Add GDA wireguard interface

Signed-off-by: Mel <mel@rnrd.eu>

5 files changed, 24 insertions, 0 deletions

diff --git a/machines/moissanite/default.nix b/machines/moissanite/default.nix
index d41cb6f..78d84fe 100644
--- a/machines/moissanite/default.nix
+++ b/machines/moissanite/default.nix
@@ -4,6 +4,7 @@
   imports = [
     ../../modules/common.nix
     ../../modules/arm.nix
+    ../../modules/work
 
     ./hardware.nix
     ./devices.nix
diff --git a/modules/work/default.nix b/modules/work/default.nix
new file mode 100644
index 0000000..d617bc4
--- /dev/null
+++ b/modules/work/default.nix
@@ -0,0 +1,7 @@
+{ ... }:
+
+{
+  imports = [
+    ./wireguard.nix
+  ];
+}
diff --git a/modules/work/wireguard.nix b/modules/work/wireguard.nix
new file mode 100644
index 0000000..bfcf8dd
--- /dev/null
+++ b/modules/work/wireguard.nix
@@ -0,0 +1,12 @@
+{ config, ... }:
+
+{
+  age.secrets."wg-gda.conf" = {
+    file = ../../secrets/wg-gda.conf.age;
+  };
+
+  networking.wg-quick.interfaces."wg-gda" = {
+    autostart = false; # no need to start the interface during boot.
+    configFile = config.age.secrets."wg-gda.conf".path;
+  };
+}
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index f11c60c..eefcebd 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -10,4 +10,8 @@ let
 in
 {
   "password.age".publicKeys = allSystems ++ allUsers;
+
+  "wg-gda.conf.age".publicKeys = [
+    moissanite
+  ] ++ allUsers;
 }
diff --git a/secrets/wg-gda.conf.age b/secrets/wg-gda.conf.age
new file mode 100644
index 0000000..d3eeb7a
--- /dev/null
+++ b/secrets/wg-gda.conf.age
Binary files differ