diff options
| author | sefidel <contact@sefidel.net> | 2024-01-11 22:28:19 +0900 |
|---|---|---|
| committer | sefidel <contact@sefidel.net> | 2024-01-11 22:28:19 +0900 |
| commit | df3fa386b54a85c30d38d19cb6447dc37349c253 (patch) | |
| tree | b2d372fa1d95f40401888364475a101dd998093e /nixos/alpha | |
| parent | d76a80638ce9a51e12678a3e8ed1288ea3e16d89 (diff) | |
| download | nixrc-df3fa386b54a85c30d38d19cb6447dc37349c253.tar.gz nixrc-df3fa386b54a85c30d38d19cb6447dc37349c253.zip | |
feat(nixos/alpha): configure nebula
Diffstat (limited to 'nixos/alpha')
| -rw-r--r-- | nixos/alpha/configuration.nix | 31 | ||||
| -rw-r--r-- | nixos/alpha/secrets/secrets.yaml | 9 |
2 files changed, 37 insertions, 3 deletions
diff --git a/nixos/alpha/configuration.nix b/nixos/alpha/configuration.nix index 4136b05..51d9082 100644 --- a/nixos/alpha/configuration.nix +++ b/nixos/alpha/configuration.nix @@ -202,6 +202,37 @@ services.tailscale.useRoutingFeatures = "both"; programs.trayscale.enable = true; + # User = networkId; + # nameToId = netName: "nebula-${netName}"; + sops.secrets.nebula-sefidel-internal-ca = { owner = "nebula-sefidel-internal"; }; + sops.secrets.nebula-sefidel-internal-cert = { owner = "nebula-sefidel-internal"; }; + sops.secrets.nebula-sefidel-internal-key = { owner = "nebula-sefidel-internal"; }; + + services.nebula.networks = { + sefidel-internal = { + enable = false; + + ca = config.sops.secrets.nebula-sefidel-internal-ca.path; + cert = config.sops.secrets.nebula-sefidel-internal-cert.path; + key = config.sops.secrets.nebula-sefidel-internal-key.path; + + staticHostMap = { + "100.64.0.1" = [ "v-coord1.sefidel.net:4242" ]; + }; + + lighthouses = [ "100.64.0.1" ]; + relays = [ "100.64.0.1" ]; + + firewall.inbound = [ + { + host = "any"; + port = "any"; + proto = "any"; + } + ]; + }; + }; + services.greetd = { enable = true; vt = 2; diff --git a/nixos/alpha/secrets/secrets.yaml b/nixos/alpha/secrets/secrets.yaml index 909fdf8..772e368 100644 --- a/nixos/alpha/secrets/secrets.yaml +++ b/nixos/alpha/secrets/secrets.yaml @@ -5,6 +5,9 @@ borg-alpha-rolling-pass: ENC[AES256_GCM,data:SNp7BINlzQ1oCAmdTBk3WThuhTlA/SB9SE5 mullvad-private-key: ENC[AES256_GCM,data:hBHGnUNY1tvwBHa1v5N8CebeQjcEdkRdBmRZqyythKKKy98OUgZgw2BLXYE=,iv:IgtBvaZbO3TUH/5A5To6RpDU7GSzLWUl7UrbkqrnADY=,tag:tSRc941gP8/gEg8jEn2aEA==,type:str] mullvad-ipv4-address: ENC[AES256_GCM,data:RXHq8+IyQjwo2QQF6UKu,iv:GW1FQHv/uamQV92w3P8p9lQPzVPNtA9ZedMd1+XSdAc=,tag:iegNRG6GZf3IiceOSBH9tg==,type:str] mullvad-ipv6-address: