From 31a5b8c76b537a8c5846077c4885b3424d7a855a Mon Sep 17 00:00:00 2001 From: Linnnus Date: Tue, 13 May 2025 14:42:19 +0200 Subject: Move wireguard keys to secrets/wireguard-keys --- hosts/ahmed/wireguard-vpn/default.nix | 4 ++-- metadata.toml | 3 +++ secrets/secrets.nix | 3 ++- secrets/wireguard-keys/ahmed.age | Bin 0 -> 1189 bytes secrets/wireguard-keys/muhammed.age | 33 +++++++++++++++++++++++++++++++++ secrets/wireguard-vpn-key.age | Bin 1189 -> 0 bytes 6 files changed, 40 insertions(+), 3 deletions(-) create mode 100644 secrets/wireguard-keys/ahmed.age create mode 100644 secrets/wireguard-keys/muhammed.age delete mode 100644 secrets/wireguard-vpn-key.age diff --git a/hosts/ahmed/wireguard-vpn/default.nix b/hosts/ahmed/wireguard-vpn/default.nix index e419b31..bf70a12 100644 --- a/hosts/ahmed/wireguard-vpn/default.nix +++ b/hosts/ahmed/wireguard-vpn/default.nix @@ -28,7 +28,7 @@ in { peers = [ { # Muhammed - publicKey = "l0HoOpGEkyxG3dTsJ3+zNItD6bQEkzymGvcsMLFOdmA="; + publicKey = metadata.hosts.muhammed.wireguard.pubkey; allowedIPs = ["10.100.0.2/32"]; } ]; @@ -39,7 +39,7 @@ in { networking.firewall.allowedUDPPorts = [metadata.hosts.ahmed.wireguard.port]; # Get the private keys. - age.secrets.wireguard-vpn-key.file = ../../../secrets/wireguard-vpn-key.age; + age.secrets.wireguard-vpn-key.file = ../../../secrets/wireguard-keys/ahmed.age; # Forward packets from wireguard onto the LAN while also doing address translation. networking.nat = { diff --git a/metadata.toml b/metadata.toml index ce62ec5..c19654a 100644 --- a/metadata.toml +++ b/metadata.toml @@ -20,6 +20,9 @@ ipv4Address = "192.168.68.111" [hosts.muhammed.sshKeys] linus = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDcmUCfFA/arYpT0zBWoOXcyxN5bgk5cMrWgTIol5RsHB82VzoS+LG3IV4IwBz4QALaCj5DlhfbasGKMkFRgFvLerEtBleIb58RtOXIOf6TIUaqpyHB3h2CjdwrbmyjjWEl9W2BTpadrR5uPr0HoeED8dCFYE5cPjrSELtrYxEW0o1DBJw8bXfpgyYB21loBzrcOhRsrPSaS0gYHZLGY7Av7FGfncVZDLNYL0/pZ/t0UWD6JF+6FgOdGWAuuwSt5WR9DVxGilVG5aFktDB14fNPEBIVf7tkT4/McAihR/u344yaiUWA4bV7w039Ubhn9NdnoBSvGrP6jTy/zDgq5ywFj8aqcdlahxtELNWgxYYrI8HZzvITKo1FU7BOcUN1vNS4npOvyWBl7s3jFCO+R2E/BoyjfsjYTylacpepf26D87U32jNsh39OKdHxRF3/qmMGYa1L7N4M0iT9WFEMCcKB/MMAcHgE25vWPQaY1orU8X8NZPhxjfIVcw1rqcjwCryNwb1ZOMTIEc9kbGiP99MhE7ZA0yvHZfMezeymSwg1kN+iJDTp24gSsFtYuz5vm9lRu/PzfU9lNlp2KHdaLISUouSCCHPgF7zZSWtXa1B920zrAg2Fco8/Iymh+Fa0UNnrbnfyQTgLeNT12SLD4Y5gHimUsuq8tFkxjR6WffmrRw== linus@muhammed" +[hosts.muhammed.wireguard] +pubkey = "l0HoOpGEkyxG3dTsJ3+zNItD6bQEkzymGvcsMLFOdmA=" + [hosts.ali] network = "rumpenettet" ipv4Address = "192.168.68.173" diff --git a/secrets/secrets.nix b/secrets/secrets.nix index f66a2fb..dc5fb58 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -24,5 +24,6 @@ in { "mullvad-wg.key.age".publicKeys = [decodingKeys.muhammed] ++ interactiveKeys; "wraaath-sftp-password.txt.age".publicKeys = [decodingKeys.muhammed] ++ interactiveKeys; "linus.onl-github-secret.txt.age".publicKeys = [decodingKeys.muhammed] ++ interactiveKeys; - "wireguard-vpn-key.age".publicKeys = [decodingKeys.ahmed] ++ interactiveKeys; + "wireguard-keys/ahmed.age".publicKeys = [decodingKeys.ahmed] ++ interactiveKeys; + "wireguard-keys/muhammed.age".publicKeys = [decodingKeys.muhammed] ++ interactiveKeys; } diff --git a/secrets/wireguard-keys/ahmed.age b/secrets/wireguard-keys/ahmed.age new file mode 100644 index 0000000..9b8b231 Binary files /dev/null and b/secrets/wireguard-keys/ahmed.age differ diff --git a/secrets/wireguard-keys/muhammed.age b/secrets/wireguard-keys/muhammed.age new file mode 100644 index 0000000..6f5d218 --- /dev/null +++ b/secrets/wireguard-keys/muhammed.age @@ -0,0 +1,33 @@ +age-encryption.org/v1 +-> ssh-rsa 5MROTA +xV3MfmTIbt54HITCnuDx6En6lPa/kPSel2QdnGmPVodtz5w96hgsHRngHdofrVnr +ns693kPMBuWI1njpiCxZrW/p56wZzQodrZty2HiVJmTT/g8aSKl4lj1QIvve5DhT +14OTZ37X1ZbmXYYPVsHcjCGdvGRa8sJo0XRzmvVoXYwFL2vOkk396GgZZEmTZAv6 +omm7/KH7k7N5rSi4kKeqBdjCHzXJjPQtq9nOceo4hligDiMywkOaayBDDU46TtT5 +zwOOtJaabLYD2mg4R/0zc1mBrs2vYUs9qd4Prdd4LkqTQuuw+zG6MAnvxyBJR+Sh +S457Or/c2ZzGpddoYpGiUuzhzME77M9rmnLIfp+SV/685NNU4n5KnfIXaoCh8SRr +IGEq5qlfjA9w/onLFoeUIwn2SOUZT6cDPOvTXIXqFwRZPISi02/P8iMW7bvjiB1N +ucpWQM9G+n1dC31zPYmyKdbOHCSyXtif+wKOhqi0U4ucBL625/1RH5Hmad0kT3dX +9UaZXOZQ/jGV5h+gzhqrbz0TlBgsUNu1AhzxraksOAtdTGbkxG1+H0D05Or/t9+s +vRNXoY6iNTPxDwBArkjlS62OJ5APzB3+vwyqukIvPD6S5AzPakFaox/BGE3pntgX +uRFVUaANF75nTDAppK5+fSqpXvuPnFtqt2eM1pV5jxg +-> ssh-ed25519 MKIkbg LnUCJtJN8HYfIE8GBif2R2szvZIDO/4AOpxPtTPVazY +wTFTOUeTnMdZFMjxj4SAEYyuj/qpijHTznUuM8dn2dM +-> ssh-rsa 5MROTA +ES0JH6SC/RvPRkJT1NdKfROOxrCScf2IRSLg3lgA2jZSS5t+ELMUeSxE4x1rSM4+ +EclUttRklLwcOFJiQ00496p1qIIna4G317IqQHP6yMQ64+m6Bdq//0D+BbC+JzV9 +OOiTUmkZBoVl4K5eMPNNWfuAm2bF+uJpaCBPFc5dkm52Fls74GEUBff2FCOLA44Q +7JY54qvjlfo/+bMFMAvhquNFXnvSPpsUHNJYFP8ySnZQgVsRkPhu0sKKXJRh2pJm +mTciI1adI7Qh877m2itOtlQf82H+gahuqBmymLj6kjl3ZgkpzJSmKlTlr5d/LZ+i +Ao0fZpPnKqf7Yb2nFGlaomvU6ysu25ZCYhOIQwZISY5NlwpcTQYTJpcAP2CHz1w5 +oqOVxgih4UDUh19lOAa4oS5WQKfCF1F1nYp8J677xGcF0RKc0VLH3fKhztkIKzTP +xqvxdPu17soyghTm9dsgxnEWKwaXJVHQ2tJnPTF3k2ne218vn7CdLT7WmkhfRNjp +xddTxFRH6BNRHZkQWSWQMYRIHwJVLg4RKwxk71VKjO+rERU5Xj70To0KMxI9SK2f +uLYVX10pflrcJ3gUNL4H1gnQbwyS1aRyIIzdQXv/h4Td27Sjb8+XHYk03e1ISPd3 +cFE0hr1gg8x7zc8o0mrnf6wBrdM6CSJP4gCJ++mcdO8 +-> ssh-ed25519 lQC6fQ 1GYTnlCCxB7AA/6cxkiMgtwM54FPipXY441vZ0T4XSs +mhkUnQYpHiWyUhQaiaS1LsQBxkE4qXZenJ4Jv1l5aNo +--- /62T5NogcuBRCMQXksgpDDdyMfN5zU822z4O//nhwzk +cxsU 4^wWCc,Dr& +ZrvP?Cb +J\L(ͬ \ No newline at end of file diff --git a/secrets/wireguard-vpn-key.age b/secrets/wireguard-vpn-key.age deleted file mode 100644 index 9b8b231..0000000 Binary files a/secrets/wireguard-vpn-key.age and /dev/null differ -- cgit v1.2.3