lander/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: lander:d21cf03776a7061be1d1f8e57c5ea14afb4ffecd
Branches Tags
lander:main
..
compare: lander:55293bdb59a27d50b9a8d99f0eb3d3b67d565179
Branches Tags
lander:main

No commits in common. "d21cf03776a7061be1d1f8e57c5ea14afb4ffecd" and "55293bdb59a27d50b9a8d99f0eb3d3b67d565179" have entirely different histories.
d21cf03776 ... 55293bdb59

3 changed files with 1 additions and 69 deletions
Download patch file Download diff file Expand all files Collapse all files

6
.sops.yaml
View file

@ -34,12 +34,6 @@ creation_rules:
- *hosting-01 - *hosting-01
pgp: pgp:
- *lander - *lander
- path_regex: hosts/hosting-02/secrets.yam?l$
key_groups:
- age:
- *hosting-02
pgp:
- *lander
- path_regex: hosts/mail-01/secrets.yam?l$ - path_regex: hosts/mail-01/secrets.yam?l$
key_groups: key_groups:
- age: - age:

36
hosts/hosting-02/default.nix
View file

@ -1,4 +1,4 @@
{ config, ... }: { ... }:
{ {
imports = [ imports = [
./disk-config.nix ./disk-config.nix
@ -24,40 +24,6 @@
"2a01:4f8:c013:7fc0::/64" "2a01:4f8:c013:7fc0::/64"
]; ];
networking.wireguard = {
enable = true;
interfaces.wg0 = {
ips = [
"10.64.244.95/32"
"fc00:bbbb:bbbb:bb01::1:f45e/128"
];
peers = [
{
publicKey = "KkShcqgwbkX2A9n1hhST6qu+m3ldxdJ2Lx8Eiw6mdXw=";
allowedIPs = [
"0.0.0.0/0"
"::0/0"
];
endpoint = "146.70.117.226:51820";
persistentKeepalive = 25;
}
];
listenPort = 51820;
privateKeyFile = config.sops.secrets.wireguardKey.path;
table = "133";
};
};
sops.secrets = {
wireguardKey = {
owner = "root";
sopsFile = ./secrets.yaml;
};
};
security.acme.defaults.email = "landervandenbulcke@gmail.com"; security.acme.defaults.email = "landervandenbulcke@gmail.com";
security.acme.acceptTerms = true; security.acme.acceptTerms = true;

28
hosts/hosting-02/secrets.yaml
View file

@ -1,28 +0,0 @@
wireguardKey: ENC[AES256_GCM,data:0xzdESyIvaMzDe1W7GOddxCmDeQf246m8mfcPVxNRX6jPu222GXSwSywPgU=,iv:5GvluPofwd4SkQWJo7KKen7x0ZkAu5idl6xcyVxdbvQ=,tag:HtzLtergC3wrYFXIeA37PQ==,type:str]
sops:
age:
- recipient: age1hvrssz7k9akz66evj4kja53zvdtrss8k2ljxsh5myh2mru62sggqznlzrt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTdUhmVTFkY2xsVi9uK3Vl
eGRKa1RZMnVpQ21JMnFZRHRPL3I1OGFwTlNBCmxWeHFBdmJ4dmszOFZVTXpjSEt0
THUvQ3NNTWlZRTZMNVloaEpzQk9YU0UKLS0tIFM3WWtsWERvbkxqb2RDZ01VVStt
eFdmOHNGSlNFckg2emltYU5yWHB2UVkKs5B0CG13bfsJL1mVCUcm8JlFVw4pfqMT
QGl5LOw06WBIOSrmYn5s98scIkiKvLsqQ+OjbyM0RwB0sGYaz3D0Rg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-09-09T22:57:11Z"
mac: ENC[AES256_GCM,data:ankF+V1K+2uG40TI78CphUES+5FCrRJN+7gZLWmLxvvI2xvcsmT30RvkuOOLFuQWzHM/5M8mClZhTpKXFuvxDTPesTwZ75lVbAoL0LCK940bChJX6/rQyow2OG6koDGRj9TUsj+phe5xUxvkb4ysKP7u4NgUbaXXCmj5T408pqI=,iv:Mm7DXuSn6RBI6xKV1qEc3f5wMDlrnT2epV8exGoCfa0=,tag:8LajuOiQHeUVaJx5UIOong==,type:str]
pgp:
- created_at: "2025-09-09T22:56:42Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DARdpY4woM6wSAQdASvzhCErbMVzIY6FCb0HXSKmgpFRO4VbdCphwY0lhxWMw
e0pavui/x399qCaqKNgJ+Nidtw8fQ3CEr4Ddb/qUMCZQS8EpE9IrIvUehebBhorz
0l4BLBlf2HHgjD2TL2Z9jtehN/UFGnEReM5fKXO8JkWhb9j9jPyswV6tZfyc0Wuy
BKTazZTTZ1kgbFRzPqFiqKMnHBBvMcXQ0El2MT7xJCkAzqNRR4H6R6wIyUyfr93n
=VeKw
-----END PGP MESSAGE-----
fp: 4BE1257015580BAB9F4B9D5FCA5B1C34E649BF92
unencrypted_suffix: _unencrypted
version: 3.10.2