From 4ed092fcd486da686907ca6066b6f3c7ffba0a1f Mon Sep 17 00:00:00 2001 From: Jonni Liljamo Date: Thu, 3 Oct 2024 10:10:40 +0300 Subject: [PATCH] feat(systems/hosts/proxy): remove wg1 --- secrets/proxy/secrets.yaml | 6 ++---- systems/hosts/proxy/default.nix | 21 --------------------- 2 files changed, 2 insertions(+), 25 deletions(-) diff --git a/secrets/proxy/secrets.yaml b/secrets/proxy/secrets.yaml index e81de55..aa25295 100644 --- a/secrets/proxy/secrets.yaml +++ b/secrets/proxy/secrets.yaml @@ -1,7 +1,5 @@ rootPwd: ENC[AES256_GCM,data:qoKUOPPB4uuK8Wykn+OI+DZdFg/IQOO354MiQUzwWeP8FEGJzY75lHPOB/fGXq9OqjmAHoFQLRa8XjNaHmpGBQpU2v737z+w3I4fHLA4fBOtDykFTKqCXXL5yccj1LKRmZ+yewvU18LAag==,iv:XhFEFxYrhCXqb01xzIoPEYfhwcZaQ+TOABgpLh+kI4E=,tag:qZSp+UAlGaIWjR377nRJxA==,type:str] liljamoPwd: ENC[AES256_GCM,data:xdTpyxoELOTVxSqkKiR62fVsykfhpKLAfBsJKzILkNbCiPLSHKpGl/VWO5+nxv+eM8UNIMSDjf5P55BRfKc+b/1IPrkY65Va33KIcJGlvE+e9wkCdDiBcCLj3v9+Q1kIjPtptsBMm1o1DQ==,iv:Ay0JWUBH+hrnSubaaJFlqvYYLz3+fAizaR92O2J1NBw=,tag:doaRHFx68JO5zEygrCyOAg==,type:str] -wg1PrivateKey: ENC[AES256_GCM,data:XdWjyy3yNkkY1prXmhQ+pJkMzl67HCvo0Niy8WhslsNVsykHOpz4FvgighI=,iv:TUYEu46Ee91V2Ahu+MM/li7q8Sl5yM0u2ZU9nasto2Q=,tag:ylpq8QHFjLuuwZ5Xp02DCg==,type:str] -wg1PresharedKey: ENC[AES256_GCM,data:Nj9sCxDahq6jOo3dMyWGWhebjL7dwqTrGhNG3dbNQJ+AJNhjvqrnbZMCSG0=,iv:s2GldprFLFP3A10X+q2KqHZhiUSLCoagDOcAbq6TXgM=,tag:MdrLpXu9aDfHwiFuZIU3JQ==,type:str] wg0PrivateKey: ENC[AES256_GCM,data:0GXueiosfoS0MUVpvL7Pb3qXhVoLchC2ZgelQ64MRWnQhiawMZp3JJ24Elc=,iv:wwcbySleh/ST/Dm1qBYe9dHjC573LslkFdReyZj1K6w=,tag:d6c59m4QPBMlZtFP+toFAw==,type:str] wg0PresharedKey: ENC[AES256_GCM,data:isNyNSjJwpvWpCBCE19PE+VL/pqD6K5ho5TPPNCEdizAjxBDBFdWUlRTnaY=,iv:twOcys1cliE5hV8cUGqYh+EPOOiyvmnsbKbsWUZgZsY=,tag:H5G9Rh+OI/SWSPoGLCEciQ==,type:str] sops: @@ -19,8 +17,8 @@ sops: L1ZCL0FpRnh6d0VldjAvOTlLb0tjUXcKMrvDltAuOVNF7w4CDot4wuRsLzlsgoDG DZj/utJB/2lbNn+1dlIcAGPG9QYR7peoI3vooer+FWA2bX2JvUnifA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-14T08:15:50Z" - mac: ENC[AES256_GCM,data:bCWFrubXi+p/p0QzCEUNANU2hdHpmAdvNafyWG7Gq8RBnMnArAIdLr+gicUy1f5FB32O5ffSh1wkBKJVjGVJoMOiusJhpJfvEC8apLY1ApB/6LqkDeqtyRlZOy+1AR5W2GUG0JFr9bYM4VLINPjsvLqcIlxzo1cYCYYJ/8cMyTc=,iv:Ffez5U/2pgpC1nFDI0Ouz5DZNQ+lytDlGOAnoRbGPtM=,tag:znUXYZxfbSzKHLREcvo1KA==,type:str] + lastmodified: "2024-10-03T07:09:21Z" + mac: ENC[AES256_GCM,data:bc7/QJxVYpZZ/pd8MmI7uU/XUeSG0Km6hTDs31RU/1PaW3qUEU28jAxP8hzihxBpmjJ9/auWFLJ45R4zV3K+xoO2Dda9KlXlh+hmAnxr43czLpNDsAinbAkDoHjczJCTUSb6DKbkALVlzCVPtGIHtEb9eC4zZI+XtMhXczrbKkE=,iv:JguBTpSnMlm793at7Qwvd/M89KJ9xTkrCpulRpX/VOU=,tag:qDPSU83aTr8Op5FSNhZo+Q==,type:str] pgp: - created_at: "2024-09-14T08:14:09Z" enc: |- diff --git a/systems/hosts/proxy/default.nix b/systems/hosts/proxy/default.nix index bfeb6b9..9762f4c 100644 --- a/systems/hosts/proxy/default.nix +++ b/systems/hosts/proxy/default.nix @@ -5,32 +5,11 @@ }: let promtailPort = 3100; in { - sops.secrets.wg1PrivateKey = {}; - sops.secrets.wg1PresharedKey = {}; sops.secrets.wg0PrivateKey = {}; sops.secrets.wg0PresharedKey = {}; networking.firewall.interfaces."eth0".allowedTCPPorts = [443 promtailPort 8404]; networking.firewall.interfaces."wg0".allowedTCPPorts = [80]; - networking.firewall.interfaces."wg1".allowedTCPPorts = [80 5522]; - # TODO: Remove wg1 - networking.wg-quick = { - interfaces.wg1 = { - privateKeyFile = config.sops.secrets.wg1PrivateKey.path; - address = ["192.168.2.10"]; - listenPort = 21841; - - peers = [ - { - publicKey = "uvdeJAsxUf/bEREwCaFDHg9rO1xxC3Wzu1d2x+WiNEQ="; - presharedKeyFile = config.sops.secrets.wg1PresharedKey.path; - endpoint = "140.238.216.88:51820"; - allowedIPs = ["192.168.2.0/24"]; - persistentKeepalive = 25; - } - ]; - }; - }; networking.wireguard.interfaces."wg0" = { ips = ["10.100.0.10/24"]; listenPort = 51820; -- 2.44.1