june/fi-nix-infra
1
0
Fork 0
forked from fi/nix-infra
Code Pull requests Activity

Migrate mail-1 to sops-nix

Browse source
This commit is contained in:
Fiona Grzebien 2026-05-24 02:23:59 +02:00
commit e35aa9aabd
Signed by: fi
SSH key fingerprint: SHA256:HQgl5VGC4+Yw3ds/0I/DqTge63SPBXvXwhNG/gRW26U
4 changed files with 130 additions and 122 deletions
Download patch file Download diff file Expand all files Collapse all files

17
config/hosts/mail-1/configuration.nix
View file

@ -51,11 +51,11 @@
Name = "wg0";
};
wireguardConfig = {
PrivateKeyFile = "/secrets/wireguard-mail-1-wg0-privatekey.secret";
PrivateKeyFile = "/run/secrets/wireguard-mail-1-wg0-privatekey";
};
wireguardPeers = [{
PublicKey = "ik480irMZtGBs1AFpf1KGzDBekjdziD3ck7XK8r1WXQ=";
PresharedKeyFile = "/secrets/wireguard-valkyrie-mail-1-mail-1-psk.secret";
PresharedKeyFile = "/run/secrets/wireguard-valkyrie-mail-1-mail-1-psk";
Endpoint = "212.53.203.19:51822";
AllowedIPs = [ "0.0.0.0/0" ];
PersistentKeepalive = 25;
@ -77,5 +77,18 @@
wireguard-tools
];
sops.secrets."wireguard-valkyrie-mail-1-mail-1-psk" = {
mode = "0440";
owner = "root";
group = "root";
restartUnits = [ "wireguard-wg0.service" ];
};
sops.secrets."wireguard-mail-1-wg0-privatekey" = {
mode = "0440";
owner = "root";
group = "root";
restartUnits = [ "wireguard-wg0.service" ];
};
system.stateVersion = "23.05";
}