shinobu: Init

This commit is contained in:
Simon Bruder 2023-07-01 12:37:12 +02:00
parent 9039e60225
commit 1b44e31627
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC
14 changed files with 250 additions and 40 deletions

View file

@ -9,6 +9,7 @@ keys:
- &renge FD4E1FB15DD0F36A77790229826C04C0BE319FA2 - &renge FD4E1FB15DD0F36A77790229826C04C0BE319FA2
- &nunotaba 3176be14f468c6d43ab2206b4f273abccd49806b - &nunotaba 3176be14f468c6d43ab2206b4f273abccd49806b
- &okarin 868497ac4266a4d137e0718ae5fc3caa3b8107aa - &okarin 868497ac4266a4d137e0718ae5fc3caa3b8107aa
- &shinobu 28677f2e3584b39f528a779caf445ebb39c882b7
creation_rules: creation_rules:
- path_regex: machines/nunotaba/secrets\.yaml$ - path_regex: machines/nunotaba/secrets\.yaml$
key_groups: key_groups:
@ -55,6 +56,11 @@ creation_rules:
- pgp: - pgp:
- *simon - *simon
- *nunotaba - *nunotaba
- path_regex: machines/shinobu/secrets\.yaml$
key_groups:
- pgp:
- *simon
- *shinobu
- path_regex: secrets\.yaml$ - path_regex: secrets\.yaml$
key_groups: key_groups:
- pgp: - pgp:

28
keys/machines/shinobu.asc Normal file
View file

@ -0,0 +1,28 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsFNBAAAAAABEADNBcn9+nyc5vgZt2xhOwKnNaLys5m7Ve59YWvCcFMaObVufaT3
Xa99ysURbmvHLVxBF9rzhWgIlw6yLjfEku0/KsKN1PTc6MnmIV9s5SYy+3d1aqh/
8iJyVjag3lqGX2NwgGRKrWeluTlp+GEtqf0hZwEyC/JIIWY7gZZMRbc+IiOY5dd1
YkQBr4GsLfwDPMp0VX9TslaWGTVpFeM9m6Nw/3I5qXZugC7nIesNnuzFktW2d8CU
tIdX1Bn/I0DQKUP/RyVPkfBEM8ECpBiJHs6W9owmoXFV/BFUmk28rdI4XSwlmOMf
nsCVvhQwpm86401Ukzglf4s+Ng8QYlOZ4bKlEWEhqqG93283588NjDUHNEFkfakv
65V9Q8qfmBpkUPHvjoIXdl9O4yzPTL+QTWzIwLBaeTjN90PFq2DMPi0NREsFNAgE
vRrFkDckSGIt/7vK6q/QbsjaSMvTJoXU3pltncrJ/pfDhvZhyBXLJS+zEpjRiQf1
krQbTxy2rqgLBYqBog4qjEsTE8Xuz8Ru9hZkzct5DCgZ906wjW0ilZ+dJeIOIDaj
5wycryWCpHqu4j2XdubWfp4acVcU6yOBqaPwuWeIobzht0Ja68vbAnhvqZGx+86l
qS2v6cfzmpvyvA3ICWwYuKam0j7H/X9DlgI/qEYGnGjWvi5XWACG3KWHRQARAQAB
zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT
AQgAFgUCAAAAAAkQr0ReuznIgrcCGw8CGQEAAOPzEACQyu6j5yZQQ05eE0kmIzXq
cg/kazCqmHXHXNydxiEvKYySUW0ln4EE1bIxXAkWIVkmqvtOg5LqaqNfaPWkMHAz
VX3O6aCYp0mKmMQnfjYq7zlErXsdU3d7k06AGrs6US7o6N9pnkO0/hT0KJrHyATb
rAbAd7sUXcS/zogL8EQ65l6RWkElzqXDqlmUNwTfmwgb/Yhjk2130aDqZSBU17o+
NTv2GQbW+HPWE1QWJV4h1/G4b1u4eeCTh3QvlTRcM95oRxCH+BYmJnQm6CRNgs6b
601na1JRqRIDa8ttcAgXxn1PRbJquMSXD1xqDCAROvaiTVn47CXwhv5GPK290bqm
jVwbIojzpJyOPkVdT/9+caOqevte/IbdVYcfAKNrGbF1FXanItlgrMfhsWN9MKh2
B0Er/7yFEg12uMU4+I4T+NYEbn4x6KIA/I4xOkveXm4ik6zV6lbJmAVeof/H9YY5
u5fMv+90ACbq6wJB7B+LMg493CiOGNK1GyakwWn+caENaHBiK1/60WigMpZESTBy
yMqQvktilbU0dUdRwpLz+E7CtqyZzuMNbqBuT98GNSCYjLWMo/gF8WNQc4SLo0kG
66hDrzhS9YLz9KmbsAjRl9E0lSygsqkjw0TguKh4DDuJGyAzgE+6Vl5vshDBNJRW
qQBAOHjMg4kGZX2E3RbLCQ==
=9i5r
-----END PGP PUBLIC KEY BLOCK-----

