From 77fabf7098d19abe878f0e8caa887fd38aaaad7d Mon Sep 17 00:00:00 2001 From: Mel Date: Fri, 25 Jul 2025 16:01:48 +0200 Subject: Add GDA wireguard interface Signed-off-by: Mel --- machines/moissanite/default.nix | 1 + modules/work/default.nix | 7 +++++++ modules/work/wireguard.nix | 12 ++++++++++++ secrets/secrets.nix | 4 ++++ secrets/wg-gda.conf.age | Bin 0 -> 875 bytes 5 files changed, 24 insertions(+) create mode 100644 modules/work/default.nix create mode 100644 modules/work/wireguard.nix create mode 100644 secrets/wg-gda.conf.age diff --git a/machines/moissanite/default.nix b/machines/moissanite/default.nix index d41cb6f..78d84fe 100644 --- a/machines/moissanite/default.nix +++ b/machines/moissanite/default.nix @@ -4,6 +4,7 @@ imports = [ ../../modules/common.nix ../../modules/arm.nix + ../../modules/work ./hardware.nix ./devices.nix diff --git a/modules/work/default.nix b/modules/work/default.nix new file mode 100644 index 0000000..d617bc4 --- /dev/null +++ b/modules/work/default.nix @@ -0,0 +1,7 @@ +{ ... }: + +{ + imports = [ + ./wireguard.nix + ]; +} diff --git a/modules/work/wireguard.nix b/modules/work/wireguard.nix new file mode 100644 index 0000000..bfcf8dd --- /dev/null +++ b/modules/work/wireguard.nix @@ -0,0 +1,12 @@ +{ config, ... }: + +{ + age.secrets."wg-gda.conf" = { + file = ../../secrets/wg-gda.conf.age; + }; + + networking.wg-quick.interfaces."wg-gda" = { + autostart = false; # no need to start the interface during boot. + configFile = config.age.secrets."wg-gda.conf".path; + }; +} diff --git a/secrets/secrets.nix b/secrets/secrets.nix index f11c60c..eefcebd 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -10,4 +10,8 @@ let in { "password.age".publicKeys = allSystems ++ allUsers; + + "wg-gda.conf.age".publicKeys = [ + moissanite + ] ++ allUsers; } diff --git a/secrets/wg-gda.conf.age b/secrets/wg-gda.conf.age new file mode 100644 index 0000000..d3eeb7a Binary files /dev/null and b/secrets/wg-gda.conf.age differ -- cgit 1.4.1