oxaproxy: init

2022-06-19 22:09:13 +02:00 · 2022-06-19 22:09:13 +02:00 · 1733cf5b1f
commit 1733cf5b1f
parent b84bd0c69f
3 changed files with 30 additions and 3 deletions
--- a/hosts/cirrus/secrets.nix
+++ b/hosts/cirrus/secrets.nix
@ -7,5 +7,8 @@
    "wg/oxalab-seckey" = {
      owner = config.users.users.systemd-network.name;
    };
+    "wg/oxaproxy-seckey" = {
+      owner = config.users.users.systemd-network.name;
+    };
  };
 }
--- a/hosts/cirrus/wireguard-server.nix
+++ b/hosts/cirrus/wireguard-server.nix
@ -1,8 +1,9 @@
 { config, ... }:
 {
-  networking.firewall.allowedUDPPorts = [ 51820 ];
+  networking.firewall.allowedUDPPorts = [ 51820 51821 ];
  networking.wireguard.enable = true;
  systemd.network = {
+    # oxalab
    netdevs."oxalab" = {
      netdevConfig = {
        Kind = "wireguard";
@ -42,5 +43,27 @@
        IPForward = "ipv4";
      };
    };
+
+
+    # oxaproxy
+    netdevs."oxaproxy" = {
+      netdevConfig = {
+        Kind = "wireguard";
+        Name = "oxaproxy";
+        Description = "oxa's enterprise reverse-proxy network";
+      };
+      wireguardConfig = {
+        PrivateKeyFile = config.sops.secrets."wg/oxaproxy-seckey".path;
+        #own pubkey 0KMtL2fQOrrCH6c2a2l4FKiM73G86sUuyaNj4FarzVM=
+        ListenPort = 51821;
+      };
+      wireguardPeers = [ ];
+    };
+    networks."oxaproxy" = {
+      matchConfig.Name = "oxaproxy";
+      networkConfig = {
+        Address = "10.34.45.1/24";
+      };
+    };
  };
 }