View file

@ -29,8 +29,7 @@ in
hardware.common-pc-ssd hardware.common-pc-ssd
]; ];
#targetHost = "fuuko.home.sbruder.de"; targetHost = "fuuko.home.sbruder.de";
targetHost = "10.80.1.1";
}; };
mayushii = { mayushii = {
system = "x86_64-linux"; system = "x86_64-linux";
@ -54,4 +53,13 @@ in
targetHost = "okarin.sbruder.xyz"; targetHost = "okarin.sbruder.xyz";
}; };
shinobu = {
system = "x86_64-linux";
extraModules = [
hardware.common-cpu-intel
hardware.common-pc-ssd
];
targetHost = "shinobu.home.sbruder.de";
};
} }

View file

@ -15,28 +15,12 @@ Custom build in a be quiet! Pure Base 600.
* Case fan: Noctua NF-A9 PWM * Case fan: Noctua NF-A9 PWM
* Blu-ray burner LG WH16NS60 * Blu-ray burner LG WH16NS60
* Additional NIC: Intel I225-V * Additional NIC: Intel I225-V
* Wireless card Gigabyte GC-WB1733D-I
(includes user-serviceable Intel Wireless-AC 9260 card)
## Purpose ## Purpose
It is my main storage server It is my main storage server
that is responsible for handling storage and processing of big files that is responsible for handling storage and processing of big files
to which I need a high throughput connection. to which I need a high throughput connection.
It also acts as a router for my home network
and provides a wireless access point.
## Notes on Wireless
TL;DR: Never try to build an AP yourself, just get a dedicated AP and use OpenWrt.
* Wireless cards are M.2 A+E key and dont fit in a M.2 E key slot,
because apparently using USB for Bluetooth is a good idea.
* Intel Wireless cards only support AP mode on 2.4GHz [because of broken LAR](https://bugzilla.kernel.org/show_bug.cgi?id=206469).
* Almost all wireless cards only support one band at the same time (no dual-band AP).
* Realtek Wireless cards dont work at all (no wonder).
* Hostapds configuration file is … interesting.
* Regulatory stuff is fun.
## Name ## Name

View file

@ -9,7 +9,6 @@
./services/languagetool.nix ./services/languagetool.nix
./services/media-backup.nix ./services/media-backup.nix
./services/media.nix ./services/media.nix
./services/router.nix
./services/torrent.nix ./services/torrent.nix
]; ];

View file

@ -13,10 +13,7 @@
options gigabyte_wmi force_load=1 options gigabyte_wmi force_load=1
''; '';
supportedFilesystems = [ "btrfs" ]; supportedFilesystems = [ "btrfs" ];
# FIXME this doesnt work because (AFAIK) there is no VLAN support in the ip= parameter kernelParams = [ "ip=dhcp" ];
kernelParams = [
(with config.systemd.network.networks; "ip=${lib.elemAt br-lan.address 0}::::${config.networking.hostName}:${lan.name}")
];
initrd = { initrd = {
availableKernelModules = [ availableKernelModules = [
"aesni_intel" # hardware crypto for luks "aesni_intel" # hardware crypto for luks
@ -92,6 +89,11 @@
powerManagement.cpuFreqGovernor = "schedutil"; powerManagement.cpuFreqGovernor = "schedutil";
networking = {
useDHCP = false;
interfaces.enp10s0.useDHCP = true;
};
services.logind.extraConfig = '' services.logind.extraConfig = ''
HandlePowerKey=suspend HandlePowerKey=suspend
''; '';

