xun/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add nebula mesh vpn

Browse source
This commit is contained in:
xunuwu 2025-08-27 16:28:21 +02:00
parent df0b6e5187
commit 21b1832dca
Signed by: xun
SSH key fingerprint: SHA256:Uot/1WoAjWAeqLOHA5vYy4phhVydsH7jCPmBjaPZfgI
12 changed files with 203 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

21
secrets/nixdesk/default.nix
View file

@ -1,5 +1,12 @@
{
sops.secrets = {
sops.secrets = let
loadYamlKey = key: sopsFile: overrides:
{
inherit sopsFile key;
format = "yaml";
}
// overrides;
in {
wireguard = {
format = "binary";
sopsFile = ./wireguard;
@ -8,5 +15,17 @@
format = "binary";
sopsFile = ./samba;
};
nebula-cert = loadYamlKey "nebula-cert" ./nebula.yaml {
group = "nebula-xunmesh";
mode = "0644";
};
nebula-key = loadYamlKey "nebula-key" ./nebula.yaml {
group = "nebula-xunmesh";
mode = "0644";
};
nebula-ca-cert = loadYamlKey "nebula-ca-cert" ./nebula.yaml {
group = "nebula-xunmesh";
mode = "0644";
};
};
}

27
secrets/nixdesk/nebula.yaml Normal file
View file

@ -0,0 +1,27 @@
nebula-cert: ENC[AES256_GCM,data:gc51WLnmdZ35IHjlfMgoDd+CeuR272OYSBZJESHOMhLForNk6KrhX4FYYbKgx2Wk90aUBa1bhWHHPV/+ZGTp9D6+gp5+Ix38v7fj/bakfA61UHtXrhRDpWIeY4uF7yFlr34+7evPo0D+2C4slTyoza3KJR51ewpLESixD5OTt9STuq8olrq7okj29+VMApLJF76YiMBSuS/faE00XV8eYnMnZ9/vKfjU6dodvO1auN3Ih/LMh+p/N6aIbHEciZinzwGGMUzRD247fPjH2+prGXif2ZUqCJxle7BDXMYvjHvMofzpd9HORRNhutR6gpjewQkckLm2hnVFbg5q6uFK/iA9cSXoJVsr1x0XpJzzoqP9VodGfnnyzQiKgdwOsTxBoVNnEd5aLGNdBDrF,iv:MeCyGh2C9ciDz1RxrDYc2w5y5jxHRhAlOsJVzhGmjP0=,tag:H22ooe4QId7ppvNoJRlUWA==,type:str]
nebula-key: ENC[AES256_GCM,data:hBiT+8r9Vf1Tlhxi2nRRHTqOAccw0KQRpbj/jcDDw0skA58oi7QekB6X8k3bJygRps0/NIeMhQEnEtYPY1jPT3EHh4//OgNtw434c+OWLoN47/Lm7hhW6vKcRLzJVIRCrcPjVuJjQMdA6zQfanRcwXj7cZtat+8xI8+U9fTj1g==,iv:70yvhNlGTIIvPwdWibOCv7EdidSs/ja560lAPWO7X14=,tag:x6mQoWMcmPShMAL/EM97aA==,type:str]
nebula-ca-cert: ENC[AES256_GCM,data:7u5SXwVBJYNnG8rKHgCC07mb987zGExB1rySk+kkYzd+myY5k+RjTzJmrJGAj2hzqvrqm9i7Ij0Ubwgjc6mpWZSnjWiLhAVqCeSE51T9iQOL40oHNDcemn7WTzvobWa1N05KOlrsXXOY+q3wcEw2fUPOD6b5veXPx9jMW4vXupqjtVIxQr3K3xbIvZ0mZXmQKLcDYXHz5ODj6OMeUHG0vU47f9tUvN0/Mz/vVyjQu3KeQmpcbuCwQjISa+f0oAcObmIlbb5VuGXkwYU33TW0GaCqq3FR61NgS0aug2hyDfcnLuPit5aTC8G6AuKSx5g=,iv:VYOJdJsMyXGgGnk7C8kOcJvyisyo1EWV+XCfn5s6YP8=,tag:dfP8/TiidaK/uOjDpnCAqA==,type:str]
sops:
age:
- recipient: age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvNGx0VWlZeW44bkJqcndG
Qy84REZPcU1YQUQwVFZ0YmtnbG5IcUxGTWhnCld1RXNHeUF3bEhWNStQT0RlQ1dP
dHkwcHY3SzRpWW5jUWgrWmpScURGT1UKLS0tIDg3Z0xzcUZGQW9jRWw0SjlwbEJm
R1U5ZEVPbTR3SUswNk5zd1ZrNFZDRVUKjsqfv1fQ7RdIzLPhig5xEppFs0pQIGPo
FjzOkHqPovGpRX/nak5mJ6NBqugem0qbcC0EU18rwKW1heEI3lwWIQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age155sscpw0x36t6s9usdrz7relpxqrtqnk98mrc7s0qcv2n0v3zd7sfl2xn8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPeU5SMVM1emk4K1F6UkRB
SW5zcXlaaHB5V3V0TUY3cXdmcm9GejhmRjJjCnhuR2NicGs2UEFGWDZ0RkM3YzE5
eEwrZ0xVdXpnTCtGdnVuU2IvZi9zbVUKLS0tIENLQ0JlZFlmaW8xd00rdW54Smdw
M3VsTHkxUGw3WU00S0tqQktDbmdzOUkKMXk7HjJS8LayEUTljfpLaYdg9YYoW5AT
ODpHY/xOPk4ZTx2g2usB8ABkD2vUATrbLd3sRjdPf6JgLwMyhmqc/w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-27T18:07:00Z"
mac: ENC[AES256_GCM,data:BdzKax73638rb0wDBAB+FL93FgbkTelnxhLfPiU60O9s87lC1cZG1UzW4z2WsqgZY2G6wLsVzTiGGClXgkNZXNzQjUQ/7zML5/gl0ubRKG69oAywxg6ESaSu33jqaaM56+pRivDHJPXlqrICj+TJvBDy1e+Ppe0YUUwYnbCA6QI=,iv:NC3Y6v6hGMW9jZYsqS+S/6BiCFTezBQhzMG5FTotRoc=,tag:oFbguE6yjCINaXoEfVJrPg==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2