cluster/services/wireguard: add checkmate to host mesh

2023-03-01 01:02:41 +01:00 · 2023-03-01 01:02:41 +01:00 · f6311ec7c4
commit f6311ec7c4
parent 50a18fc9a1
3 changed files with 25 additions and 1 deletions
--- a/cluster/services/wireguard/default.nix
+++ b/cluster/services/wireguard/default.nix
@ -14,12 +14,23 @@ in
 {
  vars = {
    mesh = {
      checkmate = config.links.mesh-node-checkmate.extra;
      VEGAS = config.links.mesh-node-VEGAS.extra;
      prophet = config.links.mesh-node-prophet.extra;
    };
    inherit meshNet;
  };
  links = {
    mesh-node-checkmate = {
      ipv4 = getExtAddr hosts.checkmate;
      extra = {
        meshIp = "10.1.1.32";
        inherit meshNet;
        pubKey = "fZMB9CDCWyBxPnsugo3Uxm/TIDP3VX54uFoaoC0bP3U=";
        privKeyFile = ./mesh-keys/checkmate.age;
        extraRoutes = [];
      };
    };
    mesh-node-VEGAS = {
      ipv4 = getExtAddr hosts.VEGAS;
      extra = {
@ -43,7 +54,7 @@ in
  };
  services.wireguard = {
    nodes = {
-      mesh = [ "VEGAS" "prophet" ];
+      mesh = [ "checkmate" "VEGAS" "prophet" ];
    };
    nixos = {
      mesh = ./mesh.nix;
--- a/cluster/services/wireguard/mesh-keys/checkmate.age
+++ b/cluster/services/wireguard/mesh-keys/checkmate.age
@ -0,0 +1,12 @@
 age-encryption.org/v1
 -> ssh-ed25519 NO562A rE85lK37XeM803mXkugmTjfAp3LNqKy2yuGGbY4IOAM
 nDielwqyuaW72OKiUBgFPWK45aZhh768+MskQ5+vhUs
 -> ssh-ed25519 5/zT0w QxXHVLpk2qeXjO8c3a0cQ1oKk3fUn9+yIoHAK1hLYgQ
 d4s/F2ck8Z4AsCQReghxj+M0JjBYKoMpfU+K21AzwFg
 -> ssh-ed25519 TCgorQ lqg5aPJuj5NPEAgAaw52lwpQ++eWPxO4BITdpLKoZFg
 KS0kRB2K/+/+U2xfr2VE09XdjVvIflTweU93Vy7Okr8
 -> ?).-grease =%LA 5cVQvduw
 gs9TPdbaRJVf50LDiUdlg7Vr4LUfg2Kj2bPAbN2f2z4LKDnSbWHkJ6B3EfOMDxTN
 KmX8mGCi7QBGOfb1EY3h5cDgteBXiLN4aLh6kpCe0F3/DQ
 --- vLjmBMfCrvOuF1ww5UcHQAmBUo0LgIuJKcNEDlOCZ3g
 ß<EFBFBD>&„îd!¾Žqƒ©H<oÄžˆ×“5çå±ƒÐ±Ý0&Ÿ<>ýâ¬»¯3~Ù´ð5Œ<35>§Ž÷Ñ¡“Ko)å6³üWÜ°‹
--- a/secrets.nix
+++ b/secrets.nix
@ -24,6 +24,7 @@ in with hosts;
  "cluster/services/patroni/passwords/replication.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
  "cluster/services/patroni/passwords/rewind.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
  "cluster/services/patroni/passwords/superuser.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
  "cluster/services/wireguard/mesh-keys/checkmate.age".publicKeys = max ++ map systemKeys [ checkmate ];
  "cluster/services/wireguard/mesh-keys/VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "cluster/services/wireguard/mesh-keys/prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
  "secrets/coturn-static-auth.age".publicKeys = max ++ map systemKeys [ VEGAS ];