View file

@ -68,6 +68,7 @@ in
"hitagi.vpn.sbruder.de:9100" "hitagi.vpn.sbruder.de:9100"
"vueko.vpn.sbruder.de:9100" "vueko.vpn.sbruder.de:9100"
"okarin.vpn.sbruder.de:9100" "okarin.vpn.sbruder.de:9100"
"shinobu.vpn.sbruder.de:9100"
]; ];
} }
{ {
@ -97,10 +98,10 @@ in
) )
{ {
job_name = "dnsmasq"; job_name = "dnsmasq";
static_configs = mkStaticTarget "fuuko.vpn.sbruder.de:${toString config.services.prometheus.exporters.dnsmasq.port}"; static_configs = mkStaticTarget "shinobu.vpn.sbruder.de:${toString config.services.prometheus.exporters.dnsmasq.port}";
relabel_configs = lib.singleton { relabel_configs = lib.singleton {
target_label = "instance"; target_label = "instance";
replacement = "fuuko.home.sbruder.de"; replacement = "shinobu.home.sbruder.de";
}; };
} }
{ {

View file

@ -0,0 +1,34 @@
# shinobu
## Hardware
Protectli Vault Pro VP2420.
* CPU: [Intel Celeron J6412](https://ark.intel.com/content/www/us/en/ark/products/214758/intel-celeron-processor-j6412-1-5m-cache-up-to-2-60-ghz.html) (4 × 2.0GHz)
* RAM: [8GB Crucial DDR4-2666 SO-DIMM `CT8G4SFRA266.M8FRS`](https://www.crucial.com/memory/ddr4/ct8g4sfra266)
* PSU: Channel Well Technology 60W (12V, 3.333A)
* SSD: 120GB Protectli SATA M.2
* NIC: 4 Intel i225-V (2.5GbE)
* Wireless: Intel Wireless-AC 9260
* FINTEK F81232 USB to UART bridge (for easy serial console)
* Dasharo coreboot firemware
## Purpose
It is the main router for my home network.
## Notes on Wireless (copied from fuukos previous README)
TL;DR: Never try to build an AP yourself, just get a dedicated AP and use OpenWrt.
* Wireless cards are M.2 A+E key and dont fit in an M.2 E key slot,
because apparently using USB for Bluetooth is a good idea.
* Intel Wireless cards only support AP mode on 2.4GHz [because of broken LAR](https://bugzilla.kernel.org/show_bug.cgi?id=206469).
* Almost all wireless cards only support one band at the same time (no dual-band AP).
* Realtek Wireless cards dont work at all (no wonder).
* Hostapds configuration file is … interesting.
* Regulatory stuff is fun.
## Name
Shinobu Oshino (previously known as Kiss-Shot Acerola-Orion Heart-Under-Blade) is a Vampire Oddity from the Monogatari Series.

View file

@ -0,0 +1,18 @@
{ config, lib, pkgs, ... }:
{
imports = [
./hardware-configuration.nix
../../modules
./services/router.nix
];
sbruder = {
wireguard.home.enable = true;
nginx.hardening.enable = true;
};
networking.hostName = "shinobu";
system.stateVersion = "23.05";
}

View file

@ -0,0 +1,52 @@
{ config, lib, modulesPath, pkgs, ... }:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
loader = {
grub.enable = false;
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
supportedFilesystems = [ "btrfs" ];
kernelParams = [
"console=ttyS0,115200n8"
];
initrd = {
availableKernelModules = [
"aesni_intel" # hardware crypto for luks
"ahci"
"sd_mod"
"sdhci_pci"
"usb_storage"
"xhci_pci"
];
kernelModules = [ ];
luks.devices = {
root = {
device = "/dev/disk/by-uuid/66b38a54-13b4-4c56-a1b7-d45e789e6718";
allowDiscards = true;
};
};
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/7fd4f8f4-0a36-424b-b7cc-f7df49781c7f";
fsType = "btrfs";
options = [ "compress=zstd" "discard" "noatime" ];
};
"/boot" = {
device = "/dev/disk/by-uuid/446B-FC4C";
fsType = "vfat";
};
};
powerManagement.cpuFreqGovernor = "powersave";
}

