Move wireguard keys to secrets/wireguard-keys

5 files changed, 40 insertions, 3 deletions

diff --git a/hosts/ahmed/wireguard-vpn/default.nix b/hosts/ahmed/wireguard-vpn/default.nix
index e419b31..bf70a12 100644
--- a/hosts/ahmed/wireguard-vpn/default.nix
+++ b/hosts/ahmed/wireguard-vpn/default.nix
@@ -28,7 +28,7 @@ in {
     peers = [
       {
         # Muhammed
-        publicKey = "l0HoOpGEkyxG3dTsJ3+zNItD6bQEkzymGvcsMLFOdmA=";
+        publicKey = metadata.hosts.muhammed.wireguard.pubkey;
         allowedIPs = ["10.100.0.2/32"];
       }
     ];
@@ -39,7 +39,7 @@ in {
   networking.firewall.allowedUDPPorts = [metadata.hosts.ahmed.wireguard.port];
 
   # Get the private keys.
-  age.secrets.wireguard-vpn-key.file = ../../../secrets/wireguard-vpn-key.age;
+  age.secrets.wireguard-vpn-key.file = ../../../secrets/wireguard-keys/ahmed.age;
 
   # Forward packets from wireguard onto the LAN while also doing address translation.
   networking.nat = {
diff --git a/metadata.toml b/metadata.toml
index ce62ec5..c19654a 100644
--- a/metadata.toml
+++ b/metadata.toml
@@ -20,6 +20,9 @@ ipv4Address = "192.168.68.111"
 [hosts.muhammed.sshKeys]
  linus = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDcmUCfFA/arYpT0zBWoOXcyxN5bgk5cMrWgTIol5RsHB82VzoS+LG3IV4IwBz4QALaCj5DlhfbasGKMkFRgFvLerEtBleIb58RtOXIOf6TIUaqpyHB3h2CjdwrbmyjjWEl9W2BTpadrR5uPr0HoeED8dCFYE5cPjrSELtrYxEW0o1DBJw8bXfpgyYB21loBzrcOhRsrPSaS0gYHZLGY7Av7FGfncVZDLNYL0/pZ/t0UWD6JF+6FgOdGWAuuwSt5WR9DVxGilVG5aFktDB14fNPEBIVf7tkT4/McAihR/u344yaiUWA4bV7w039Ubhn9NdnoBSvGrP6jTy/zDgq5ywFj8aqcdlahxtELNWgxYYrI8HZzvITKo1FU7BOcUN1vNS4npOvyWBl7s3jFCO+R2E/BoyjfsjYTylacpepf26D87U32jNsh39OKdHxRF3/qmMGYa1L7N4M0iT9WFEMCcKB/MMAcHgE25vWPQaY1orU8X8NZPhxjfIVcw1rqcjwCryNwb1ZOMTIEc9kbGiP99MhE7ZA0yvHZfMezeymSwg1kN+iJDTp24gSsFtYuz5vm9lRu/PzfU9lNlp2KHdaLISUouSCCHPgF7zZSWtXa1B920zrAg2Fco8/Iymh+Fa0UNnrbnfyQTgLeNT12SLD4Y5gHimUsuq8tFkxjR6WffmrRw== linus@muhammed" 
 
