AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

move wg keys in /srv dir

Browse Source
This commit is contained in:
Dmitriy Kholkin 2023-06-27 04:06:05 +03:00
parent 6164b0d879
commit 1a8bc0a566
2 changed files with 18 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
machines/NixOS-VPS/default.nix
View File

@ -141,5 +141,10 @@
}]; }];
}]; }];
# Directory for some state files (like wireguard keys)
systemd.tmpfiles.rules = [
"d /srv 0755 root root -"
];
system.stateVersion = "23.05"; system.stateVersion = "23.05";
} }

26
machines/NixOS-VPS/services/wireguard.nix
View File

@ -34,91 +34,91 @@ in {
Kind = "wireguard"; Kind = "wireguard";
}; };
wireguardConfig = { wireguardConfig = {
PrivateKeyFile = "/var/lib/wireguard/private"; PrivateKeyFile = "/srv/wireguard/private";
ListenPort = wireguardPort; ListenPort = wireguardPort;
}; };
wireguardPeers = [ wireguardPeers = [
{ {
wireguardPeerConfig = with wireguardPeers.ataraxia; { wireguardPeerConfig = with wireguardPeers.ataraxia; {
PublicKey = "qjkV4V0on7H3hXG7udKOv4Qu/IUBrsDcXNZt3MupP3o="; PublicKey = "qjkV4V0on7H3hXG7udKOv4Qu/IUBrsDcXNZt3MupP3o=";
PresharedKeyFile = "/var/lib/wireguard/ataraxia/preshared"; PresharedKeyFile = "/srv/wireguard/ataraxia/preshared";
AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ]; AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
}; };
} }
{ {
wireguardPeerConfig = with wireguardPeers.hypervisor; { wireguardPeerConfig = with wireguardPeers.hypervisor; {
PublicKey = "oKQ3HXZ1wwWyVgmA4RoCXscImohqB8hdMzP1FRArw0o="; PublicKey = "oKQ3HXZ1wwWyVgmA4RoCXscImohqB8hdMzP1FRArw0o=";
PresharedKeyFile = "/var/lib/wireguard/hypervisor/preshared"; PresharedKeyFile = "/srv/wireguard/hypervisor/preshared";
AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ]; AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
}; };
} }
{ {
wireguardPeerConfig = with wireguardPeers.mikrotik; { wireguardPeerConfig = with wireguardPeers.mikrotik; {
PublicKey = "amReLTZgu6pwtKCnk1q8EG5uZSgUNxRoh5m3w1D3rQo="; PublicKey = "amReLTZgu6pwtKCnk1q8EG5uZSgUNxRoh5m3w1D3rQo=";
PresharedKeyFile = "/var/lib/wireguard/mikrotik/preshared"; PresharedKeyFile = "/srv/wireguard/mikrotik/preshared";
AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ]; AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
}; };
} }
{ {
wireguardPeerConfig = with wireguardPeers.poco; { wireguardPeerConfig = with wireguardPeers.poco; {
PublicKey = "ZbBJziuMjyHJNcgrLYIQtio7l3fEOJ4GXW4ST+N9V34="; PublicKey = "ZbBJziuMjyHJNcgrLYIQtio7l3fEOJ4GXW4ST+N9V34=";
PresharedKeyFile = "/var/lib/wireguard/poco/preshared"; PresharedKeyFile = "/srv/wireguard/poco/preshared";
AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ]; AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
}; };
} }
{ {
wireguardPeerConfig = with wireguardPeers.kpoxa; { wireguardPeerConfig = with wireguardPeers.kpoxa; {
PublicKey = "U1wtbS8/yQGkBnBQUZs7KxxmvAajKb9jh83dDd2LdgE="; PublicKey = "U1wtbS8/yQGkBnBQUZs7KxxmvAajKb9jh83dDd2LdgE=";
PresharedKeyFile = "/var/lib/wireguard/kpoxa/preshared"; PresharedKeyFile = "/srv/wireguard/kpoxa/preshared";
AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ]; AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
}; };
} }
{ {