View file

@ -0,0 +1,54 @@
wg-home-private-key: ENC[AES256_GCM,data:gm4INfmp226u4wp+LuKgf5m2nTFFw4S24w4PRPcW/A7CU713c9NtQ+kPDKg=,iv:JAir9z5/Db6+Oroq+0vXPZLZLA2gjY2Be6hRAmgV5AE=,tag:fxL9nK3v5xERfcoBbCUsXg==,type:str]
wg-mullvad-private-key: ENC[AES256_GCM,data:yJ3+/rc3EQPhCMlHQ5BNA/NmPZiinjgV4A34UkmZgABvYLWzQMEQH5S8K9Q=,iv:YsGvRIaLbsYkbYCoD+szTIFPgBeyq/hoO4ljFSvp9f8=,tag:oil95breVKac7CdH/pA8FA==,type:str]
hostapd-config: ENC[AES256_GCM,data:a0ESrrsquLq6VRJM588C5A+FmVxJwJSzwRuv2o//LL5OybcDS8jkVUajosXEs0qmQ6Xfc1gFDcevCYUwJ24eZ+ynKLWwoNx8RXXwbpllO7FkI68vcauUij1CtUgVb8aHheKfrFuyW7WU1wE3NTtOt2gij1+nM3iKS3vFXtX2n9L2fuy2b3EhOUBiakxAeQmyVmclSVBDYt12i4h4tW7GpPr8AjoIiZgz0Hyx5zA5f/JTPzz/P200eM0tCttNPbMNPBGztJfw7raRIX+v6xw7QNPMgf03TOae17mt6uggTNKJfEPeanzcEMA3xR6xoFUqJL6Hvowyl4MrSFc+E5Rvft+qhp8m6tAqQln9Z3MzaDtxSBWnWdvWEcyeK1aDBQ57/aIwo8kVs47Iblqbi5+jM/n4DoeQtqTM1kS7sZ3XDQ26suW5KCw+VIeqEEqdu6g5ZXMO2SipSOzP5jPjX+5ubX3SXcyoAIo41Efa6YGdWtl3,iv:oLk5tatZEY5AI/PlTBJHShGCKiyvve9rPhGARAtMMj4=,tag:Bkan2Hff8L8ZcC67r+fWjg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2023-06-29T17:51:22Z"
mac: ENC[AES256_GCM,data:1mkrR2swPTwV5VzClUSfp+VdYXOXRD3hxITS1r3y3kmc7c4XDPJPiNuYXzgvLr6LN4xoAteVgYY+McVT3/JKykENtgpoiMVeWBvJvLPjFPt8FufnhqqCmlsVM17C5dlxdTvdtZtAPrebNqgxvVOdBfUcNugMx52ngmMNv9E7r1o=,iv:h8z5XO0r2zCA/gZSuLgFCupHizc4OMZeiBP+oHiXEBo=,tag:BzgBhgQIikNHSmYgNfPppA==,type:str]
pgp:
- created_at: "2023-06-29T16:44:16Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMAwDgSONkM+d4AQ//XL7P5/P31g5aA3wEuLI2Fv6NuNnf3/M2R3jpy/dMVvM4
rH+c3aDH6QnXvA2JzPAz235m60LKlKQPCQbakiBucuPm0al/lFf3YblEaW4l68ZG
75sKk5YZqVpBqoirQTT/o4/lD1pLset5UM4OJ1Tq8t6FlNVasFah1YBKbe7I9l53
4Y85y1/dCcuAfRTM21l54+iL5Lhz/CPd0B1glfgszI0Lh0bPoB+HHGi3HNb/S3PP
