tinternet wg

5 files changed, 32 insertions, 8 deletions

diff --git a/files/certs/tinternet.crt b/files/certs/tinternet.crt
new file mode 100644
index 0000000..ddafb1c
--- /dev/null
+++ b/files/certs/tinternet.crt
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB0DCCAXagAwIBAgIRAKk5OC0K/5fULwXrMQuONpIwCgYIKoZIzj0EAwIwRjEd
+MBsGA1UEChMUQ2VydGlmaWNhdGVBdXRob3JpdHkxJTAjBgNVBAMTHENlcnRpZmlj
+YXRlQXV0aG9yaXR5IFJvb3QgQ0EwHhcNMjMxMTA0MDIwMzU1WhcNMzMxMTAxMDIw
+MzU1WjBGMR0wGwYDVQQKExRDZXJ0aWZpY2F0ZUF1dGhvcml0eTElMCMGA1UEAxMc
+Q2VydGlmaWNhdGVBdXRob3JpdHkgUm9vdCBDQTBZMBMGByqGSM49AgEGCCqGSM49
+AwEHA0IABKZzRX5AdjTTzkPr3tUw4SiTYI85sDsrvh7qWCSY70htRk/ldo3q1C3+
+Y1h11ZHha9niYPFEQbAyvupM8nw2hrejRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNV
+HRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBRPy7zJUi60Mx1uvJVL9rD8+XK+3jAK
+BggqhkjOPQQDAgNIADBFAiEAsA5ha5E/pv4UBdIX0XmYqk905hch9YkM0aM1idXK
+2/QCIDQMv88O698/domTyYnIHi2qoSyEl3aKTbntgGE/CNHj
+-----END CERTIFICATE-----
+
diff --git a/nix/programs/sops/default.nix b/nix/programs/sops/default.nix
index c8dec69..7fb5841 100644
--- a/nix/programs/sops/default.nix
+++ b/nix/programs/sops/default.nix
@@ -24,6 +24,7 @@ in
 
       secrets = {
         freyanetWg = {};
+        tinternetWg = {};
       };
     };
 }
diff --git a/nix/programs/wireguard/default.nix b/nix/programs/wireguard/default.nix
index 7e4ab7a..3bddc22 100644
--- a/nix/programs/wireguard/default.nix
+++ b/nix/programs/wireguard/default.nix
@@ -18,5 +18,18 @@
         persistentKeepalive = 25;
       }];
     };
+
+    tinternet = {
+      address = [ "69.0.0.2/32" "cafe::2/128" "fe80::2/128" ];
+      dns = [ "1.1.1.1" ];
+      privateKeyFile = config.sops.secrets.tinternetWg.path;
+
+      peers = [{
+        publicKey = "8Ice49Yc7N75OYJW59ohDbfUjgrkwIuGWKWocJQGgzI=";
+        allowedIPs = [ "0.0.0.0/0" "::/0" ];
+        endpoint = "freya.cat:51282";
+        persistentKeepalive = 25;
+      }];
+    };
   };
 }
diff --git a/nix/system/default.nix b/nix/system/default.nix
index 2338fe4..b54f8a5 100644
--- a/nix/system/default.nix
+++ b/nix/system/default.nix
@@ -96,6 +96,7 @@
   # certs
   security.pki.certificateFiles = [
     ../../files/certs/freyanet.crt
+    ../../files/certs/tinternet.crt
   ];
 
   # fonts
diff --git a/secrets.yaml b/secrets.yaml
index 2a20fa7..35be139 100644
--- a/secrets.yaml
+++ b/secrets.yaml
@@ -1,12 +1,8 @@
 freyanetWg: ENC[AES256_GCM,data:mUI3eIwFzanJz9iJCbIBDg3FMKdDMcOQ6u96mk5/zZd8MG5kuOG39wu8xZQ=,iv:Sd6EjuQiNhD0QupGpbRPJF7aIBCJJ3/LNNmUYlBMRNI=,tag:KFKoL0JbSfEQidaEzi049Q==,type:str]
+tinternetWg: ENC[AES256_GCM,data:5ajGIfQp06v4g3AbJFCzXrbxXw7cnoMWwwV8Ti03IDVUxSHlfDiGvB+F2XE=,iv:JOTd7Mc+gnckPAH9ev83y+ZGWwMsZJSQ34VHosNv0p4=,tag:5oAlaF7EgExiNPrZc+KMvw==,type:str]
 sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age: []
-    lastmodified: "2025-01-28T03:38:29Z"
-    mac: ENC[AES256_GCM,data:2DA6o6yq0jbaNjNf6x15UrzVl7jOz7MXnAZf53kwEU94OIDr10xSLjaPmv9c+7FNTPXlesldNOY6LNsiaMGiOg+CWLA8RF9W0N/m23TtwC91PZEfvHFYpIyJsUlGFh9SzP1kgtIdoPIL40Clt1cjvb5Kf9wXlTlR1IBG0hXnobk=,iv:M7YtsfwDu4rSoXoTwnqxAuMCP92urQZCQxSMU8bWmRU=,tag:pMF1h81YlR8edyA4PddGSQ==,type:str]
+    lastmodified: "2025-04-11T19:33:22Z"
+    mac: ENC[AES256_GCM,data:eD9BZlEgriyrmFqtb/EBmfQieI3/fh5vat1yPc3cQsBvs+lRlsYKBL367TiJ/giXso5KLqoIXAjeJwW/ogimMLACljgw9b3BbUcyhjvcUCXJS3BLe60oTDxLxY+PDyIM5BfrAVSK+1u8ruiOnIIaxfjc+cRsrQ8m5OZB+IoGAL8=,iv:k0tRFqW/syl+fcbzgaI7R6Pcen9+A2aWRCnAe9ydE+k=,tag:JpTyhYKMjP4a7BfdkGe1Hw==,type:str]
     pgp:
         - created_at: "2025-01-28T03:38:29Z"
           enc: |-
@@ -42,4 +38,4 @@ sops:
             -----END PGP MESSAGE-----
           fp: FDD5D980CA2FEFF1AA8433B10F7CD7B91AB7CF01
     unencrypted_suffix: _unencrypted
-    version: 3.9.3
+    version: 3.10.1