modules: secrets: move wireguard keys
This is a bit special, as some of the keys do not belong to NixOS hosts, so store those in the module itself, and into host-specific directories for the keys that are NixOS hosts.
This commit is contained in:
parent
ed745602a1
commit
7cebaa3751
|
@ -9,5 +9,5 @@ let
|
||||||
];
|
];
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
# Add secrets here
|
"wireguard/private-key.age".publicKeys = all;
|
||||||
}
|
}
|
||||||
|
|
|
@ -59,6 +59,8 @@ in
|
||||||
|
|
||||||
"transmission/credentials.age".publicKeys = all;
|
"transmission/credentials.age".publicKeys = all;
|
||||||
|
|
||||||
|
"wireguard/private-key.age".publicKeys = all;
|
||||||
|
|
||||||
"woodpecker/gitea.age".publicKeys = all;
|
"woodpecker/gitea.age".publicKeys = all;
|
||||||
"woodpecker/secret.age".publicKeys = all;
|
"woodpecker/secret.age".publicKeys = all;
|
||||||
"woodpecker/ssh/private-key.age".publicKeys = all;
|
"woodpecker/ssh/private-key.age".publicKeys = all;
|
||||||
|
|
|
@ -7,9 +7,4 @@ in
|
||||||
{
|
{
|
||||||
"users/ambroisie/hashed-password.age".publicKeys = all;
|
"users/ambroisie/hashed-password.age".publicKeys = all;
|
||||||
"users/root/hashed-password.age".publicKeys = all;
|
"users/root/hashed-password.age".publicKeys = all;
|
||||||
|
|
||||||
"wireguard/aramis/private-key.age".publicKeys = all;
|
|
||||||
"wireguard/milady/private-key.age".publicKeys = all;
|
|
||||||
"wireguard/porthos/private-key.age".publicKeys = all;
|
|
||||||
"wireguard/richelieu/private-key.age".publicKeys = all;
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,7 +12,7 @@ let
|
||||||
let
|
let
|
||||||
mkPeer = name: attrs: {
|
mkPeer = name: attrs: {
|
||||||
inherit (attrs) clientNum publicKey;
|
inherit (attrs) clientNum publicKey;
|
||||||
privateKeyFile = secrets."wireguard/${name}/private-key".path;
|
privateKeyFile = secrets."wireguard/private-key".path;
|
||||||
} // lib.optionalAttrs (attrs ? externalIp) {
|
} // lib.optionalAttrs (attrs ? externalIp) {
|
||||||
inherit (attrs) externalIp;
|
inherit (attrs) externalIp;
|
||||||
};
|
};
|
||||||
|
|
15
modules/services/wireguard/keys/secrets.nix
Normal file
15
modules/services/wireguard/keys/secrets.nix
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
# Extra wireguard keys that are not hosts NixOS hosts
|
||||||
|
let
|
||||||
|
keys = import ../../../../keys;
|
||||||
|
|
||||||
|
all = [
|
||||||
|
keys.users.ambroisie
|
||||||
|
];
|
||||||
|
in
|
||||||
|
{
|
||||||
|
# Sarah's iPhone
|
||||||
|
"milady/private-key.age".publicKeys = all;
|
||||||
|
|
||||||
|
# My Android phone
|
||||||
|
"richelieu/private-key.age".publicKeys = all;
|
||||||
|
}
|
Loading…
Reference in a new issue