2configs: clanCore -> clan.core
This commit is contained in:
parent
785a51ad63
commit
0767f51cda
2configs
backup
secrets
sync
tinc
wireguard
|
@ -1,8 +1,8 @@
|
|||
{ config, ... }:
|
||||
# back up all state
|
||||
let
|
||||
sshkey = config.sops.secrets."${config.clanCore.machineName}-borg.priv".path;
|
||||
phrase = config.sops.secrets."${config.clanCore.machineName}-borg.pw".path;
|
||||
sshkey = config.sops.secrets."${config.clan.core.machineName}-borg.priv".path;
|
||||
phrase = config.sops.secrets."${config.clan.core.machineName}-borg.pw".path;
|
||||
in
|
||||
{
|
||||
services.borgbackup.jobs.state = {
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ config, ... }: {
|
||||
|
||||
services.openssh.hostKeys = [
|
||||
{ bits = 4096; path = config.sops.secrets."${config.clanCore.machineName}-ssh_host_rsa_key".path; type = "rsa"; }
|
||||
{ path = config.sops.secrets."${config.clanCore.machineName}-ssh_host_ed25519_key".path; type = "ed25519"; } ];
|
||||
{ bits = 4096; path = config.sops.secrets."${config.clan.core.machineName}-ssh_host_rsa_key".path; type = "rsa"; }
|
||||
{ path = config.sops.secrets."${config.clan.core.machineName}-ssh_host_ed25519_key".path; type = "ed25519"; } ];
|
||||
}
|
||||
|
|
|
@ -20,8 +20,8 @@ in {
|
|||
x.id = "ETMOWBT-XOYB7LJ-J4OKD7U-WHBEAP5-MPAHKXM-O4GGRKM-WERF7R4-MRS7EAU"; # override config for x
|
||||
omo.id = "Y5OTK3S-JOJLAUU-KTBXKUW-M7S5UEQ-MMQPUK2-7CXO5V6-NOUDLKP-PRGAFAK";
|
||||
};
|
||||
key = config.sops.secrets."${config.clanCore.machineName}-syncthing.key".path;
|
||||
cert = config.sops.secrets."${config.clanCore.machineName}-syncthing.cert".path;
|
||||
key = config.sops.secrets."${config.clan.core.machineName}-syncthing.key".path;
|
||||
cert = config.sops.secrets."${config.clan.core.machineName}-syncthing.cert".path;
|
||||
};
|
||||
};
|
||||
boot.kernel.sysctl."fs.inotify.max_user_watches" = 524288;
|
||||
|
|
|
@ -12,8 +12,8 @@
|
|||
LocalDiscovery = no
|
||||
''}
|
||||
'';
|
||||
privkey = config.sops.secrets."${config.clanCore.machineName}-retiolum.rsa_key.priv".path;
|
||||
privkey_ed25519 = config.sops.secrets."${config.clanCore.machineName}-retiolum.ed25519_key.priv".path;
|
||||
privkey = config.sops.secrets."${config.clan.core.machineName}-retiolum.rsa_key.priv".path;
|
||||
privkey_ed25519 = config.sops.secrets."${config.clan.core.machineName}-retiolum.ed25519_key.priv".path;
|
||||
};
|
||||
environment.systemPackages = [ pkgs.tinc ];
|
||||
networking.firewall.allowedTCPPorts = [ config.krebs.build.host.nets.retiolum.tinc.port ];
|
||||
|
|
|
@ -22,7 +22,7 @@ in { # wireguard server
|
|||
networking.wireguard.interfaces.wg0 = {
|
||||
ips = [ "10.244.0.1/24" ];
|
||||
listenPort = 51820;
|
||||
privateKeyFile = config.sops.secrets."${config.clanCore.machineName}-wireguard.key".path;
|
||||
privateKeyFile = config.sops.secrets."${config.clan.core.machineName}-wireguard.key".path;
|
||||
# allowedIPsAsRoutes = true;
|
||||
postSetup = ''
|
||||
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE
|
||||
|
|
|
@ -25,7 +25,7 @@ in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) {
|
|||
(optional (!isNull self.ip4) self.ip4.addr) ++
|
||||
(optional (!isNull self.ip6) self.ip6.addr);
|
||||
listenPort = self.wireguard.port;
|
||||
privateKeyFile = config.sops.secrets."${config.clanCore.machineName}-wiregrill.key".path;
|
||||
privateKeyFile = config.sops.secrets."${config.clan.core.machineName}-wiregrill.key".path;
|
||||
allowedIPsAsRoutes = true;
|
||||
peers = let
|
||||
host = config.krebs.hosts.gum;
|
||||
|
|
|
@ -85,7 +85,7 @@ in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) {
|
|||
(optional (!isNull self.ip4) self.ip4.addr) ++
|
||||
(optional (!isNull self.ip6) self.ip6.addr);
|
||||
listenPort = self.wireguard.port;
|
||||
privateKeyFile = config.sops.secrets."${config.clanCore.machineName}-wiregrill.key".path;
|
||||
privateKeyFile = config.sops.secrets."${config.clan.core.machineName}-wiregrill.key".path;
|
||||
allowedIPsAsRoutes = true;
|
||||
peers = mapAttrsToList
|
||||
(_: host: {
|
||||
|
|
Loading…
Reference in a new issue