monolith: add wopus nebula vpn
This commit is contained in:
parent
67b82351a6
commit
b8e05ad8a2
3 changed files with 59 additions and 3 deletions
|
|
@ -25,6 +25,7 @@ in
|
||||||
./partition.nix
|
./partition.nix
|
||||||
./amdgpu.nix
|
./amdgpu.nix
|
||||||
./factorio-server.nix
|
./factorio-server.nix
|
||||||
|
./nebula-vpn.nix
|
||||||
];
|
];
|
||||||
boot.initrd.availableKernelModules = [
|
boot.initrd.availableKernelModules = [
|
||||||
"nvme"
|
"nvme"
|
||||||
|
|
|
||||||
51
hosts/monolith/nebula-vpn.nix
Normal file
51
hosts/monolith/nebula-vpn.nix
Normal file
|
|
@ -0,0 +1,51 @@
|
||||||
|
{ pkgs, config, ... }:
|
||||||
|
let
|
||||||
|
s = config.sops.secrets;
|
||||||
|
|
||||||
|
secretConfig = {
|
||||||
|
owner = "nebula-wopus";
|
||||||
|
group = "nebula-wopus";
|
||||||
|
restartUnits = [ "nebula@wopus.service" ];
|
||||||
|
sopsFile = ../../secrets/monolith/default.yaml;
|
||||||
|
};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
environment.systemPackages = with pkgs; [ nebula ];
|
||||||
|
|
||||||
|
services.nebula.networks.wopus = {
|
||||||
|
enable = true;
|
||||||
|
isLighthouse = false;
|
||||||
|
lighthouses = [ "192.168.88.1" ];
|
||||||
|
settings = {
|
||||||
|
cipher = "aes";
|
||||||
|
};
|
||||||
|
cert = s."nebula-wopus-vpn/monolith-crt".path;
|
||||||
|
key = s."nebula-wopus-vpn/monolith-key".path;
|
||||||
|
ca = s."nebula-wopus-vpn/ca-crt".path;
|
||||||
|
staticHostMap = {
|
||||||
|
"192.168.88.1" = [
|
||||||
|
"neubla-vpn.wopus.dev:4242"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
firewall.outbound = [
|
||||||
|
{
|
||||||
|
host = "any";
|
||||||
|
port = "any";
|
||||||
|
proto = "any";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
firewall.inbound = [
|
||||||
|
{
|
||||||
|
host = "any";
|
||||||
|
port = "any";
|
||||||
|
proto = "any";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
sops.secrets = {
|
||||||
|
"nebula-wopus-vpn/ca-crt" = secretConfig;
|
||||||
|
"nebula-wopus-vpn/monolith-crt" = secretConfig;
|
||||||
|
"nebula-wopus-vpn/monolith-key" = secretConfig;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
@ -7,6 +7,10 @@ gitlab-runners:
|
||||||
wopus-gitlab-nix: ENC[AES256_GCM,data:asE7J0d58x9VfQFWc07f5T4s5NZ+/VqMQo66EX93J0LbJ4iI5YjvrrIE4pSI1e4Nz/SRQhltaJ0DfSH0+qgjD4wnAONPRi3UlFbSdGWS2bwwRtWe+Nci2krrUFxV2i/ZVE3CwCkNe4mqtII=,iv:gKrD/LhzI+jnDnX6CdxoHfjpiRdrsuRYJF9rTc8SffM=,tag:TczDGSU3gdKmERjBJ7tP/A==,type:str]
|
