diff options
| author | sefidel <contact@sefidel.net> | 2024-01-11 22:28:49 +0900 |
|---|---|---|
| committer | sefidel <contact@sefidel.net> | 2024-01-11 22:28:49 +0900 |
| commit | b1adb7c9fea00b6b3ad524268d64019e60e4ddd7 (patch) | |
| tree | ff2db85d790b0c2056291e1b8be75b302dfc2934 /nixos/haruka | |
| parent | df3fa386b54a85c30d38d19cb6447dc37349c253 (diff) | |
| download | nixrc-b1adb7c9fea00b6b3ad524268d64019e60e4ddd7.tar.gz nixrc-b1adb7c9fea00b6b3ad524268d64019e60e4ddd7.zip | |
feat(nixos/haruka): configure nebula
Diffstat (limited to 'nixos/haruka')
| -rw-r--r-- | nixos/haruka/configuration.nix | 31 | ||||
| -rw-r--r-- | nixos/haruka/secrets/secrets.yaml | 9 |
2 files changed, 37 insertions, 3 deletions
diff --git a/nixos/haruka/configuration.nix b/nixos/haruka/configuration.nix index f0a8f3d..320aa4c 100644 --- a/nixos/haruka/configuration.nix +++ b/nixos/haruka/configuration.nix @@ -224,6 +224,37 @@ services.tailscale.useRoutingFeatures = "both"; programs.trayscale.enable = true; + # User = networkId; + # nameToId = netName: "nebula-${netName}"; + sops.secrets.nebula-sefidel-internal-ca = { owner = "nebula-sefidel-internal"; }; + sops.secrets.nebula-sefidel-internal-cert = { owner = "nebula-sefidel-internal"; }; + sops.secrets.nebula-sefidel-internal-key = { owner = "nebula-sefidel-internal"; }; + + services.nebula.networks = { + sefidel-internal = { + enable = false; + + ca = config.sops.secrets.nebula-sefidel-internal-ca.path; + cert = config.sops.secrets.nebula-sefidel-internal-cert.path; + key = config.sops.secrets.nebula-sefidel-internal-key.path; + + staticHostMap = { + "100.64.0.1" = [ "v-coord1.sefidel.net:4242" ]; + }; + + lighthouses = [ "100.64.0.1" ]; + relays = [ "100.64.0.1" ]; + + firewall.inbound = [ + { + host = "any"; + port = "any"; + proto = "any"; + } + ]; + }; + }; + services.greetd = { enable = true; vt = 2; diff --git a/nixos/haruka/secrets/secrets.yaml b/nixos/haruka/secrets/secrets.yaml index b81f1d7..c941a9a 100644 --- a/nixos/haruka/secrets/secrets.yaml +++ b/nixos/haruka/secrets/secrets.yaml @@ -5,6 +5,9 @@ borg-haruka-rolling-pass: ENC[AES256_GCM,data:JqmKd5VvdCq8Y6ks8bspQ2YC4X1gihTpeE mullvad-private-key: ENC[AES256_GCM,data:harFVTtaFphs+E+sJDYWCPz8oEx3B3RJhW9Z0Hv5G4aF+nWDGpqmFu/D1aU=,iv:V3cyHJeEHEtSU97LFraoMLpXMDtRlvdJnPXM1BZxgSI=,tag:1qDFAy0SKwkxnmeXuqOCdQ==,type:str] mullvad-ipv4-address: ENC[AES256_GCM,data:LMFI5esMdlk/ewV/hqAY,iv:W9u6mt719qssq6nSk8rmF+G4ZrIOAk4G+X7yIkoEKa0=,tag:q7F2JpTaq+45zqwct+71UQ==,type:str] mullvad-ipv6-address: ENC[AES256_GCM,data:CzUUSc7Fwn3FNClDrAhCFOx0QnZwPGUlaJkMmKUu0w==,iv:79nyIIvuFV7bmg1e0KT+of1ZcYlcSYyy1cQL2DVqDds=,tag:Rb5CMIVnept5CHTZ6rDh3A==,type:str] +nebula-sefidel-internal-ca: ENC[AES256_GCM,data:vEY+CFx1tFJME35RZcLdXesUgPafM2SGtWjw6VRr0aTnlxmj5SrxfSWoeZ1DEiQLfgfCPU/3mTZLbCPWWXEnAVQa1bnPvnsLtTbJ6y1hrmMSE6ct7b9YeG6XDpYZapPPbFeOLX8GGEU8GAsJ/7qQsadO/PTuL7dIrX8WVS1KB+BsNUOprnTZLSmM1sO7GSY6SUhMt0IhDQQgBlniwlwHRZbwAZIO+0dbXbccGBa18NkQPdllTBHpqYfNocEobhvsTLRe6j/7fTXC/KWpnxiowTD4p0okrLPjac6gIZNxxhe1/ClX0HFr1sSNiotNVidqiSvNeYEJNbipyhXR7fdemcZmpA==,iv:pf2AL09HYQTgX+M8VV30Y6Vqf6tkw3H6rk8ZRF+Roi0=,tag:kfw1A4gZrBGbB61Ht/C7cA==,type:str] +nebula-sefidel-internal-cert: ENC[AES256_GCM,data:TdkjhHPFmmFEeavoKZFKfhmJ3U2yOq4h3leS8AhglSydytn/3u7dBqw0+6lliTN+niOYJ462iSjXvTN2VOv3gqx+gbO8Ja6KfafU9tRwd++ErcS3hFmrDhpfHhsDOSSiZcKVBG3e51kLxx/dTlm/b4A5cFGO7dhtCPCai0EIjAIfIaTbsFLELWwyxxpmy6BzkY+pfzhjo7+PRSsgd2miIgaFnqbJ/EkNhw9B2mO6int53KMThB1/8BSNgUUlnZQE127CXBd4OpUFjblX3KcZcajMC3L8/8DGDZw6DqTvMNGvN7lC72Oo+QT7/kHOfh0uyFKPYwb059UAKsgh/6vEtwEmAC7448AGx46rbxRBnSzayRtfjlReWVIG/irYFmJDqAshXAMyaSk0MRHVBy7941vPIEd0zpBDCpQPUw==,iv:72XeM/bn3YlvacZ7abWj+7lvroHDFHbleXj3hl/EbEg=,tag:dWyzelBmu/ou37DQmUZypQ==,type:str] +nebula-sefidel-internal-key: ENC[AES256_GCM,data:IMYpZn621PKRl2Ic6WC7b614xlgNYRwBJuUJLJR/NUIK8gKi9+2aMj+yfEZ27YoOIZnBMZex3dlG5lUT9WRVmdHnGcKoF52AEopqGo0V47L/M59SjKftTvhhsaZsBUaVAa2aSx5ebqI4FjzZ24qDlHKOvVgm2qhGeGvoh2OkzQ==,iv:AztkzAIzIuMNJAHdMhtcs7eyG3EqNuL/RO5V3dZMmL0=,tag:YIEF82dFm6EOcWdAjNGuog==,type:str] sops: kms: [] gcp_kms: [] @@ -29,8 +32,8 @@ sops: NEt0ZUdHekFsc1ZPY0NkdkFmSXBicTgKWd6zebmSjrwokehdz3L5x61XNf3Mn1g/ II/uRkYH7UXuw7Hji/Maa4JsWmdWtNhqMQPvd0WBGZQpbeWwqwBuFA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-09-18T16:32:00Z" - mac: ENC[AES256_GCM,data:i3U9LGLccJWb6zWvJYvhZtb4w4F4Md+qCFD8bcPC4A4tFnq1PbyOb0TA+28BSdkcD5KRVHaZ/Jqv1ajCteYfcFCDKjaqfqYQfPKyI+1TVOUJq+doF9XLDgMfphslxiDJCNHhg36IGqpuIrfx9UplGf86Tv8a6+AOJrCD74JxYfY=,iv:D+gstgtb1Wc43VvWGFm2rcsE2q/gj/XSmAlTqLa8nBU=,tag:/W6yjkA9Dftaqj5p5IXAYQ==,type:str] + lastmodified: "2024-01-11T13:27:47Z" + mac: ENC[AES256_GCM,data:R2Kun7HeFDwr58uTJeYo2nH7sOF+rgkzgw6crmjmIxhZwwz9sB5B4MznfKofmqgHKovoBHBF0cLPxoEvFEuC+ZeA3E4j7spJHAlRLoJcISHdpFMIQP4SjEXmfqfwrfN2GfTtr6w/xQRcEUTBmMI7MRuKe6sYUksJqP1NtfRaT+k=,iv:XeHO6kqodGXYK5V8ifaWlpwZWmh86ued94ZAiPHK8iw=,tag:RvHRym6NgRu+j29/way3Eg==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.1 |