ENC[AES256_GCM,data:xB0XMhKjqV+X460Cj1EECgZ+aXSRfMDlmQNjJgRGpw==,iv:INfSkMbWroUENpqbzv+5VBAPVinnFLXISuUc+kpmdHA=,tag:L4zaQbnOO9KvZqpfER9Zuw==,type:str] +nebula-sefidel-internal-ca: ENC[AES256_GCM,data:o2McPLQT0xPdHDpk8LGE1F+G0JohQalFkCLte8SYYU6OGaq0b3x1YtaCf8IFLgSKTTHNZYbeTjEERAntRFXw6vBu3hhT6zaxNF0iyVB//Vtnakfv8RX6Vj6ugtchmPLIjWQMy2iLIvb4M1r+VYpyHhzjOPFfdRSogXDfl3ufEtadZVOU6SBWQIwrniU5wNIbThhncJqrZs034Z2r+JgW2V7cM349w/0yFmH3AS9qc3KXMjVElpl32cRvcejK5zYLX91V3iMZFptXtb0FbvQr753ROO8hPhME6QrUUImikARLnRZx+QGMjdwsaZvehgP4h73LaSZWow5raSg5SyrGMwjHMQ==,iv:J842c715B3EXhyC4LMgx9lCw95zXTFBxcnfqqqTSNPI=,tag:BjXuWFbDimnTEBLVUHVMmw==,type:str] +nebula-sefidel-internal-cert: ENC[AES256_GCM,data:O8AHC5gzgIM+HyxS4+prE+VAX/1ok7GuTYsGVZ2xYDRsW0r/+3bIZAslRrq4j4KhkstTuUNhwslrsotsfwA7qPtKU/RbDOR2wMF3iIDPC1rJaQpEUnPsjcj72r9n7ZxJE1fascYPXkIYiCQbHTYhPZIEmF0QwNEX2yw2Hi9O83ZnFCCFJhtbcCsGVRv438zZhqSRmrLFPszro6dHgGRKt8gmZ9WGDaS/BobJraA7XdXWHcE2naA519psiD29Nt59eiM66zE0cDT5WfAh5TQ5XUDMPUG7Wg4m5Fc0nCxFy3qz+kNHkqNzjYuJatIM4fSKc72qMNbPG5OTRPyMxwmgUXXHIxe3OoZu9uXubfxR75pFRYhuf5y+1VcN33t3okt+nEaFxzActnTmhlxLm3kpdMgamsFANqAQkywkEA==,iv:RXGqzrq+LmcOswCYHvIzYvPMnuip+yFgotL6f3exXRs=,tag:p1ZwZd3nA4zfidHTG+Svew==,type:str] +nebula-sefidel-internal-key: ENC[AES256_GCM,data:oj64aSFXFh7DI+Cx9P8sHYHGeOZg0brIQcblQ6fXBDlf7A5U0jvkIeQWxaqLuCX7rIf9lzL+8+sye+Taxsr5LRZTcflsGBo1oik25U0YWXqXKwrt/Yij2wJSoLV3oqDVO+D5pjIIJod5rvNrVsqxG9lhq1Y0B/9EvhhR7SYHfQ==,iv:LRN1Rnjffi3/rJUsmO+ELjAZFgJxk2f0SGxPR1Tz4I8=,tag:FxDEsCGIEUvflpw22MTAQg==,type:str] sops: kms: [] gcp_kms: [] @@ -29,8 +32,8 @@ sops: Qkt1Y2RIWmcwMW91VTVxeEVrUDR4MHcKNzDtHEEa8McCXgADwXRNNnwllOB+MZvR oDMuo1zZnKT0DzTxumd8DSgHK28PKNFOsWtxdunWF7lm30gZsFxQFQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-09-18T16:30:27Z" - mac: ENC[AES256_GCM,data:r5LMXCe7C/3KIcjgWFRyO3QvryiTdheZov+jJ8koJ+vhWolQlW4sqFztYboODLuLFg7I671SbriZfuoAu0gdAGHeg++TkfjB8CDHPQo6hhwM0ZynG3xYrEy0JiwAv237rA4xyTeXoCriOSgEY9nlFwQvj26vDc5Rzm8tcXSKms4=,iv:V4NZujBBlFPc+V99f04/yFeLa/ARCzL36oHARhunEyM=,tag:jWGU+qAfxoZlgh65U223kw==,type:str] + lastmodified: "2024-01-11T12:30:50Z" + mac: ENC[AES256_GCM,data:5Mblu53ej8W+eyy/RkmnBBD1clND6iDb1BnR2n769IszmTNPmYxb/OmO+wXK5y7QaPWu4Qk07RMThWTxeYiIu4RhwImOQ1PSkIYJ5u1v8Lpa1RxtHNQzoDJKUtIhM2Mmvvga2012Bcu/ofwT5tnLozhHi23VHQqinG6f75s2CJM=,iv:y7l1BwvJQYx8OkRb/s20yC3kN992K0Q4pnwmvkhj0WI=,tag:V5t0a73Wca7R4Hz9CwrS7w==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.1 |