fi/nix-infra
1
2
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity

Migrate lifeline to sops-nix

Browse source
This commit is contained in:
Fiona Grzebien 2026-05-17 03:25:55 +02:00
commit 8784537a38
Signed by: fi
SSH key fingerprint: SHA256:HQgl5VGC4+Yw3ds/0I/DqTge63SPBXvXwhNG/gRW26U
3 changed files with 42 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

18
config/hosts/lifeline/configuration.nix
View file

@ -26,7 +26,7 @@
{
name = "mail-2";
publicKey = "OIBOJlFzzM3P/u1ftVW2HWt8kA6NveB4PaBOIXhCYhM=";
presharedKeyFile = "/secrets/wireguard-lifeline-mail-2-lifeline-psk.secret";
presharedKeyFile = "/run/secrets/wireguard-lifeline-mail-2-lifeline-psk";
allowedIPs = [ "172.18.50.2/32" ];
}
];
@ -38,7 +38,7 @@
${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 172.18.50.0/24 -o ens6 -j MASQUERADE
'';
privateKeyFile = "/secrets/wireguard-lifeline-wg0-privatekey.secret";
privateKeyFile = "/run/secrets/wireguard-lifeline-wg0-privatekey";
};
};
nat = {
@ -62,5 +62,19 @@
services.prometheus.exporters.node.enable = false;
sops.secrets."wireguard-lifeline-mail-2-lifeline-psk" = {
mode = "0440";
owner = "root";
group = "root";
restartUnits = [ "wireguard-wg0.service" ];
};
sops.secrets."wireguard-lifeline-wg0-privatekey" = {
mode = "0440";
owner = "root";
group = "root";
restartUnits = [ "wireguard-wg0.service" ];
};
system.stateVersion = "23.05";
}