add nebula mesh vpn

2025-08-27 16:28:21 +02:00 · 2025-08-27 16:28:21 +02:00 · 21b1832dca
commit 21b1832dca
parent df0b6e5187
12 changed files with 203 additions and 3 deletions
--- a/secrets/rackserv/default.nix
+++ b/secrets/rackserv/default.nix
@ -1,5 +1,12 @@
 {
-  sops.secrets = {
+  sops.secrets = let
+    loadYamlKey = key: sopsFile: overrides:
+      {
+        inherit sopsFile key;
+        format = "yaml";
+      }
+      // overrides;
+  in {
    wireguard-privatekey = {
      format = "binary";
      sopsFile = ./wireguard-private;
@ -13,5 +20,17 @@
      format = "binary";
      sopsFile = ./cloudflare;
    };
+    nebula-cert = loadYamlKey "nebula-cert" ./nebula.yaml {
+      group = "nebula-xunmesh";
+      mode = "0644";
+    };
+    nebula-key = loadYamlKey "nebula-key" ./nebula.yaml {
+      group = "nebula-xunmesh";
+      mode = "0644";
+    };
+    nebula-ca-cert = loadYamlKey "nebula-ca-cert" ./nebula.yaml {
+      group = "nebula-xunmesh";
+      mode = "0644";
+    };
  };
 }