xun/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add nebula mesh vpn

Browse source
This commit is contained in:
xunuwu 2025-08-27 16:28:21 +02:00
parent df0b6e5187
commit 21b1832dca
Signed by: xun
SSH key fingerprint: SHA256:Uot/1WoAjWAeqLOHA5vYy4phhVydsH7jCPmBjaPZfgI
12 changed files with 203 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

21
secrets/hopper/default.nix
View file

@ -1,6 +1,13 @@
## TODO use defaultSopsFile mayb
{config, ...}: {
sops.secrets = {
sops.secrets = let
loadYamlKey = key: sopsFile: overrides:
{
inherit sopsFile key;
format = "yaml";
}
// overrides;
in {
wireguard = {
format = "binary";
sopsFile = ./wireguard;
@ -51,5 +58,17 @@
sopsFile = ./samba-pass;
mode = "0600";
};
nebula-cert = loadYamlKey "nebula-cert" ./nebula.yaml {
group = "nebula-xunmesh";
mode = "0644";
};
nebula-key = loadYamlKey "nebula-key" ./nebula.yaml {
group = "nebula-xunmesh";
mode = "0644";
};
nebula-ca-cert = loadYamlKey "nebula-ca-cert" ./nebula.yaml {
group = "nebula-xunmesh";
mode = "0644";
};
};
}

27
secrets/hopper/nebula.yaml Normal file
View file

@ -0,0 +1,27 @@
nebula-cert: ENC[AES256_GCM,data:iRKflLzmwH3girMrr77ye240UFFHCnwHRHU4D+/uAym3S6KEROL1e8IFMiZ6BHzKATdgbv29HpzjJu6SvgQBuN3YzTrD7plpCKWnC00s67XJb/ZG4seUXKo0oMxEaH3yEabG9srYjrVVjqlrwuSeo5P1CrHN32OfqfQeT379QwGe1I2dzbCWLFVx3yn6EoVtp0L6Yt3VhXrMugnPgBFTNFkynniBYuzq9mSJk/3THtVW+8xaD2VY2lbLbP2x/p4aHnrebh8g3h+02sEJDAO7W6dc4q8tFoN9/qrOcn03PEsiHlCIJn5TeTmN8JES0LliSoa541uVyK3KpRi3kPnbPT7JNl0o45oE/hLmtV54kGft5ODUE1pG3Hw/Hw53+6ETlCWpH1cujco=,iv:Jkc3KKLo2yXlwBhkgdmwSY+aEBFn22fIbgHA+aH/u/Y=,tag:U5k6UCbpcy0nPRL15PsQ3w==,type:str]
nebula-key: ENC[AES256_GCM,data:8GzlBCNmAgW+H2wOwMDa4ILUoi0QMj0Dc7abIwjSUIWREKTbP9Sz26/5YoUQc4R5R2CKGJFUxrRayo3daMEah49/Jh9MdHbZqzI1e+LY8aIwVWHCDH5JOSPVNLH1Z4xxjM8p2qdb98YVhkE2fftOhBj+79cxrGAt/0Q6iJyx8Q==,iv:K5p6n9UI34NRRla+YNNWEnqwS8dnrsEx+g8WYjukT2Q=,tag:RXeANw3P1hdDzbiwEOZTNg==,type:str]
nebula-ca-cert: ENC[AES256_GCM,data:kRtfpo0nmLsemw0ZEkoqh78wmaSSR+yTrJ6BgAWlwrjbMlDl4pz65SarXmudjkKmQKNOmpLqdAnbXFU7UJTYe+LbOgxlc0DRZyiqBvSU/Ss5emQ9i89kcgV5iTKyu6v6DQLqP+/qCzbMUk6sMwtqsrzOKtsxT4NF6/LC/pz6trEUXopd6LdeeqbQWJ25vWVKVscc7MFAOPxCc6qi1E157vOE33OWCbyiymd/9frQPoCxo3eYjb+yh9SmGsDQdtRVDwbHXmuhOjZEK8E7RXAhifeKmUWRct0SvTaYvxayTMHu+OaXYdvUNBl4zt4uHmA=,iv:20CxDFTMRm5rCg8bWYLWpFzJ1hlRVklX34mzGO3ibZ8=,tag:wsByCgFXa8KxGKkj/6zXmg==,type:str]
sops:
age:
- recipient: age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyMTZoRk5vdmhMNzl2RmVF
QWVxZXRxaFZ1cGxmOXpjdzlCR3pvM0M1WGhzCm1yL3VyMm5idXNyVFJDa3VMbHN3
eXNJaGpOYXFKUHg1VHpPd3cxMEM4K2sKLS0tIHdXcm1IdXJ0SEZjTldxSERIU0pp
RFFVWGhJRkpPQkN4bFlMc053TUg5YjgKQlaXoWcEjHLjEsTbwF+/24E2LCB+n5rw
v82sPKpcH/bZCReWLb/wFN2pasGx/TNU2/AGWTl1Hntpy63bLh6D1Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1e9nhfwfcg9krc03re4fwh0wu0cwf6jq4js5vfn26hcdqc2apgdes98fea7
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVTVJkU3hmTy9zcmdZNW91
d3l0eGM1Sm92T2tPaWRDTzhabVpoNzlnRDFvCjB1SndhU05ISnRkWlczQ0xIdXg4
b0JLU3JpaWVwZDJUcHpqWDNxTUNnb1kKLS0tIDJhSXpadTd5VkxtRDFxeGlhSTNM
UkJYM3llMU1rejM3RGU3cDZ0OVA0a0EKX6x5YUOngDmm7sibWO7dUYYgqLrit5k7
H2FZVmGnecLbLXtEvU5L23BeP4L/3jUYWWRbVs6UcMSD396EZSPIMw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-27T21:01:41Z"
mac: ENC[AES256_GCM,data:5QGBsBjU/N7giJkvbsJ49jLSTEkGphPgMTPcBcJdw42ckBWeDUaIXWjipbHLxCa2obfFg7wFw7poEXzWNoZDXckVR8GKFODcBYhVcjCf3Vphc4pOKZ+nFxFcL7wS6bwGt1r03E5rHfgZx3eqb8mVa4AI+9DlJujXdgHYVXcKK7E=,iv:J4obkkGlI5LpxojSShQV2xcXEzLsV6I+zvOhmbtO+DA=,tag:+hOkmYO+ys+wm30KRvqDMw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2