xun/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add nebula mesh vpn

Browse source
This commit is contained in:
xunuwu 2025-08-27 16:28:21 +02:00
parent df0b6e5187
commit 21b1832dca
Signed by: xun
SSH key fingerprint: SHA256:Uot/1WoAjWAeqLOHA5vYy4phhVydsH7jCPmBjaPZfgI
12 changed files with 203 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

21
secrets/rackserv/default.nix
View file

@ -1,5 +1,12 @@
{
sops.secrets = {
sops.secrets = let
loadYamlKey = key: sopsFile: overrides:
{
inherit sopsFile key;
format = "yaml";
}
// overrides;
in {
wireguard-privatekey = {
format = "binary";
sopsFile = ./wireguard-private;
@ -13,5 +20,17 @@
format = "binary";
sopsFile = ./cloudflare;
};
nebula-cert = loadYamlKey "nebula-cert" ./nebula.yaml {
group = "nebula-xunmesh";
mode = "0644";
};
nebula-key = loadYamlKey "nebula-key" ./nebula.yaml {
group = "nebula-xunmesh";
mode = "0644";
};
nebula-ca-cert = loadYamlKey "nebula-ca-cert" ./nebula.yaml {
group = "nebula-xunmesh";
mode = "0644";
};
};
}

27
secrets/rackserv/nebula.yaml Normal file
View file

@ -0,0 +1,27 @@
nebula-cert: ENC[AES256_GCM,data:TXrzTe94Ju4xOo/5DfiwbNivl1qvQc0HURA+6F5rY4d3tPz05xk2Hjas2ADyZa4TneGZnweEaoCmjIBemrknSZh2RPkkxAC7CDvRkvTqzFyg1057tQrsdva7/e3Cl7cCm3kEFpkdz51NDW9ZeL+wq+yyk9VWIq4SRMDalODxjdAHj8+dus0AQKSctWfUa+lat+9nORNnu5086uWq81GVOWPJObb1pt410lneToGGtYcCi9OpgLLOOuztcdgDPVy9CJ/e7cg99gzihsP4/t+psPnODZB+wZG5eWeTYyFuWYSnbZ9t/7UVPBYTIQF8tf6YAJm46muIMbtwbOTfrwBE7EqkvWJ5B1uASIc5WtNPypnQ6Cg+BXnl5eUPQf0m+7fjx0XmipPwAfgJVfiW,iv:vOU8qUEdfek5eRpuvHUGbU1irqOkQDyYCo4GZsJ+FG8=,tag:onCjWRAMCmsn4IYtKVdhBQ==,type:str]
nebula-key: ENC[AES256_GCM,data:bsQjSZKDFcOLbRyUZ7CjmaZdRISwq7EPb+nWLmoLTieN9cImwIDMFPAX/nY/xR22IhXoxWQNsNNUEJjAnG8+Ab1UeJhPIcLvlP2zhawpKyuvAeIL4rUpGGe6xPvfcg6RQErlWeFGEAWkeZUQU69jza3nVYaF5DjyvKFuyHx/CQ==,iv:6qdkFrz/3F0/fvh04VWsQNnXDxumh0SetpIErhlJDNY=,tag:6FdOEFsHwyONGUyQAAMuKg==,type:str]
nebula-ca-cert: ENC[AES256_GCM,data:AnLS3fVL6pZQuhsuM+2axcSnwZZVXbAMXHYxcmd4UY6cDDDY0xIFmlbI0AU5Mnpc6eTm2ayfzDYaUiMaw9eiG+HmeoYWvPR4ZlO9WX6QFB6BWZ3U2nCrgpx8DvGmu/Luxew/iUghBAN+eYNKrBZq5kKJzSRlndkcymGs1y/7smRIzzhfV7DS+OXuD/UbQFV5ILsCwka2Xd5/RqhgwyZaPNc6ZDFjm6MHSSd2PepGrpZd3m8+nN9PahjujKnwd34AwtjEKukE/aknV0juyQhZVidQkxdueWiagGV5O/GIt2RIVzjRr3YbqMtYTC9tCGI=,iv:sJhA5EuIypj+GRbNk0ubu8T/ekdYV4+7/ksQfH7tssg=,tag:3lVxSszGv6vxIX4Ru8z3VQ==,type:str]
sops:
age:
- recipient: age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2TGNJSDBEZ3Z3OW9FWU5G
YWZFOER6N2o3emJCQ2I5R0kvTVpvcW90UlQ0Cm5USVhwckNOUE9PT1pwOWlBakJR
QzI1U0RjV2N5Uk1Hb3FUY0RuMnRnWTgKLS0tIHh5aWw0b2JSWnRyREFvTzh1Y2M0
TnJWcU1mNmlZLzgyYWgrM1NTc0l0d28KGm+JaAUcKvrqaEayHZjv/f1JcJY7x2m6
lys3PDLcKhhTk3BRiv4GP6nbzhTcK8hRQKRgnm8JzTWsH0F1TIfuTQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1zutg3s4nth679a6av9xqw4km0ezmfkxlnusu78demf0rzazqn3pqk9exgj
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnclVjYWpkTThwd2NPRW8x
WDJhVWFyTUp0OFErM0ZaUjVISDJnMHdwbFNJCi9QcXpQZ3M0YTdoTmdoK29vdi91
cll5ZG9ZY0ZjU011N2dOaUZtSXVmZ1UKLS0tIHlZbnFQZjd0SVgyaUxWbnNKVUp5
QTU4YzRMd3lnN3pXcXJTVWhDazhkeVUK3TOmX/YG2A1m7eM5n61HJEWFxspd2YSN
36j6iP3ybCNEKkphksPyXnjW3//jfV6nfU10iJ8wvxdNyKzUS6ZYyg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-27T18:04:52Z"
mac: ENC[AES256_GCM,data:MNVAT0YyCCi2j4YtFQAfjBTsA9CR/Y6yoRCpppnEybWjKjubUOaMtDhDEh5mgEz++iu/gLU+SEwF7NbWb7HSH2xLmhToq+NN09wLsdE77QHC6TEVdW4joHi49PP06ritNp32xlbDGJaDOoeiO6ub9IQEAM9TM+jdlNWc555yhM8=,iv:HfA4Li0NlBAXKoT/3FG6xctoJdlJyVtyK8d9N1Q2YmY=,tag:xUSFbvbGP4nZzNAyhwQV7A==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2