oxalab: init

hosts/cirrus/configuration.nix

@@ -5,11 +5,6 @@
 { config, pkgs, ... }:
 
 {
-  imports =
-    [ # Include the results of the hardware scan.
-      ./hardware-configuration.nix
-    ];
-
   # Use the GRUB 2 boot loader.
   boot.loader.grub.enable = true;
   boot.loader.grub.version = 2;
@@ -27,7 +22,7 @@
     networks."uplink" = {
       matchConfig = { Name = "enp1s0"; };
       networkConfig = {
-        DHCP="yes";
+        DHCP="yes"; # hetzner suggests this as default
       };
     };
   };

hosts/cirrus/default.nix

@@ -0,0 +1,8 @@
+{
+  imports = [
+    ./hardware-configuration.nix
+    ./configuration.nix
+    ./secrets.nix
+    ./wireguard-server.nix
+  ];
+}

hosts/cirrus/wireguard-server.nix

@@ -0,0 +1,43 @@
+{ config, ... }:
+{
+  systemd.network = {
+    netdevs."oxalab" = {
+      netdevConfig = {
+        Kind = "wireguard";
+        Name = "oxalab";
+        Description = "oxa's enterprise network";
+      };
+      wireguardConfig = {
+        PrivateKeyFile = config.sops.secrets."wg/oxalab-seckey".path;
+        ListenPort = 51820;
+        # own pubkey: 5nCVC21BL+1r70OGwA4Q6Z/gcPLC3+ZF8sTurdn7N0E=
+      };
+      wireguardPeers = [
+        {
+          # microwave
+          wireguardPeerConfig = {
+          # nextcloud down, have to keep things in here: https://www.youtube.com/watch?v=1c6v7j1TUBI
+          PublicKey = "0zpfcNrmbsNwwbnDDX4SMl4BVTB0zuhGKixT9TJQoHc=";
+          AllowedIPs = [ "10.66.66.10/32" ];
+          PersistentKeepalive = 25;
+        };
+        }
+        {
+          # Dishwasher
+          wireguardPeerConfig = {
+          # nextcloud down, have to keep things in here: https://www.youtube.com/watch?v=1c6v7j1TUBI
+          PublicKey = "xrremJFIcxwR6snoTUK+mytjez60I91XE120OQGQ7gc=";
+          AllowedIPs = [ "10.66.66.100/32" ];
+          PersistentKeepalive = 25;
+        };
+        }
+      ];
+    };
+    networks."oxalab" = {
+      matchConfig.Name = "oxalab";
+      networkConfig = {
+        Address = "10.13.37.1";
+      };
+    };
+  };
+}

hosts/dishwasher/default.nix

@@ -0,0 +1,8 @@
+{
+  imports = [
+    ./configuration.nix
+    ./hardware-configuration.nix
+    ./secrets.nix
+    ./oxalab.nix
+  ];
+}

hosts/dishwasher/oxalab.nix

@@ -0,0 +1,32 @@
+{ config, ... }:
+{
+  systemd.network = {
+    netdevs."oxalab" = {
+      netdevConfig = {
+        Kind = "wireguard";
+        Name = "oxalab";
+        Description = "oxa's enterprise network";
+      };
+      wireguardConfig = {
+        PrivateKeyFile = config.sops.secrets."wg/oxalab-seckey".path;
+      };
+      wireguardPeers = [
+        {
+          # cirrus
+          wireguardPeerConfig = {
+          PublicKey = "5nCVC21BL+1r70OGwA4Q6Z/gcPLC3+ZF8sTurdn7N0E=";
+          AllowedIPs = [ "10.66.66.0/24" ];
+          Endpoint = [ "95.216.166.21:51820" ];
+          PersistentKeepalive = 25;
+        };
+        }
+      ];
+    };
+    networks."oxalab" = {
+      matchConfig.Name = "oxalab";
+      networkConfig = {
+        Address = "10.13.37.100";
+      };
+    };
+  };
+}

hosts/dishwasher/secrets.nix

@@ -0,0 +1,9 @@
+{ config, ... }:
+{
+  sops.defaultSopsFile = ../../secrets/dishwasher/secrets.yaml;
+  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+
+  sops.secrets = {
+    "wg/oxalab-seckey" = { };
+  };
+}

hosts/microwave/secrets.nix

@@ -1,11 +1,12 @@
 { config, ... }:
 {
-  sops.defaultSopsFile = ../../secrets/secrets.yaml;
+  sops.defaultSopsFile = ../../secrets/microwave/secrets.yaml;
   sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
 
   sops.secrets = {
     "wg/wg-zw-seckey" = { };
     "wg/wg-dvb-seckey" = { };
     "wg/mlwd-nl-seckey" = { };
+    "wg/oxalab-seckey" = { };
   };
 }