Cluster secrets #100

Merged
max merged 17 commits from pr-cluster-secrets into master 2024-07-08 22:23:11 +03:00
7 changed files with 5 additions and 11 deletions
Showing only changes of commit 96c34332ca - Show all commits

View file

@ -23,7 +23,6 @@ in
meshIp = "10.1.1.32";
inherit meshNet;
pubKey = "fZMB9CDCWyBxPnsugo3Uxm/TIDP3VX54uFoaoC0bP3U=";
privKeyFile = ./mesh-keys/checkmate.age;
extraRoutes = [];
};
};
@ -33,7 +32,6 @@ in
meshIp = "10.1.1.6";
inherit meshNet;
pubKey = "0WAiQGdWySsGWFUk+a9e0I+BDTKwTyWQdFT2d7BMfDQ=";
privKeyFile = ./mesh-keys/grail.age;
extraRoutes = [];
};
};
@ -43,7 +41,6 @@ in
meshIp = "10.1.1.4";
inherit meshNet;
pubKey = "xvSsFvCVK8h2wThZJ7E5K0fniTBIEIYOblkKIf3Cwy0=";
privKeyFile = ./mesh-keys/thunderskin.age;
extraRoutes = [];
};
};
@ -53,7 +50,6 @@ in
meshIp = "10.1.1.5";
inherit meshNet;
pubKey = "NpeB8O4erGTas1pz6Pt7qtY9k45YV6tcZmvvA4qXoFk=";
privKeyFile = ./mesh-keys/VEGAS.age;
extraRoutes = [ "${hours.VEGAS.interfaces.vstub.addr}/32" "10.10.0.0/16" ];
};
};
@ -63,7 +59,6 @@ in
meshIp = "10.1.1.9";
inherit meshNet;
pubKey = "MMZAbRtNE+gsLm6DJy9VN/Y39E69oAZnvOcFZPUAVDc=";
privKeyFile = ./mesh-keys/prophet.age;
extraRoutes = [];
};
};
@ -75,5 +70,9 @@ in
nixos = {
mesh = ./mesh.nix;
};
secrets.meshPrivateKey = {
nodes = config.services.wireguard.nodes.mesh;
shared = false;
};
};
}

View file

@ -13,11 +13,6 @@ let
};
in
{
age.secrets.wireguard-key-core = {
file = link.extra.privKeyFile;
mode = "0400";
};
networking = {
firewall = {
trustedInterfaces = [ "wgmesh" ];
@ -29,7 +24,7 @@ in
interfaces.wgmesh = {
ips = [ "${link.extra.meshIp}/24" ];
listenPort = link.port;
privateKeyFile = config.age.secrets.wireguard-key-core.path;
privateKeyFile = cluster.config.services.wireguard.secrets.meshPrivateKey.path;
peers = map mkPeer (cluster.config.services.wireguard.otherNodes.mesh hostName);
};
};