Set up tinc for framework
This commit is contained in:
parent
58a49a71a8
commit
f4c514baa6
GPG key ID:
55A032EB38B49ADB
11 changed files with 94 additions and 12 deletions
|
|
@ -17,6 +17,10 @@
|
|||
./wireless.nix
|
||||
];
|
||||
|
||||
# Sops
|
||||
common.linux.sops.enable = true;
|
||||
common.linux.sops.file = ./secrets.yaml;
|
||||
|
||||
# services.xserver.enable = true;
|
||||
# services.xserver.displayManager.sddm.enable = true;
|
||||
# services.xserver.displayManager.sddm.wayland.enable = true;
|
||||
|
|
@ -77,6 +81,16 @@
|
|||
security.pam.services.swaylock.fprintAuth = true;
|
||||
security.pam.services.login.fprintAuth = true;
|
||||
|
||||
# tinc network
|
||||
sops.secrets."tinc-private-key" = { };
|
||||
services.my-tinc = {
|
||||
enable = true;
|
||||
hostName = "framework";
|
||||
ed25519PrivateKey = config.sops.secrets."tinc-private-key".path;
|
||||
bindPort = 6565;
|
||||
};
|
||||
|
||||
|
||||
# Secrets
|
||||
# sops.defaultSopsFile = ./secrets.yaml;
|
||||
# sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
|
|
|
|||
30
nki-framework/secrets.yaml
Normal file
30
nki-framework/secrets.yaml
Normal file
|
|
@ -0,0 +1,30 @@
|
|||
tinc-private-key: ENC[AES256_GCM,data:cKtOFrF5FRSHWxe/QxH5O9GAba1WcWeCwW1IOzmbgdtFufRoWbCtYeaLP+WQhQ70z6xobiY9DN8Jrh7mDptKSsfKrrx2SH5JrdpsoINhLMbetXq7E29+q6CkS8NlLgE/KyV8eFjQySNsYiA/+Efq9xj9e1wOmHBDsND/jgiJDkA1qsEIFZg/vuv8LdoRY3TV/oKJ4pao9+70G4H+8Ef1sMZHGNe9qJ94Wa71nNX2fTSjKH5YBbRijMAePWr/IeCpZ9Phs7RqjBs=,iv:l0iB136X7nLVblQjFi7K4f42JKSxdsiLIRy5GPzK1nc=,tag:HAgkvWkl0Rx62ejGZckdKA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age188tgu3psvywk6shq85mk2q0jdjwd0tcswzwlwu5pa5n3pndx75dq090z59
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmL2Z1RzBWaTI1TDl6WDNa
|
||||
NTNVdEhTSFU5enNlTGVNWTI5anBZb1BtaVhjCm1BRnJDSXl1cWdBRUs1VnREVjBU
|
||||
QWZxdkgzdm9JL0k5WmhDL1RCNTltdm8KLS0tIFhvQTlKMDZiVklTRWd4TzVmc2ll
|
||||
bmpjcWdBV1doZml2NjlzQzdQczJ3alEKBMRP3POxtPIqBWnrvxY/++5jtVE70Uxa
|
||||
EVfhsUO76A/hzyxfzpLEy1QGFE+DB/zlU0CK7HkNGPD2TrBHbzkPJA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1vgh6kvee8lvxylm7z86fpl3xzjyjs4u3zdfkyf064rjvxk9fpumsew7n27
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2MUxQU0dZOGRaekF4MWdo
|
||||
T0krcERtRTJndFR1RHZmL0t6MjBxMW5PSENNCkR6SUhxQ0FoaEhuaWpiUzJ0MnJE
|
||||
RXRERzVhL0lRVW1iRUlac0c5OHZsckEKLS0tIC9VM1dNZTNzdkFnMWk2YUwvcDNB
|
||||
TDZnVjBaVzZBem5lZDB1MW4xQ0RmZ28K6d7mF+f3ZyilXlSIQGT2pBrTWuYLccE1
|
||||
rYIJjHjFft/2wPX2gAW9VTiwfMT3lKJhJRqNdoie5phV5BZhkb3D9w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-08-15T16:27:40Z"
|
||||
mac: ENC[AES256_GCM,data:T1dTmWEY1c5QFzROnzFc1/dnfXN96B/OisPObZiwXQLHeh29AWjfqpd6eoYdAZW1Iipih7Nn1VUMxkf5xDuWziDrJhun2PaU3UOg/U6VrRIScnySV/VTQGyaJLJZuJmvgvyAV+G8KqxC4Biv7k0PBSZn6uvTg36D4f+IfItReE8=,iv:dgiDux8AxbWFtTd2jzd+XJ0eBMALcI8moDUDlgdnBiE=,tag:cYzL71xT8DBMn9j4pPUBpA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.0
|
||||
Loading…
Add table
Add a link
Reference in a new issue