From e59677827b60f7ca97a1cf2d95cdc47c00cca675 Mon Sep 17 00:00:00 2001 From: Grisha Shipunov Date: Mon, 3 Feb 2025 19:28:15 +0100 Subject: [PATCH] add forgejo to proxy net --- hosts/forgejo/default.nix | 24 +++++++++++----------- hosts/forgejo/secrets.yaml | 42 ++++++++++++++++++++++++++++++++++++++ modules/wg/proxy.nix | 8 ++++++++ 3 files changed, 62 insertions(+), 12 deletions(-) create mode 100644 hosts/forgejo/secrets.yaml diff --git a/hosts/forgejo/default.nix b/hosts/forgejo/default.nix index 7e983f1..02211e5 100644 --- a/hosts/forgejo/default.nix +++ b/hosts/forgejo/default.nix @@ -1,19 +1,19 @@ { config, lib, ... }: let - mac = "02:00:00:00:00:04"; + mac = "02:00:00:00:00:05"; in { - # imports = [ - # ./forgejo.nix - # ]; - # sops.defaultSopsFile = ./secrets.yaml; - # sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + imports = [ + ./forgejo.nix + ]; + sops.defaultSopsFile = ./secrets.yaml; + sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - # sops.secrets = { - # "wg/0xa-proxy" = { - # owner = config.users.users.systemd-network.name; - # }; - # }; + sops.secrets = { + "wg/0xa-proxy" = { + owner = config.users.users.systemd-network.name; + }; + }; microvm = { hypervisor = "qemu"; @@ -59,7 +59,7 @@ in networks."11-host" = { matchConfig.MACAddress = mac; networkConfig = { - Address = "10.99.99.14/24"; + Address = "10.99.99.15/24"; DHCP = "no"; }; routes = [ diff --git a/hosts/forgejo/secrets.yaml b/hosts/forgejo/secrets.yaml new file mode 100644 index 0000000..1bcf0a0 --- /dev/null +++ b/hosts/forgejo/secrets.yaml @@ -0,0 +1,42 @@ +wg: + 0xa-proxy: ENC[AES256_GCM,data:DZB/1S2Ev71DbnN+8C/K0mjIf/13Ki1f6vOIOdhsS6qyXKr5OwpbNb9KA0k=,iv:Gnd32DRJtP8LsC1P9GyS98oCLq/MBSCNcxrZngVXF6g=,tag:gyrzJOx9CS+1Kw5JRONIAw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1gknaqevzuq7dtqalng3547w5qflk9a0kugymea5h54eg6twu43pqpkr4zt + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyV0ttcmFIeWtCdTFuS0Y1 + ZzZHdUJmZ3ZlaUx3d0x5NGVaLzhXZjdtZHk4CkprNUZ5VThydVJ2dTBCdE5OQS8z + c0VtY1Vmd2N3bThEdDBFZWMxUC83RXMKLS0tIFluRjRrNG1Qam9MSjVvUWJjbHdq + VVRSM2JuOHpTYXRmOVRRSUN0NzlZeDQKcZ6ym4DTJqZjRpAUcWBcYXR/nVYZzhLx + vhtZzCmaQc2qYSVtDZE51N3cTqPWJD+l/cr8zp2lo0GCfNWO6BQthg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-02-03T18:25:04Z" + mac: ENC[AES256_GCM,data:sSG52AUXjzVo5klAx+t9rhWn/alKAETF6bPUSYP5Dz7WH3vcY5bs87RCm+BdxzlueHMTn4HBQ5iZ2V4e34403GPJsQMYgWSkKapbWGBRurT0xBO5aCJhxZWpvjFSPdehOGNODKGtYFgBVd81PwZRWFdx3MrkwIItyYEq4TAtIyI=,iv:p+t0QmQKDaSiwtuHfLzR31AzmmS39NFq1nn1BAG5YTk=,tag:FSm77zDvPbHCarkGZCgtmg==,type:str] + pgp: + - created_at: "2025-02-03T18:24:33Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA7zUOKwzpAE7AQ//fcUVRBuEFENKNck1l2/QVMIRwfZzxJO5fMy/r0GQzKiR + Nl9X4z0HGcxlCwfiUImif1UtQdMWs1RCXQ7HtFK8kKyNgIb07y5306TI/dmkhbP7 + nWD0EstGEgbSiVGiFRlT/gy4FIVyKhBPxJqfT/dbAuRZb7NXsl8Rv1fsnZZFcJMu + MKO1S3DivJUS/YVXteoRf3T5DLobSpO7/5ok5LUXuuSpYKk20hUxFdJqhv1hsljZ + kjckGJ2L0OlxVz16nmg8Z1QI0jDfN6dLl/X+di3U2VACDQDMF+K9LCPLfAm295Y5 + TAtPSv/yE5os9crJ+MCVKHbEI11Khe3mfdRWvVboVZP6jXoD4ZTe/ccXLZCN8pgE + KdSZWs/L2Ps66KYuxujk/c8khmmrmLpPk0qJo9zW0mAf9TSC8UPnMYAxbroeijIe + PVYOJS2AzySnRtXQY4MBPLqzlQ0tKf8HxaCBpZ6eCMsX0/9IDjJJOhCMuMavL+oJ + DnNQQwtSDXAtXcgvwIccEMzawjyPMS5QBx0hYuH8t0rSJtCYutk2op6yKb1vWmOq + 5EDksdNevT3QzGesjtPErh6s3hu3YUAM2k2h4MqXVCbFdchA//FBIHequPul+UMm + JMLsPLAk2FmtWAiOuXxdCPtoY7Jnd8Ziqiemhd961WTiWrCtsv7NSn7x4PIMeLfS + XgFpMQ+15G4NNCDpgJWGUUXc1H+OKj3XepY5EoONnhusT/gJAtxT9vnuJ+T9LDTt + a0Ye2g3jxugeupJ58vbZUifHy/B0OtSeXKkRHZuycCJd3bzxzNxpXLJ23ds40JA= + =/5W1 + -----END PGP MESSAGE----- + fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C + unencrypted_suffix: _unencrypted + version: 3.9.4 diff --git a/modules/wg/proxy.nix b/modules/wg/proxy.nix index f149049..a94f7e2 100644 --- a/modules/wg/proxy.nix +++ b/modules/wg/proxy.nix @@ -55,6 +55,14 @@ publicKey = "2Lvjzg8k5EIR0Y5mlsCHOs1cJl1+1SL0QMxkKUmliE0="; privateKeyFile = config.sops.secrets."wg/0xa-proxy".path; }; + "forgejo" = { + address = [ + "10.89.88.15/24" + "fd31:185d:722f::15/48" + ]; + publicKey = "pXiOmI3aspl2IvdvLXLddxw76QYMRTACNm42nq+L4D0="; + privateKeyFile = config.sops.secrets."wg/0xa-proxy".path; + }; }; } ];