wopus-gitlab-nix: ENC[AES256_GCM,data:asE7J0d58x9VfQFWc07f5T4s5NZ+/VqMQo66EX93J0LbJ4iI5YjvrrIE4pSI1e4Nz/SRQhltaJ0DfSH0+qgjD4wnAONPRi3UlFbSdGWS2bwwRtWe+Nci2krrUFxV2i/ZVE3CwCkNe4mqtII=,iv:gKrD/LhzI+jnDnX6CdxoHfjpiRdrsuRYJF9rTc8SffM=,tag:TczDGSU3gdKmERjBJ7tP/A==,type:str]
|
||||||
wopus-ssh-nix-cache-pk: ENC[AES256_GCM,data:MtYDK6P7nwBzr6p+lRX/dkosBfeDUAj/slf/a5SgVXNIbQlkEk7gvfW5iL+C2HgMwowqWx4F+3q2W+kGweqEYzEYAoZ9pR08a7Jci3Szyy49hkamxJXF+Qwhb5VQKxDppESne7DARCF0iYeUjgeXxCYyuWlGpisnkN3HCWrIYCqbk0LS+yqgkNhDxtxMaThGYztfPnLMEV/P5vuge9sRKu3Xi3iX2uDKtx4FTBsX30Lmd8kngOVnP/GaEHDa5ECO+/yW6ZRg3fIaqJ4RV+Vz79ovFUuZV/VE8eY3JOdK5tKIBWb31YUOjP7ccBes7mMhFLO3ceNeh+a6KAJbQ4pCojJwf/cLz663FKr5f/uWDicOBbL64l3+zV5zvSDzFls0ImXMNL6Fe3SaKP7ZcC5rVrRD8P+UN/OSFmbN5LM7uYY8nNsLxTH7MYsRHgTBUmTsFEhLGJIUjtf6J3/NWIlxjBq1MmpgxN0bD6gwVAxDPP489v918tsZtKdG8SJhLUPE4LWKsU7LHpgUBroKlbGE,iv:1jnF2TTlyTR59xM8Bgaz6bubDOwFexHBJipNVa0VPXY=,tag:VsDb6C6wYa9p4Yey3iG4eA==,type:str]
|
wopus-ssh-nix-cache-pk: ENC[AES256_GCM,data:MtYDK6P7nwBzr6p+lRX/dkosBfeDUAj/slf/a5SgVXNIbQlkEk7gvfW5iL+C2HgMwowqWx4F+3q2W+kGweqEYzEYAoZ9pR08a7Jci3Szyy49hkamxJXF+Qwhb5VQKxDppESne7DARCF0iYeUjgeXxCYyuWlGpisnkN3HCWrIYCqbk0LS+yqgkNhDxtxMaThGYztfPnLMEV/P5vuge9sRKu3Xi3iX2uDKtx4FTBsX30Lmd8kngOVnP/GaEHDa5ECO+/yW6ZRg3fIaqJ4RV+Vz79ovFUuZV/VE8eY3JOdK5tKIBWb31YUOjP7ccBes7mMhFLO3ceNeh+a6KAJbQ4pCojJwf/cLz663FKr5f/uWDicOBbL64l3+zV5zvSDzFls0ImXMNL6Fe3SaKP7ZcC5rVrRD8P+UN/OSFmbN5LM7uYY8nNsLxTH7MYsRHgTBUmTsFEhLGJIUjtf6J3/NWIlxjBq1MmpgxN0bD6gwVAxDPP489v918tsZtKdG8SJhLUPE4LWKsU7LHpgUBroKlbGE,iv:1jnF2TTlyTR59xM8Bgaz6bubDOwFexHBJipNVa0VPXY=,tag:VsDb6C6wYa9p4Yey3iG4eA==,type:str]
|
||||||
wopus-ssh-nix-cache-pub: ENC[AES256_GCM,data:F+QHv9wwgyQYobKwyG13tS2OKCZuBPKLe7RLkhxsqYmVEtkCnli9jG+unMp7MC5L0i3puNqfoXP2IC6g4ESHq1yE0ksUpUCHzps4oMZBQK9b5JcqXQs+c//hskTQ/sFmTfGPpdnQ7wAifnQf5Mx2E4RwiRznMgJGQ3RDDjg9xfWUyvw6PlslZH65aGrq3P/iURvj,iv:u34+rXKLcZjBlVJmdbf60I82Fb621lUjOBmR4CTJWGk=,tag:ToPtBIz3bgzAUKc6hh4Oxg==,type:str]
|
wopus-ssh-nix-cache-pub: ENC[AES256_GCM,data:F+QHv9wwgyQYobKwyG13tS2OKCZuBPKLe7RLkhxsqYmVEtkCnli9jG+unMp7MC5L0i3puNqfoXP2IC6g4ESHq1yE0ksUpUCHzps4oMZBQK9b5JcqXQs+c//hskTQ/sFmTfGPpdnQ7wAifnQf5Mx2E4RwiRznMgJGQ3RDDjg9xfWUyvw6PlslZH65aGrq3P/iURvj,iv:u34+rXKLcZjBlVJmdbf60I82Fb621lUjOBmR4CTJWGk=,tag:ToPtBIz3bgzAUKc6hh4Oxg==,type:str]
|
||||||
|
nebula-wopus-vpn:
|
||||||
|
ca-crt: ENC[AES256_GCM,data:sFc9SxfCVaDYxbJqzEK6pRsVoJSFbD1qs/oVKLXXJPrR2y5jVM/ESk/xwaemwEBDPn2VOxLqD62lPF8jP665w/rutskKJ4pMji+Ev2zeryaxDmEwSOL8EbEQtlNxkZZEX3dwVNxykbK5A3bIrcI6vHaOTFeMht6IanO6CdeQOS0KoyYW0fHbW0Dc/YytBMjVWCPQk2VeWCl7X4JBsjj8aVQ8qgupsI16tJmETetO3lHAaYt6dk0Fp51XVaKSuaYGBhnoADXEKA3cIQoPUOaJ1Q0CmdfYk5XWEr0q0OcqjeAn8OERGufHr227tJgYx8A=,iv:G5iq5qeX9NlkOdmj9K0GRQ/6lAU0cBNEO2hQe9kyirY=,tag:b3sW5hs0pkIqqm2j81BIIA==,type:str]
