0xa/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

oxaproxy: init

Browse source
This commit is contained in:
Grigory Shipunov 2022-06-19 22:09:13 +02:00
parent b84bd0c69f
commit 1733cf5b1f
Signed by: 0xa
GPG key ID: 91FA5E5BF9AA901C
3 changed files with 30 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
hosts/cirrus/secrets.nix
View file

@ -7,5 +7,8 @@
"wg/oxalab-seckey" = { "wg/oxalab-seckey" = {
owner = config.users.users.systemd-network.name; owner = config.users.users.systemd-network.name;
}; };
"wg/oxaproxy-seckey" = {
owner = config.users.users.systemd-network.name;
};
}; };
} }

25
hosts/cirrus/wireguard-server.nix
View file

@ -1,8 +1,9 @@
{ config, ... }: { config, ... }:
{ {
networking.firewall.allowedUDPPorts = [ 51820 ]; networking.firewall.allowedUDPPorts = [ 51820 51821 ];
networking.wireguard.enable = true; networking.wireguard.enable = true;
systemd.network = { systemd.network = {
# oxalab
netdevs."oxalab" = { netdevs."oxalab" = {
netdevConfig = { netdevConfig = {
Kind = "wireguard"; Kind = "wireguard";
@ -42,5 +43,27 @@
IPForward = "ipv4"; IPForward = "ipv4";
}; };
}; };
# oxaproxy
netdevs."oxaproxy" = {
netdevConfig = {
Kind = "wireguard";
Name = "oxaproxy";
Description = "oxa's enterprise reverse-proxy network";
};
wireguardConfig = {
PrivateKeyFile = config.sops.secrets."wg/oxaproxy-seckey".path;
#own pubkey 0KMtL2fQOrrCH6c2a2l4FKiM73G86sUuyaNj4FarzVM=
ListenPort = 51821;
};
wireguardPeers = [ ];
};
networks."oxaproxy" = {
matchConfig.Name = "oxaproxy";
networkConfig = {
Address = "10.34.45.1/24";
};
};
}; };
} }

5
secrets/cirrus/secrets.yaml
View file

@ -1,5 +1,6 @@
wg: wg:
oxalab-seckey: ENC[AES256_GCM,data:XOBmfM82l686jvqjiqy+VdIollpaX+h1j609j+70CE7thA3CJki2W0neDC0=,iv:6/lsg7r/GHasNWV8lOheEMpoW5HWuRgHtdlGEqK0Dbo=,tag:I1PJC99omIfygb9T1cN1hg==,type:str] oxalab-seckey: ENC[AES256_GCM,data:XOBmfM82l686jvqjiqy+VdIollpaX+h1j609j+70CE7thA3CJki2W0neDC0=,iv:6/lsg7r/GHasNWV8lOheEMpoW5HWuRgHtdlGEqK0Dbo=,tag:I1PJC99omIfygb9T1cN1hg==,type:str]
oxaproxy-seckey: ENC[AES256_GCM,data:CpFezqXTvt8kpfgkGOY8B0PAMpllSME6UnQ6LsboBJIchbJdeDh7kNOWM5I=,iv:nDHeXMgljendSFprl61Eg5U0YYNP8DAhX10QCyjDDm0=,tag:0FatosVdGl93op5fZl41nA==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -15,8 +16,8 @@ sops:
dkFwVkVHR3hsMUlpRzY4Wm5LYXZlYzgKZC8dlewbtxo0KIQWQ6sy2Kv/qRgNJY3H dkFwVkVHR3hsMUlpRzY4Wm5LYXZlYzgKZC8dlewbtxo0KIQWQ6sy2Kv/qRgNJY3H
XGfb11bFdmmfiTY98KsfuhY9nRQRUlRMfjc7pHztUk2hVMEIN8WkXg== XGfb11bFdmmfiTY98KsfuhY9nRQRUlRMfjc7pHztUk2hVMEIN8WkXg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2022-06-17T11:47:49Z" lastmodified: "2022-06-19T20:06:54Z"
mac: ENC[AES256_GCM,data:mB02yyuVAzneQBrIWKphYos9orFk4emwPZh97TUvu7HREZn2Qte7WSHF9R30pnUiLMj1iMESFGbvR0hKZlQa/XmqB1/87u6I/0JIiPHajTy2FEs4HBd2Z5WaQ2bIki8sEWuOenTAL9xFyvjzRFjDM9pWons2fXy0l05HjQLwkFE=,iv:IboNxYf4TDK/ziuU7n3IUvHfbqpbZn9hJ+IGuhRvI04=,tag:jB5y79Q/kano06ZlIVEkfA==,type:str] mac: ENC[AES256_GCM,data:cbgablJmCln1886/QiYWx767ZEMTHlSCIdlK2mtXGveRW0+cOoRopuSii2xalCWDxfX7Q4PYBlb2f47tyAP+1S2gJa1WkI8HR5uAXn1ktVJWs25GStKwKW2oZdfCLKW19059W3r4WaCgx2asdeBW5nzF0wXN7J8Cmc3tO9wQ7W0=,iv:zfiK7LCMOTZEwJmySEjRBgVfU4TkJl7xRG+Jn0ykyTw=,tag:ANA6Dkt8dLA9BUmnQPjwAQ==,type:str]
pgp: pgp:
- created_at: "2022-06-17T11:46:30Z" - created_at: "2022-06-17T11:46:30Z"
enc: |- enc: |-