inherit (config.boot) initrd;
iface = "wg-intra";
wg = config.networking.wireguard.interfaces.${iface};
- wg-intra-hosts = import (inputs.julm-nix + "/networking/wireguard/wg-intra/hosts.nix");
- relay = wg-intra-hosts.mermet;
+ wg-intra-peers = import (inputs.julm-nix + "/nixos/profiles/wireguard/wg-intra/peers.nix");
+ relay = wg-intra-peers.mermet;
in
{
imports = [
- (inputs.julm-nix + "/networking/wireguard/wg-intra.nix")
+ (inputs.julm-nix + "/nixos/profiles/wireguard/wg-intra.nix")
];
+networking.wireguard.${iface}.peers = {
+ mermet.enable = true;
+ oignon.enable = true;
+ patate.enable = true;
+};
networking.wireguard.interfaces.${iface} = {
privateKeyFile = gnupg.secrets."wireguard/${iface}/privateKey".path;
};
# This enables to send the disk password to the initrd, like that:
# ssh -J mermet.sourcephile.fr root@losurdo.wg -p 2222
boot.initrd.secrets."/root/initrd/${iface}.key" = "/root/initrd/${iface}.key";
-/*
-installer.ssh-nixos.script = ''
- # Send the wireguard key of the initrd
- gpg --decrypt '${gnupg.store}/wireguard/${iface}/privateKey.gpg' |
- ssh '${config.installer.ssh-nixos.target}' \
- install -D -m 400 -o root -g root /dev/stdin /root/initrd/${iface}.key
-'';
-*/
boot.initrd.kernelModules = [ "wireguard" ];
boot.initrd.extraUtilsCommands = ''
#copy_bin_and_libs ${pkgs.wireguard-tools}/bin/wg
sourcephile / git / sourcephile-nix.git / blobdiff