From ee7d6d41413788d1e69d03c21e494eef5ec028b0 Mon Sep 17 00:00:00 2001
From: Grisha Shipunov <blame@oxapentane.com>
Date: Sat, 11 Jan 2025 18:45:55 +0100
Subject: [PATCH] add proxy network

---
 modules/wg/default.nix     |  1 +
 modules/wg/proxy.nix       | 30 ++++++++++++++++++++++++++++++
 secrets/cloud/secrets.yaml |  5 +++--
 3 files changed, 34 insertions(+), 2 deletions(-)
 create mode 100644 modules/wg/proxy.nix

diff --git a/modules/wg/default.nix b/modules/wg/default.nix
index 82c1179..c9de551 100644
--- a/modules/wg/default.nix
+++ b/modules/wg/default.nix
@@ -6,5 +6,6 @@
     ./options.nix
     # networks
     ./mgmt.nix
+    ./proxy.nix
   ];
 }
diff --git a/modules/wg/proxy.nix b/modules/wg/proxy.nix
new file mode 100644
index 0000000..78f78bb
--- /dev/null
+++ b/modules/wg/proxy.nix
@@ -0,0 +1,30 @@
+{ config, ... }:
+{
+  oxalab.wg = [
+    {
+      networkName = "0xa-proxy";
+      CIDRs = [
+        "10.89.88.0/24"
+        "fd31:185d:722f::/48"
+      ];
+
+      hosts = {
+        "cloud" = {
+          address = [
+            "10.89.88.1/24"
+            "fd31:185d:722f::1/48"
+          ];
+          publicKey = "XdUqSz0W6aqJET/9wNwoRyR8mgPs2dRWm+ijNwzEyE0=";
+          privateKeyFile = config.sops.secrets."wg/0xa-proxy".path;
+          endpoint = {
+            enable = true;
+            endpoint = "188.245.196.27";
+            port = 51821;
+            publicIface = "enp1s0";
+          };
+        };
+      };
+    }
+  ];
+
+}
diff --git a/secrets/cloud/secrets.yaml b/secrets/cloud/secrets.yaml
index 6c197d9..358c144 100644
--- a/secrets/cloud/secrets.yaml
+++ b/secrets/cloud/secrets.yaml
@@ -1,5 +1,6 @@
 wg:
     0xa-mgmt: ENC[AES256_GCM,data:Xbeo+c8F+0JcTEE/LICWH4tEiqyGwCJ7JJZhkWxNFgKC9hVD6t3sPDWcJ2U=,iv:B0cbrPHdr+eA6FebKL/UrJpE06yOi+nUeyZ7x+Y65go=,tag:yTgVkzSKVhYyNPauVdNZxg==,type:str]
+    0xa-proxy: ENC[AES256_GCM,data:LAcfaMPF4IHPtWSUMH2OK/Ez2Ec3YBdtYUiRtu1ApWmww7IdnDze9inl5L4=,iv:NnNzSPfUqQFDoo21LRrlnuLZMzN2uIBBu85wlzOzrd4=,tag:U2Ama40ONwIlEO+hwJymbA==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -15,8 +16,8 @@ sops:
             aC9tSTVrY0RFcys0LzZONXhhczNjckEK+3E6zeUkyikrZUD8WFkwWgldVfOez51y
             EgDsxxynkRx7nX8ASne7pdP6e26hooVsrS2oWW45JXpuKkn0ELv7Xg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-01-11T01:27:03Z"
-    mac: ENC[AES256_GCM,data:Uhi21S5zPjX4+qUR/2hgWj+07TsKKFhNh4fcFBL+EObZAxh02Wry1ktGnXafEhp8xVSgOGxon6DMvM7iZxQXe7NPv2aC2UeOjOzPTOTqHUe810xY6R/NhVOqOTqg8IhgvLiSihUXtBLU2Mynx/mfFfXNsLCWLmGiwg9pZHub9YU=,iv:ztZ8q/woGI9ZYsPc8c0QgpFda0AC9R8vHOtxc2i7Hmk=,tag:1f7AHxKKuPTuhiM5cfjClQ==,type:str]
+    lastmodified: "2025-01-11T17:28:20Z"
+    mac: ENC[AES256_GCM,data:ihAoc4uJ6hjsUCVYbI1fzVoC1JfkMWGJYW4xE3AcKxdpkHqgvI/yLNY/awNTDowv5Cy3Ubw/dkocgszf1WThMLDkhWoZNWP1CcYtHp8Kc9moSnPxDutGXGVmCC30jTfG8DqmR0evtgBp4oqriW3trlHHuDyVGhYZeiplW4o9L1A=,iv:ggmE88UwdnKJn46fp81Mw7q56s2nGDssFwIrqCnfIRQ=,tag:Ejrmg/+hbAWbzXoygNJUpQ==,type:str]
     pgp:
         - created_at: "2025-01-11T01:25:31Z"
           enc: |-