK37XeM803mXkugmTjfAp3LNqKy2yuGGbY4IOAM
nDielwqyuaW72OKiUBgFPWK45aZhh768+MskQ5+vhUs
-> ssh-ed25519 5/zT0w QxXHVLpk2qeXjO8c3a0cQ1oKk3fUn9+yIoHAK1hLYgQ
d4s/F2ck8Z4AsCQReghxj+M0JjBYKoMpfU+K21AzwFg
-> ssh-ed25519 TCgorQ lqg5aPJuj5NPEAgAaw52lwpQ++eWPxO4BITdpLKoZFg
KS0kRB2K/+/+U2xfr2VE09XdjVvIflTweU93Vy7Okr8
-> ?).-grease =%LA 5cVQvduw
gs9TPdbaRJVf50LDiUdlg7Vr4LUfg2Kj2bPAbN2f2z4LKDnSbWHkJ6B3EfOMDxTN
KmX8mGCi7QBGOfb1EY3h5cDgteBXiLN4aLh6kpCe0F3/DQ
--- vLjmBMfCrvOuF1ww5UcHQAmBUo0LgIuJKcNEDlOCZ3g
ß<EFBFBD>&„îd!¾Žqƒ©H<oÄžˆ×“5ç屃бÝ0&Ÿ<>ý⬻¯3~Ù´ð5Œ<35>§Ž÷Ñ¡“Ko)å6³üWÜ°‹

1
secrets.nix
View file

@ -24,6 +24,7 @@ in with hosts;
"cluster/services/patroni/passwords/replication.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
"cluster/services/patroni/passwords/rewind.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
"cluster/services/patroni/passwords/superuser.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
"cluster/services/wireguard/mesh-keys/checkmate.age".publicKeys = max ++ map systemKeys [ checkmate ];
"cluster/services/wireguard/mesh-keys/VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"cluster/services/wireguard/mesh-keys/prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
"secrets/coturn-static-auth.age".publicKeys = max ++ map systemKeys [ VEGAS ];