wireguard namespace on nixdesk

sys/machines/nixdesk/default.nix

@@ -11,6 +11,7 @@
     ./hardware.nix
     ./hibernate-boot.nix
     ./samba-mount.nix
+    ./wireguard.nix
 
     inputs.stylix.nixosModules.stylix
 

sys/machines/nixdesk/wireguard.nix

@@ -0,0 +1,21 @@
+{
+  config,
+  inputs,
+  ...
+}: {
+  imports = [inputs.vpn-confinement.nixosModules.default];
+
+  # networking.wg-quick.interfaces."wireguard".configFile = config.sops.secrets.wireguard.path;
+
+  vpnNamespaces."wg" = {
+    enable = true;
+    wireguardConfigFile = config.sops.secrets.wireguard.path;
+    accessibleFrom = ["192.168.0.0/24"];
+
+    # Forwarded to my vpn, for making things accessible from outside
+    openVPNPorts = [];
+
+    # From inside of the vpn namespace to outside of it, for making things inside accessible to LAN
+    portMappings = [];
+  };
+}

sys/profiles/secrets/nixdesk/default.nix

@@ -4,22 +4,6 @@
       format = "binary";
       sopsFile = ./wireguard;
     };
-    wireguard-preshared = {
-      key = "PresharedKey";
-      sopsFile = ./wireguard.yaml;
-    };
-    wireguard-private = {
-      key = "PrivateKey";
-      sopsFile = ./wireguard.yaml;
-    };
-    cloudflare = {
-      format = "binary";
-      sopsFile = ./cloudflare;
-    };
-    brawlstars-api-key = {
-      format = "binary";
-      sopsFile = ./brawlstars;
-    };
     samba = {
       format = "binary";
       sopsFile = ./samba;

sys/profiles/secrets/nixdesk/wireguard

@@ -1,5 +1,5 @@
 {
-	"data": "ENC[AES256_GCM,data:fwjhJg9Tgf1bLSolaOuqNccNibuo8g4P4j1mkiVbsQaE/2+3NxZem0aVPmeoevW2nev3DNt3qFdfpOZX3KXniYJSpIf8mxluB1m2c+Zf51eBg/rQSfNtSljFC++Jjc1RyL1XfVIlxZvq8V26AnJZbH6cqkX+phVsO6J/qSyKEBq+rXIZZO3iwby/II5z8ehYtGPJaliCfwv5FLltPul2p+fySQF4UtUWLEKIAGnN3m81GcaLoQZdIMTsEYowHVjs350xv+oBfGNOK5QHKEUBeU9vxvEbyQTvQ4sIjs4RdncqfPkJJQG90TB95LsBmEIuynhD5NS2S2A3Bk4W0zCRdEugOl6U0+4PeiD3t3DeejWpao55+woEvkItSP8RmiGkGrkj1NavUiGiMNztp94zqD3NAg1RHxRPlW/nf5JjUpwmxRNh2G4lMqxG+zXuRV34FjZmKESsGsrCyXg+WUB0BSkXzVZAuvfHfBnPjrC2yakPKpheSqhBRKMHCUKCZ+ESdDKaGxKX2JYaZuSmUEs=,iv:N8VjPOYF63fa+tpwDaPDz6+hkyiKAvY81yrgcs0QRJE=,tag:qcF8HjEuXdrrzwZ1bxCNyw==,type:str]",
+	"data": "ENC[AES256_GCM,data:pPi4Ke8yTcSMbJLPxi3preqLKRlm3IWmt+7Q5SYJ63ulA3F8rBtRqoVxorGTvKMxB9+vIS+jBjfTefRoXAUXS4l/TCuLN+3eJC8sKAlgPhG7XVtwFVZZs2UK5wJ1LV4IvQcL9sQqMEgV2yve9xXEuFgTkTwYr+rpoKmO+MMh7+BVoW5JtS93rkIvD5hQHQXTjuSCM5zTGIV13EYfF/Rn4QWWt88M6XhtuCjsobpeudOaNtJyWDSsTM7ctSnYzidydCdjWL9HGBq4VtYgID48kF43d3KauyDdTPTz5M/7E8syBik2XM1tB+xD7Jm31xMmlsg8xUoDhZAR2TzruRBJ25x5sylA6bb1JUfXZcKU+iJj2OHwKRGDHu5t8QNljUiwLajRXVbFgaI9iKkpO7YZSiU5ccu72O6wEMet1KXgsycUaQVu4y6yKtU/MFAuL7Jb92MpOb+9/6edayzpGdyzLNjDaz9h7+DtVxapml6y+CdgJfjlMn5hTuhiLifD+EF33hm74PQ7JF5Z850S64Q8PmpzGAJ44Io=,iv:wFzlM8UQpKHhMX1oMGcdCKFX2ZRDBbY6SOru9Mz4PlQ=,tag:hfD1etC9sk3n17gWOcBUuQ==,type:str]",
 	"sops": {
 		"kms": null,
 		"gcp_kms": null,
@@ -15,10 +15,10 @@
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjL2NSTnVYY05pcVNyT1g4\nT0hvanphU29Dd0dvMXZ4TjdVV2R4WnpxY1JVCmVQVlcwbE9EbmxPZWhTK3RudUJG\nQVhjZ2lzUmo1VjlNejlLejVkSXZhTFkKLS0tIFpaQ1JtTm9NOWIrWFdlZWlDTXBo\nRFVKNVVyRWlxZWtqUHVsVGFsRUtWeW8KHVaiwFMs7wTn7j/PZXqrpEtEJTTRaFi2\nK65QMNkbB8DCvmO950X+lpCkuCHXpTgI+yvzLgD2zvZurlu6h9zZDg==\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
-		"lastmodified": "2024-04-17T20:38:26Z",
-		"mac": "ENC[AES256_GCM,data:TbfcsR134LA02u6/bQRHDYev5AcMj0Tq04SyH78eQu+bg5658qdeAcXX5GD6GvgEBR+O4hghzq3pDoQ8BvMIQDI1kx0YTrH0rSs84j60d4Jjw96KmRMIqvFbBHuvzHfw7+6cnNRJ+lvSv4Xca46XSrviu7UvcUGLBklAfZca8Ls=,iv:TfV52tbDfxnmmWgGWTcCwQp3iWL1PYCkvNrqDp55VP8=,tag:LQZI+BLE5a9FaBrRU6cnGg==,type:str]",
+		"lastmodified": "2025-02-18T10:42:09Z",
+		"mac": "ENC[AES256_GCM,data:kbiq62RcROf2iemhU5F2QDhSe+gM8hjW92hawZWBDDs9rt+QLupiLcUPUMgXrAvrl31ghjD9feGpt7ohJafb0SvHXHa4VAb32822FYNS351mm6WerSdFOc5PlsKt4CAO2Tepa8WSEM8u74nSsgFb/HHyfyjWdNUq5gmH1+BC+FQ=,iv:s7lPvHgrPfkJwA71dpU7ZhPOpQJ2gOELFRDEbtNPLRw=,tag:gcZQ5gxxcBRRRNE6lLQIwQ==,type:str]",
 		"pgp": null,
 		"unencrypted_suffix": "_unencrypted",
-		"version": "3.8.1"
+		"version": "3.9.4"
 	}
 }