modules: secrets: move wireguard keys

This is a bit special, as some of the keys do not belong to NixOS hosts, so store those in the module itself, and into host-specific directories for the keys that are NixOS hosts.
2023-04-16 19:43:39 +01:00 · 2023-04-16 19:43:39 +01:00 · 7cebaa3751
commit 7cebaa3751
parent ed745602a1
9 changed files with 19 additions and 7 deletions
--- a/modules/services/wireguard/default.nix
+++ b/modules/services/wireguard/default.nix
@ -12,7 +12,7 @@ let
    let
      mkPeer = name: attrs: {
        inherit (attrs) clientNum publicKey;
-        privateKeyFile = secrets."wireguard/${name}/private-key".path;
+        privateKeyFile = secrets."wireguard/private-key".path;
      } // lib.optionalAttrs (attrs ? externalIp) {
        inherit (attrs) externalIp;
      };
--- a/modules/services/wireguard/keys/milady/private-key.age
+++ b/modules/services/wireguard/keys/milady/private-key.age
@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 cKojmg gWB20jfimPCJHYjqxBSHYkL9Z/kGZ23dRu4PHp7oJj8
+z3dBymvgrGNtIXe3yQAzpm36uExPmD7DKjU6mMNw99U
+-> ssh-ed25519 jPowng aeWv6an+PmWRuk2eHOQhF7jvmld1I5p2LbSmehjUBBw
+Rn+ApMvZlO0ji6TCakCUc+1jK762UxOqVanmCsjB+80
+-> jDh})['\-grease |Y6J(8{ +v.7nKx
+WID+ZDtsOlPI0AW8ROvXH1s
+--- ZlSk2uv95UoKi5D94+tiQdZyxCVv6dlj6ajwYeDzmp0
+çön“¯`Wáø¸öm!Q3]ñËQ}}<7D>ý†ŽBy—€kÛuÐìçÝÆ€EÉ^…zO‡Ö[ÕV¨p šfâøÀ>¡Ä”ÌÌÖî
--- a/modules/services/wireguard/keys/richelieu/private-key.age
+++ b/modules/services/wireguard/keys/richelieu/private-key.age
@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 cKojmg rYhrpoTaFjLBGtbCXxEK7jZa+KnriEV/kWViIEjmuQs
+jHMSjxKIIqjUnpAcEo3JgsieI1iiA5/gKEx8+QFhDgY
+-> ssh-ed25519 jPowng 6sQQFvSbWdjgDYSKmJ/CBG+BTzxFghX4SaJ4GyACKWc
+OABJuh+Ta8q+G0onF/9bz3xxv4zTlHYlF4AjC5P6Y6I
+-> xwW|#D`-grease $xYH C m8lBk9
+OBqgvLNIurE0qNaSB7dO2/6dQkVXeLgf/3l9gGlRJ6ynhqwmbXOUa0vyj+OBz27O
+uI97+0y1TFAs3HN0Y8nj8LrwsafbDENu99JuVow2OuLKeSqc7sxOQQ
+--- 9filSHStPTJJGDLY7AWzIXu/6tK4X0okT522sc4OJTc
+M{ｲ顗仭$ｹ:Nﾙ災[ﾝｶｬ2xy8&腴_{RﾜLX<4C>W√<E2889A>ｻxﾑ*Pr`ｾUｲp<EFBDB2>Jﾉ枇鵲#藝ﾔ<E8979D>ﾗ<EFBFBD>覬粘	s
--- a/modules/services/wireguard/keys/secrets.nix
+++ b/modules/services/wireguard/keys/secrets.nix
@ -0,0 +1,15 @@
+# Extra wireguard keys that are not hosts NixOS hosts
+let
+  keys = import ../../../../keys;
+
+  all = [
+    keys.users.ambroisie
+  ];
+in
+{
+  # Sarah's iPhone
+  "milady/private-key.age".publicKeys = all;
+
+  # My Android phone
+  "richelieu/private-key.age".publicKeys = all;
+}