L91892RCF2EYVb0aK54mpeq6ZVrpdnH37mFuNOHTha6qvpklreIcUSP9TNT4UEQW
Pz+YytPH0vGeIq26Eb/1pfLiZvqn3eHs7p2hrV3sDXFdrAnG6MO/vy5rRd4vyTUM
GmUBGUHS6acaOLdnDFHMQ/+tewreq9NnJFppBQz8t/hk9mjz1XWnflMHipKe+t6V
kflhjDi7kwndG9sxHn7Mqj059ZKcKs8o8BTqPMgBAp/Z1IvSVyj+Q/nM/RpNZim3
bs5z9PY8KUzD+4Biabitj21c4ah9pFXw/6W2sesAlFQGP+DkgIKuIEhyuV6HSshn
m/M2Q9Ma0rgKCgtgse41TbMMQASiJPA1mdtO7RE92t5gMKVVAiVHD6kTfOJZSAkx
TbxGjlXDLuqugKnZI41NwnHUdCUfxTGoeFqtaqYiWQ0hdgsziHHEkMxlPEGDFjfS
UQGlBUSl6nB1+RI2x9lLSoQbz3x5ZdXnapi+KGLfQZb11nCegTLVyO5NO+sI54+Z
umyIAqj6/MqgQQGt9oWJnybbFnhcjwdfEIwW4sSWJA5geQ==
=y5Sy
-----END PGP MESSAGE-----
fp: 47E7559E037A35652DBBF8AA8D3C82F9F309F8EC
- created_at: "2023-06-29T16:44:16Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA69EXrs5yIK3ARAAvjxMdia3YDWmBDM27K/om1wUtZk+isrQ5r8U1Di6uF0Q
qImLsCXRPumL3ZtzZ9qls2OJlUvZQkfE9Ek2/hHINGfUIdNGkXCgJs42Edcfd6tK
bd8hZf/kCJSX3V3c13sUdVQWy8RavUAb0Ezc0H1rZq8K1Gp8iMO9NAm/m8UJe2tM
+cBVvzhBoI+onkrWBCsiquPuts+hgiWMwr+hOPsQhT5VP1HM/si7k9JgEEMlqnMo
NOJUaqbYSR8Q/cy3jjfkAbrpYJ/ZuvZefvU2j+nlfnyzmiWV/Xh6QVseaq1IvFqg
ZmdFLyursv19xTYE0HOBX3c1QlEK5vMFdzADOdu3KDO0JpGwLMcR2dzX8CRYNzyR
B3cbfwp679B3RvKhMHKuVTy9bdb5df6CGBjVeQCNFmBSbimVTjTpFxMk5rusp/j9
Ql8h4ULajrfSmN4T5xoIShsmAAFeeSdHCLrACXHjHU0v2xh+MG5dTZTLa9V+4s7e
wIeq4v9ED5PFFRr+mQUdlmQP+fdH4Cwor8OZxA4g09RFoo3MUgLHWaa5emL1z1YN
fWgZs6EsFFTNYtUoey91eFzhKYYKa1P1gXztgEbc0L95Qqa15QPeWGYgf1WIRASZ
POTGCjleDuqnEoFFdt+qaVYtpCoJnAKjhSFf10DvN6AQ0zraXldHdx4B1wYBLQTS
WAG5qS56CCwMxqjic2OfdSul2zHsCSsoXrWmqG1vtv2WGE7iIsseUor7eeLxbHIW
/8Y9+kx+ZcTSXcs9t1xBHCEv3LAgwneVorOhiHVS4gu6R7crYLKpygE=
=7Sdh
-----END PGP MESSAGE-----
fp: 28677f2e3584b39f528a779caf445ebb39c882b7
unencrypted_suffix: _unencrypted
version: 3.7.3