|
||||||
|
monolith-crt: ENC[AES256_GCM,data:+0YbGYreXYR2+cu0NwXUuAnfIEUBGXm5J6nUTx2/z25gDTOVx9eI7USX6cQT/3NOt9S8odHcHeWQXChgWU9Xf+avdXmNO9vQGf8bZCybDQltPF+Gb2zRiFWiAy7raQaZc74SMbGCzABdfQBnEnqs+s/y0+ovilzOmcopnu551QEyjojuMLVcpUsvrEoQBx+dLYBjx22xob0wNUmXgBFxLRuDvYHGdehZ4jg8Ihf9kpDyjtjpfa8mF1kmdKZvPI5Y9z4ZOvA8266H+jFSqfx41nIuYcIwi8naKkoRue4kRCv71IXyK5DJNEweZPXD5sCdd005sxGgBnpSJCpSfr7TsCy5FxDcf9ISi3yrXLttcnOt2u1b3FFKNQiwlo5s2PQB2AB2Zf3nvKPqICmcXtGN3w==,iv:Q6izpQw3SymKNjnjO4x3pzqGJo5SxYZkVYdXcHQBi0A=,tag:9tlMYrN+/mMNYifw1F3yZQ==,type:str]
|
||||||
|
monolith-key: ENC[AES256_GCM,data:Y8KVQk66dewyeRIF+6HJeufD9EYO55m73LxrtZi4KQU0RbUpsV0eiRMX62rYtw6+uP87f5Tx6kC3fX4+mqNb2ZgDtVvm3/Qnz5Ly112c/h33krNqRpv6pEHRkrS9j01tLkJnxwiyIvq3b03GTAIoCKWgqaaagCXYHArgzRrDIw==,iv:lp3zuD8XWaiJvyxzXHrgpF4qbrCv/uf9l9qyWXVrkkM=,tag:eSlTCa2TrIuga7UUxoloBQ==,type:str]
|
||||||
sops:
|
sops:
|
||||||
age:
|
age:
|
||||||
- recipient: age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h
|
- recipient: age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h
|
||||||
|
|
@ -27,8 +31,8 @@ sops:
|
||||||
aFVxcDFhaGdYekRWRVFIWnRsZndtZFkKgsvxOFHOcO306Z9FkucA1fDOpZA8N1/h
|
aFVxcDFhaGdYekRWRVFIWnRsZndtZFkKgsvxOFHOcO306Z9FkucA1fDOpZA8N1/h
|
||||||
jYmIgcKTFgWoSCvux67lK30jFsYp7sm5z6WxxDYsGcoQ/+pxoUX2jQ==
|
jYmIgcKTFgWoSCvux67lK30jFsYp7sm5z6WxxDYsGcoQ/+pxoUX2jQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2025-07-16T15:17:16Z"
|
lastmodified: "2025-11-10T03:03:07Z"
|
||||||
mac: ENC[AES256_GCM,data:UKIJFzABE0vr7vSYL85iZdTvd0y3dN/MaBUoKf6OpcDtRphM8/yY5J0Xq6XM5f28WFN1GlSKUekQz+DkA6aR6aCI2SICVOJpFb/eXKQ3Y7Td+PGcBr07hFOGCSu2vAzgYB1ZnajfI659FcWmdOoJSYgHUz3G7iRTHHCRVcoaVVk=,iv:jmKwn9bkqvPa0dGge4FFW2uT4Oa1LlFpFMUlnqUgkAA=,tag:CL+0+frQMt2TmgYv9yZeuw==,type:str]
|
mac: ENC[AES256_GCM,data:GYriodre07cwdOik6Zh3ab3EzMTikF1BxMlKX+Fx1yurwkuBX9ULp04xN4TYWHlMgrDyQc/6c9K6P7yiT/XDBgLmdOUmdUJCkhHRobBID1oBjceKo/bcEhEx13qbKol11aKS9JFpAXGIogHk/ukElxrNTWiDlk409k7+WNn5l2k=,iv:DFSVmaTn2fUuAVf42v9wC/aekajgVjX+RmlG32aGD7E=,tag:noYDrelrDC5lIHS7b8Gj/g==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2025-03-07T22:49:16Z"
|
- created_at: "2025-03-07T22:49:16Z"
|
||||||
enc: |-
|
enc: |-
|
||||||
|
|
@ -46,4 +50,4 @@ sops:
|
||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B
|
fp: 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.10.2
|
version: 3.11.0
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue