add nebula mesh vpn

2025-08-27 16:28:21 +02:00 · 2025-08-27 16:28:21 +02:00 · 21b1832dca
commit 21b1832dca
parent df0b6e5187
12 changed files with 203 additions and 3 deletions
--- a/secrets/hopper/default.nix
+++ b/secrets/hopper/default.nix
@ -1,6 +1,13 @@
 ## TODO use defaultSopsFile mayb
 {config, ...}: {
-  sops.secrets = {
+  sops.secrets = let
+    loadYamlKey = key: sopsFile: overrides:
+      {
+        inherit sopsFile key;
+        format = "yaml";
+      }
+      // overrides;
+  in {
    wireguard = {
      format = "binary";
      sopsFile = ./wireguard;
@ -51,5 +58,17 @@
      sopsFile = ./samba-pass;
      mode = "0600";
    };
+    nebula-cert = loadYamlKey "nebula-cert" ./nebula.yaml {
+      group = "nebula-xunmesh";
+      mode = "0644";
+    };
+    nebula-key = loadYamlKey "nebula-key" ./nebula.yaml {
+      group = "nebula-xunmesh";
+      mode = "0644";
+    };
+    nebula-ca-cert = loadYamlKey "nebula-ca-cert" ./nebula.yaml {
+      group = "nebula-xunmesh";
+      mode = "0644";
+    };
  };
 }