about summary refs log tree commit diff
path: root/nixos/alpha
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/alpha')
-rw-r--r--nixos/alpha/configuration.nix31
-rw-r--r--nixos/alpha/secrets/secrets.yaml9
2 files changed, 37 insertions, 3 deletions
diff --git a/nixos/alpha/configuration.nix b/nixos/alpha/configuration.nix
index 4136b05..51d9082 100644
--- a/nixos/alpha/configuration.nix
+++ b/nixos/alpha/configuration.nix
@@ -202,6 +202,37 @@
   services.tailscale.useRoutingFeatures = "both";
   programs.trayscale.enable = true;
 
+  # User = networkId;
+  # nameToId = netName: "nebula-${netName}";
+  sops.secrets.nebula-sefidel-internal-ca = { owner = "nebula-sefidel-internal"; };
+  sops.secrets.nebula-sefidel-internal-cert = { owner = "nebula-sefidel-internal"; };
+  sops.secrets.nebula-sefidel-internal-key = { owner = "nebula-sefidel-internal"; };
+
+  services.nebula.networks = {
+    sefidel-internal = {
+      enable = false;
+
+      ca = config.sops.secrets.nebula-sefidel-internal-ca.path;
+      cert = config.sops.secrets.nebula-sefidel-internal-cert.path;
+      key = config.sops.secrets.nebula-sefidel-internal-key.path;
+
+      staticHostMap = {
+        "100.64.0.1" = [ "v-coord1.sefidel.net:4242" ];
+      };
+
+      lighthouses = [ "100.64.0.1" ];
+      relays = [ "100.64.0.1" ];
+
+      firewall.inbound = [
+        {
+          host = "any";
+          port = "any";
+          proto = "any";
+        }
+      ];
+    };
+  };
+
   services.greetd = {
     enable = true;
     vt = 2;
diff --git a/nixos/alpha/secrets/secrets.yaml b/nixos/alpha/secrets/secrets.yaml
index 909fdf8..772e368 100644
--- a/nixos/alpha/secrets/secrets.yaml
+++ b/nixos/alpha/secrets/secrets.yaml
@@ -5,6 +5,9 @@ borg-alpha-rolling-pass: ENC[AES256_GCM,data:SNp7BINlzQ1oCAmdTBk3WThuhTlA/SB9SE5
 mullvad-private-key: ENC[AES256_GCM,data:hBHGnUNY1tvwBHa1v5N8CebeQjcEdkRdBmRZqyythKKKy98OUgZgw2BLXYE=,iv:IgtBvaZbO3TUH/5A5To6RpDU7GSzLWUl7UrbkqrnADY=,tag:tSRc941gP8/gEg8jEn2aEA==,type:str]
 mullvad-ipv4-address: ENC[AES256_GCM,data:RXHq8+IyQjwo2QQF6UKu,iv:GW1FQHv/uamQV92w3P8p9lQPzVPNtA9ZedMd1+XSdAc=,tag:iegNRG6GZf3IiceOSBH9tg==,type:str]
 mullvad-ipv6-address: ENC[AES256_GCM,data:xB0XMhKjqV+X460Cj1EECgZ+aXSRfMDlmQNjJgRGpw==,iv:INfSkMbWroUENpqbzv+5VBAPVinnFLXISuUc+kpmdHA=,tag:L4zaQbnOO9KvZqpfER9Zuw==,type:str]
+nebula-sefidel-internal-ca: ENC[AES256_GCM,data:o2McPLQT0xPdHDpk8LGE1F+G0JohQalFkCLte8SYYU6OGaq0b3x1YtaCf8IFLgSKTTHNZYbeTjEERAntRFXw6vBu3hhT6zaxNF0iyVB//Vtnakfv8RX6Vj6ugtchmPLIjWQMy2iLIvb4M1r+VYpyHhzjOPFfdRSogXDfl3ufEtadZVOU6SBWQIwrniU5wNIbThhncJqrZs034Z2r+JgW2V7cM349w/0yFmH3AS9qc3KXMjVElpl32cRvcejK5zYLX91V3iMZFptXtb0FbvQr753ROO8hPhME6QrUUImikARLnRZx+QGMjdwsaZvehgP4h73LaSZWow5raSg5SyrGMwjHMQ==,iv:J842c715B3EXhyC4LMgx9lCw95zXTFBxcnfqqqTSNPI=,tag:BjXuWFbDimnTEBLVUHVMmw==,type:str]
+nebula-sefidel-internal-cert: ENC[AES256_GCM,data:O8AHC5gzgIM+HyxS4+prE+VAX/1ok7GuTYsGVZ2xYDRsW0r/+3bIZAslRrq4j4KhkstTuUNhwslrsotsfwA7qPtKU/RbDOR2wMF3iIDPC1rJaQpEUnPsjcj72r9n7ZxJE1fascYPXkIYiCQbHTYhPZIEmF0QwNEX2yw2Hi9O83ZnFCCFJhtbcCsGVRv438zZhqSRmrLFPszro6dHgGRKt8gmZ9WGDaS/BobJraA7XdXWHcE2naA519psiD29Nt59eiM66zE0cDT5WfAh5TQ5XUDMPUG7Wg4m5Fc0nCxFy3qz+kNHkqNzjYuJatIM4fSKc72qMNbPG5OTRPyMxwmgUXXHIxe3OoZu9uXubfxR75pFRYhuf5y+1VcN33t3okt+nEaFxzActnTmhlxLm3kpdMgamsFANqAQkywkEA==,iv:RXGqzrq+LmcOswCYHvIzYvPMnuip+yFgotL6f3exXRs=,tag:p1ZwZd3nA4zfidHTG+Svew==,type:str]
+nebula-sefidel-internal-key: ENC[AES256_GCM,data:oj64aSFXFh7DI+Cx9P8sHYHGeOZg0brIQcblQ6fXBDlf7A5U0jvkIeQWxaqLuCX7rIf9lzL+8+sye+Taxsr5LRZTcflsGBo1oik25U0YWXqXKwrt/Yij2wJSoLV3oqDVO+D5pjIIJod5rvNrVsqxG9lhq1Y0B/9EvhhR7SYHfQ==,iv:LRN1Rnjffi3/rJUsmO+ELjAZFgJxk2f0SGxPR1Tz4I8=,tag:FxDEsCGIEUvflpw22MTAQg==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -29,8 +32,8 @@ sops:
             Qkt1Y2RIWmcwMW91VTVxeEVrUDR4MHcKNzDtHEEa8McCXgADwXRNNnwllOB+MZvR
             oDMuo1zZnKT0DzTxumd8DSgHK28PKNFOsWtxdunWF7lm30gZsFxQFQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-09-18T16:30:27Z"
-    mac: ENC[AES256_GCM,data:r5LMXCe7C/3KIcjgWFRyO3QvryiTdheZov+jJ8koJ+vhWolQlW4sqFztYboODLuLFg7I671SbriZfuoAu0gdAGHeg++TkfjB8CDHPQo6hhwM0ZynG3xYrEy0JiwAv237rA4xyTeXoCriOSgEY9nlFwQvj26vDc5Rzm8tcXSKms4=,iv:V4NZujBBlFPc+V99f04/yFeLa/ARCzL36oHARhunEyM=,tag:jWGU+qAfxoZlgh65U223kw==,type:str]
+    lastmodified: "2024-01-11T12:30:50Z"
+    mac: ENC[AES256_GCM,data:5Mblu53ej8W+eyy/RkmnBBD1clND6iDb1BnR2n769IszmTNPmYxb/OmO+wXK5y7QaPWu4Qk07RMThWTxeYiIu4RhwImOQ1PSkIYJ5u1v8Lpa1RxtHNQzoDJKUtIhM2Mmvvga2012Bcu/ofwT5tnLozhHi23VHQqinG6f75s2CJM=,iv:y7l1BwvJQYx8OkRb/s20yC3kN992K0Q4pnwmvkhj0WI=,tag:V5t0a73Wca7R4Hz9CwrS7w==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.7.3
+    version: 3.8.1