View file

@ -1,18 +1,24 @@
# Home network configuration # Home network configuration
# (2.5GbE clients)
# | |
# +----------+ +----------+
# | | | | | | (1GbE clients)
# | | | | | +|-|-|-|-|+
# +---+----+ +-+-+-+-+-+ |5 4 3 2 1|
# |upstream| | 1 2 3 4 | |TL-SG105 |
# +--------+ | shinobu | +---------+
# +---------+
# #
# +----------+ +------+ # It consists of shinobu as a router (this configuration),
# | | | | ( clients )
# | | | +|-|-|-|-|+
# +---+----+ +-+-+-+ |5 4 3 2 1|
# |upstream| |fuuko| |TL-SG105 |
# +--------+ +-----+ +---------+
#
# It consists of fuuko as a router (this configuration),
# connected to a TP-LINK TL-SG105E “smart managed” (i.e., it can do VLANs) 5-port switch. # connected to a TP-LINK TL-SG105E “smart managed” (i.e., it can do VLANs) 5-port switch.
# The upstream comes from some plasic Huawei router/AP I dont control. # The upstream comes from some plasic Huawei router/AP I dont control.
# #
# fuuko has two physical network interfaces, # Because the switch only supports GbE,
# because remote unlocking (which requires network in initrd) is hard with VLANs. # the two clients I currently have with support for 2.5GbE are connected
# directly to the two remaining network interfaces on shinobu.
# Once I have more devices with support for 2.5GbE
# or I find a good deal on a matching switch,
# I will change this.
# #
# Wireless is configured by providing the whole hostapd configuration file as a secret. # Wireless is configured by providing the whole hostapd configuration file as a secret.
# Once nixpkgs PR 222536 is merged, I will migrate to using the NixOS module. # Once nixpkgs PR 222536 is merged, I will migrate to using the NixOS module.
@ -49,6 +55,8 @@ in
systemd.network = { systemd.network = {
enable = true; enable = true;
# not all interfaces need to be up
wait-online.extraArgs = [ "--any" ];
netdevs = { netdevs = {
br-lan = { br-lan = {
netdevConfig = { netdevConfig = {
@ -77,7 +85,7 @@ in
}; };
networks = { networks = {
wan = { wan = {
name = "enp9s0"; name = "enp1s0";
networkConfig = { networkConfig = {
# Upstream provides no IPv6 :( # Upstream provides no IPv6 :(
# If this is not set, it waits and fails systemd-networkd-wait-online # If this is not set, it waits and fails systemd-networkd-wait-online
@ -89,8 +97,16 @@ in
UseDNS = "no"; UseDNS = "no";
}; };
}; };
lan = { lan1 = {
name = "enp10s0"; name = "enp2s0";
bridge = [ "br-lan" ];
};
lan2 = {
name = "enp3s0";
bridge = [ "br-lan" ];
};
lan3 = {
name = "enp4s0";
bridge = [ "br-lan" ]; bridge = [ "br-lan" ];
}; };
br-lan = { br-lan = {
@ -209,8 +225,8 @@ in
# The service is mostly taken from nixpkgs pr 222536. # The service is mostly taken from nixpkgs pr 222536.
systemd.services.hostapd = { systemd.services.hostapd = {
path = with pkgs; [ hostapd ]; path = with pkgs; [ hostapd ];
after = [ "sys-subsystem-net-devices-wlp8s0.device" ]; after = [ "sys-subsystem-net-devices-wlp5s0.device" ];
bindsTo = [ "sys-subsystem-net-devices-wlp8s0.device" ]; bindsTo = [ "sys-subsystem-net-devices-wlp5s0.device" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {

View file

@ -63,5 +63,9 @@
hostNames = [ "[okarin.sbruder.de]:2222" ]; hostNames = [ "[okarin.sbruder.de]:2222" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINJbp0kZJEXf1gSVcBsef1Bihd5iCzhzSbjgyrC1SXXT"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINJbp0kZJEXf1gSVcBsef1Bihd5iCzhzSbjgyrC1SXXT";
}; };
shinobu = {
hostNames = [ "shinobu" "shinobu.home.sbruder.de" "shinobu.vpn.sbruder.de" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJJNZPT2Mmys2nw/ovX6Z1Cb4WDAaWBWanycNwF9IEjl";
};
}; };
} }

View file

@ -32,6 +32,10 @@ let
address = "10.80.0.10"; address = "10.80.0.10";
publicKey = "KjDdTOVZ9RadDrNjJ11BWsY8SNBmDbuNoKm72wh9uCk="; publicKey = "KjDdTOVZ9RadDrNjJ11BWsY8SNBmDbuNoKm72wh9uCk=";
}; };
shinobu = {
address = "10.80.0.12";
publicKey = "ErLWueo4ikYH/mKHr3axyoAVZh+Bdh1NQBet42aD0kk=";
};
}; };
cfg = config.sbruder.wireguard.home; cfg = config.sbruder.wireguard.home;