+[hosts.muhammed.wireguard]
+pubkey =  "l0HoOpGEkyxG3dTsJ3+zNItD6bQEkzymGvcsMLFOdmA="
+
 [hosts.ali]
 network = "rumpenettet"
 ipv4Address = "192.168.68.173"
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index f66a2fb..dc5fb58 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -24,5 +24,6 @@ in {
   "mullvad-wg.key.age".publicKeys = [decodingKeys.muhammed] ++ interactiveKeys;
   "wraaath-sftp-password.txt.age".publicKeys = [decodingKeys.muhammed] ++ interactiveKeys;
   "linus.onl-github-secret.txt.age".publicKeys = [decodingKeys.muhammed] ++ interactiveKeys;
-  "wireguard-vpn-key.age".publicKeys = [decodingKeys.ahmed] ++ interactiveKeys;
+  "wireguard-keys/ahmed.age".publicKeys = [decodingKeys.ahmed] ++ interactiveKeys;
+  "wireguard-keys/muhammed.age".publicKeys = [decodingKeys.muhammed] ++ interactiveKeys;
 }
diff --git a/secrets/wireguard-vpn-key.age b/secrets/wireguard-keys/ahmed.age
index 9b8b231..9b8b231 100644
--- a/secrets/wireguard-vpn-key.age
+++ b/secrets/wireguard-keys/ahmed.age
diff --git a/secrets/wireguard-keys/muhammed.age b/secrets/wireguard-keys/muhammed.age
new file mode 100644
index 0000000..6f5d218
--- /dev/null
+++ b/secrets/wireguard-keys/muhammed.age
@@ -0,0 +1,33 @@
+age-encryption.org/v1
+-> ssh-rsa 5MROTA
+xV3MfmTIbt54HITCnuDx6En6lPa/kPSel2QdnGmPVodtz5w96hgsHRngHdofrVnr
+ns693kPMBuWI1njpiCxZrW/p56wZzQodrZty2HiVJmTT/g8aSKl4lj1QIvve5DhT
+14OTZ37X1ZbmXYYPVsHcjCGdvGRa8sJo0XRzmvVoXYwFL2vOkk396GgZZEmTZAv6
+omm7/KH7k7N5rSi4kKeqBdjCHzXJjPQtq9nOceo4hligDiMywkOaayBDDU46TtT5
+zwOOtJaabLYD2mg4R/0zc1mBrs2vYUs9qd4Prdd4LkqTQuuw+zG6MAnvxyBJR+Sh
+S457Or/c2ZzGpddoYpGiUuzhzME77M9rmnLIfp+SV/685NNU4n5KnfIXaoCh8SRr
+IGEq5qlfjA9w/onLFoeUIwn2SOUZT6cDPOvTXIXqFwRZPISi02/P8iMW7bvjiB1N
+ucpWQM9G+n1dC31zPYmyKdbOHCSyXtif+wKOhqi0U4ucBL625/1RH5Hmad0kT3dX
+9UaZXOZQ/jGV5h+gzhqrbz0TlBgsUNu1AhzxraksOAtdTGbkxG1+H0D05Or/t9+s
+vRNXoY6iNTPxDwBArkjlS62OJ5APzB3+vwyqukIvPD6S5AzPakFaox/BGE3pntgX
+uRFVUaANF75nTDAppK5+fSqpXvuPnFtqt2eM1pV5jxg
+-> ssh-ed25519 MKIkbg LnUCJtJN8HYfIE8GBif2R2szvZIDO/4AOpxPtTPVazY
+wTFTOUeTnMdZFMjxj4SAEYyuj/qpijHTznUuM8dn2dM
+-> ssh-rsa 5MROTA
+ES0JH6SC/RvPRkJT1NdKfROOxrCScf2IRSLg3lgA2jZSS5t+ELMUeSxE4x1rSM4+
+EclUttRklLwcOFJiQ00496p1qIIna4G317IqQHP6yMQ64+m6Bdq//0D+BbC+JzV9
+OOiTUmkZBoVl4K5eMPNNWfuAm2bF+uJpaCBPFc5dkm52Fls74GEUBff2FCOLA44Q
+7JY54qvjlfo/+bMFMAvhquNFXnvSPpsUHNJYFP8ySnZQgVsRkPhu0sKKXJRh2pJm
+mTciI1adI7Qh877m2itOtlQf82H+gahuqBmymLj6kjl3ZgkpzJSmKlTlr5d/LZ+i
+Ao0fZpPnKqf7Yb2nFGlaomvU6ysu25ZCYhOIQwZISY5NlwpcTQYTJpcAP2CHz1w5
+oqOVxgih4UDUh19lOAa4oS5WQKfCF1F1nYp8J677xGcF0RKc0VLH3fKhztkIKzTP
+xqvxdPu17soyghTm9dsgxnEWKwaXJVHQ2tJnPTF3k2ne218vn7CdLT7WmkhfRNjp
+xddTxFRH6BNRHZkQWSWQMYRIHwJVLg4RKwxk71VKjO+rERU5Xj70To0KMxI9SK2f
+uLYVX10pflrcJ3gUNL4H1gnQbwyS1aRyIIzdQXv/h4Td27Sjb8+XHYk03e1ISPd3
+cFE0hr1gg8x7zc8o0mrnf6wBrdM6CSJP4gCJ++mcdO8
+-> ssh-ed25519 lQC6fQ 1GYTnlCCxB7AA/6cxkiMgtwM54FPipXY441vZ0T4XSs
+mhkUnQYpHiWyUhQaiaS1LsQBxkE4qXZenJ4Jv1l5aNo
+--- /62T5NogcuBRCMQXksgpDDdyMfN5zU822z4O//nhwzk
+cx�s������U��4��^w��WCc�,�D��r
&�
+����Z��rvP�?��C�b
+�J\��L��(��ͬ�
\ No newline at end of file