From ba1f9262fbf891faa01f665ac99d87e561c4a587 Mon Sep 17 00:00:00 2001 From: Simon Bruder Date: Tue, 8 Aug 2023 11:44:45 +0200 Subject: [PATCH] shinobu/router: Make wg-mullvad vendor neutral --- machines/shinobu/secrets.yaml | 6 +++--- machines/shinobu/services/router.nix | 14 +++++++------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/machines/shinobu/secrets.yaml b/machines/shinobu/secrets.yaml index c478f14..54f3a7e 100644 --- a/machines/shinobu/secrets.yaml +++ b/machines/shinobu/secrets.yaml @@ -1,5 +1,5 @@ wg-home-private-key: ENC[AES256_GCM,data:gm4INfmp226u4wp+LuKgf5m2nTFFw4S24w4PRPcW/A7CU713c9NtQ+kPDKg=,iv:JAir9z5/Db6+Oroq+0vXPZLZLA2gjY2Be6hRAmgV5AE=,tag:fxL9nK3v5xERfcoBbCUsXg==,type:str] -wg-mullvad-private-key: ENC[AES256_GCM,data:yJ3+/rc3EQPhCMlHQ5BNA/NmPZiinjgV4A34UkmZgABvYLWzQMEQH5S8K9Q=,iv:YsGvRIaLbsYkbYCoD+szTIFPgBeyq/hoO4ljFSvp9f8=,tag:oil95breVKac7CdH/pA8FA==,type:str] +wg-upstream-private-key: ENC[AES256_GCM,data:CO50H7QsLQ2x0QQXnB7c0leG8NdV66gWrdWBWOR9z4ukSN7qj/qqe83t82k=,iv:2as2HfTfRje3TEap8QpPfzz4saNDgjo6Ty1DTF23JVE=,tag:ZYe+59wrpX7mV1HcDllMdg==,type:str] hostapd-config: ENC[AES256_GCM,data:a0ESrrsquLq6VRJM588C5A+FmVxJwJSzwRuv2o//LL5OybcDS8jkVUajosXEs0qmQ6Xfc1gFDcevCYUwJ24eZ+ynKLWwoNx8RXXwbpllO7FkI68vcauUij1CtUgVb8aHheKfrFuyW7WU1wE3NTtOt2gij1+nM3iKS3vFXtX2n9L2fuy2b3EhOUBiakxAeQmyVmclSVBDYt12i4h4tW7GpPr8AjoIiZgz0Hyx5zA5f/JTPzz/P200eM0tCttNPbMNPBGztJfw7raRIX+v6xw7QNPMgf03TOae17mt6uggTNKJfEPeanzcEMA3xR6xoFUqJL6Hvowyl4MrSFc+E5Rvft+qhp8m6tAqQln9Z3MzaDtxSBWnWdvWEcyeK1aDBQ57/aIwo8kVs47Iblqbi5+jM/n4DoeQtqTM1kS7sZ3XDQ26suW5KCw+VIeqEEqdu6g5ZXMO2SipSOzP5jPjX+5ubX3SXcyoAIo41Efa6YGdWtl3,iv:oLk5tatZEY5AI/PlTBJHShGCKiyvve9rPhGARAtMMj4=,tag:Bkan2Hff8L8ZcC67r+fWjg==,type:str] sops: kms: [] @@ -7,8 +7,8 @@ sops: azure_kv: [] hc_vault: [] age: [] - lastmodified: "2023-06-29T17:51:22Z" - mac: ENC[AES256_GCM,data:1mkrR2swPTwV5VzClUSfp+VdYXOXRD3hxITS1r3y3kmc7c4XDPJPiNuYXzgvLr6LN4xoAteVgYY+McVT3/JKykENtgpoiMVeWBvJvLPjFPt8FufnhqqCmlsVM17C5dlxdTvdtZtAPrebNqgxvVOdBfUcNugMx52ngmMNv9E7r1o=,iv:h8z5XO0r2zCA/gZSuLgFCupHizc4OMZeiBP+oHiXEBo=,tag:BzgBhgQIikNHSmYgNfPppA==,type:str] + lastmodified: "2023-08-08T09:43:37Z" + mac: ENC[AES256_GCM,data:lxoKzGyPwdfeI5Dlmgx9K9SBhfRIaokvum+dJWABUoGtIMtrhp4K4ZRF1Rjja8oTi4w3b+s9aUBpxt8TLu9vJZFsUkhY2gqW5bX3Ub/3xMAR9YSG3LtijRSMuKkdVlAkdjB6Guz9aHNVBG3fTZ+SfTlyOQdImW6bK4tydbGHKgY=,iv:6kVR4zZfHnqhcOT3N2tClGST8h7FLjIseXDu2xS2DEY=,tag:rd/f7cHSoxLT3O7HluVWLA==,type:str] pgp: - created_at: "2023-06-29T16:44:16Z" enc: |- diff --git a/machines/shinobu/services/router.nix b/machines/shinobu/services/router.nix index a0a8f7d..ba798fa 100644 --- a/machines/shinobu/services/router.nix +++ b/machines/shinobu/services/router.nix @@ -28,7 +28,7 @@ let domain = "home.sbruder.de"; in { - sops.secrets.wg-mullvad-private-key = { + sops.secrets.wg-upstream-private-key = { owner = config.users.users.systemd-network.name; sopsFile = ../secrets.yaml; }; @@ -47,7 +47,7 @@ in nat = { enable = true; enableIPv6 = true; - externalInterface = "wg-mullvad"; + externalInterface = "wg-upstream"; internalInterfaces = [ "br-lan" ]; internalIPv6s = [ "fd00:80:1::/64" ]; }; @@ -64,13 +64,13 @@ in Kind = "bridge"; }; }; - wg-mullvad = { + wg-upstream = { netdevConfig = { Kind = "wireguard"; - Name = "wg-mullvad"; + Name = "wg-upstream"; }; wireguardConfig = { - PrivateKeyFile = config.sops.secrets.wg-mullvad-private-key.path; + PrivateKeyFile = config.sops.secrets.wg-upstream-private-key.path; FirewallMark = 51820; }; wireguardPeers = lib.singleton { @@ -114,8 +114,8 @@ in domains = [ domain ]; address = [ "10.80.1.1/24" "fd00:80:1::1/64" ]; }; - wg-mullvad = { - name = "wg-mullvad"; + wg-upstream = { + name = "wg-upstream"; address = [ "10.66.208.88/32" "fc00:bbbb:bbbb:bb01::3:d057/128" ]; dns = [ "10.64.0.1" ]; routingPolicyRules = [