wireguardPeerConfig = with wireguardPeers.kpoxa2; { wireguardPeerConfig = with wireguardPeers.kpoxa2; {
PublicKey = "ghU3Puwz5PeXmnDlxyh+IeuwFK44V3rXlMiFGs5YnwI="; PublicKey = "ghU3Puwz5PeXmnDlxyh+IeuwFK44V3rXlMiFGs5YnwI=";
PresharedKeyFile = "/var/lib/wireguard/kpoxa2/preshared"; PresharedKeyFile = "/srv/wireguard/kpoxa2/preshared";
AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ]; AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
}; };
} }
{ {
wireguardPeerConfig = with wireguardPeers.faysss; { wireguardPeerConfig = with wireguardPeers.faysss; {
PublicKey = "JLvKyFwI7b9MsiZsnNAt3qs5ob18b3mrOZKR5HZCORY="; PublicKey = "JLvKyFwI7b9MsiZsnNAt3qs5ob18b3mrOZKR5HZCORY=";
PresharedKeyFile = "/var/lib/wireguard/faysss/preshared"; PresharedKeyFile = "/srv/wireguard/faysss/preshared";
AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ]; AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
}; };
} }
{ {
wireguardPeerConfig = with wireguardPeers.faysss2; { wireguardPeerConfig = with wireguardPeers.faysss2; {
PublicKey = "S6k9l0K5/YmO5BPETQludC1CBHsKLsk9+n6kwSjx4n8="; PublicKey = "S6k9l0K5/YmO5BPETQludC1CBHsKLsk9+n6kwSjx4n8=";
PresharedKeyFile = "/var/lib/wireguard/faysss2/preshared"; PresharedKeyFile = "/srv/wireguard/faysss2/preshared";
AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ]; AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
}; };
} }
{ {
wireguardPeerConfig = with wireguardPeers.faysss3; { wireguardPeerConfig = with wireguardPeers.faysss3; {
PublicKey = "ka42gE67gShu88Ko7iQ/pK8zusod6bNIrIN8fkxVkC4="; PublicKey = "ka42gE67gShu88Ko7iQ/pK8zusod6bNIrIN8fkxVkC4=";
PresharedKeyFile = "/var/lib/wireguard/faysss3/preshared"; PresharedKeyFile = "/srv/wireguard/faysss3/preshared";
AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ]; AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
}; };
} }
{ {
wireguardPeerConfig = with wireguardPeers.doste; { wireguardPeerConfig = with wireguardPeers.doste; {
PublicKey = "KVbEaO4DSpTb941zxOPQLWq2Glm9CDgK/9MwW95WuC0="; PublicKey = "KVbEaO4DSpTb941zxOPQLWq2Glm9CDgK/9MwW95WuC0=";
PresharedKeyFile = "/var/lib/wireguard/doste/preshared"; PresharedKeyFile = "/srv/wireguard/doste/preshared";
AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ]; AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
}; };
} }
{ {
wireguardPeerConfig = with wireguardPeers.dell; { wireguardPeerConfig = with wireguardPeers.dell; {
PublicKey = "//ss9UEHRFEZL4LbZaA1HiRUrMrn97kc7CmblUORXTc="; PublicKey = "//ss9UEHRFEZL4LbZaA1HiRUrMrn97kc7CmblUORXTc=";
PresharedKeyFile = "/var/lib/wireguard/dell/preshared"; PresharedKeyFile = "/srv/wireguard/dell/preshared";
AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ]; AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
}; };
} }
{ {
wireguardPeerConfig = with wireguardPeers.hypervisor-dns; { wireguardPeerConfig = with wireguardPeers.hypervisor-dns; {
PublicKey = "x4uavQEEfhdqNC4FCOPfKlEDRJiwOz4dy2W1KhJtnwc="; PublicKey = "x4uavQEEfhdqNC4FCOPfKlEDRJiwOz4dy2W1KhJtnwc=";
PresharedKeyFile = "/var/lib/wireguard/hypervisor-dns/preshared"; PresharedKeyFile = "/srv/wireguard/hypervisor-dns/preshared";
AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ]; AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
}; };
} }