update wireguard configs

5 files changed, 15 insertions, 33 deletions

diff --git a/hosts/shinji/secrets.yaml b/hosts/shinji/secrets.yaml
index 44667df..35a3277 100644
--- a/hosts/shinji/secrets.yaml
+++ b/hosts/shinji/secrets.yaml
@@ -1,8 +1,7 @@
-freyanetWg: ENC[AES256_GCM,data:mUI3eIwFzanJz9iJCbIBDg3FMKdDMcOQ6u96mk5/zZd8MG5kuOG39wu8xZQ=,iv:Sd6EjuQiNhD0QupGpbRPJF7aIBCJJ3/LNNmUYlBMRNI=,tag:KFKoL0JbSfEQidaEzi049Q==,type:str]
-tinternetWg: ENC[AES256_GCM,data:5ajGIfQp06v4g3AbJFCzXrbxXw7cnoMWwwV8Ti03IDVUxSHlfDiGvB+F2XE=,iv:JOTd7Mc+gnckPAH9ev83y+ZGWwMsZJSQ34VHosNv0p4=,tag:5oAlaF7EgExiNPrZc+KMvw==,type:str]
+freyanetWg: ENC[AES256_GCM,data:TocEqBEkwZNQ3JZnmDzxOlFqRUKYUu9+YxIYG0iJJh5Tvn/SYrB59i/Im+A=,iv:WJNfsOeiYEQEaWGdc2gT//4ns1O7xrz+OFlxJLi4fc0=,tag:/OaAGDERnDnFZ4URakDPOw==,type:str]
 sops:
-    lastmodified: "2025-04-11T19:33:22Z"
-    mac: ENC[AES256_GCM,data:eD9BZlEgriyrmFqtb/EBmfQieI3/fh5vat1yPc3cQsBvs+lRlsYKBL367TiJ/giXso5KLqoIXAjeJwW/ogimMLACljgw9b3BbUcyhjvcUCXJS3BLe60oTDxLxY+PDyIM5BfrAVSK+1u8ruiOnIIaxfjc+cRsrQ8m5OZB+IoGAL8=,iv:k0tRFqW/syl+fcbzgaI7R6Pcen9+A2aWRCnAe9ydE+k=,tag:JpTyhYKMjP4a7BfdkGe1Hw==,type:str]
+    lastmodified: "2025-08-23T18:29:46Z"
+    mac: ENC[AES256_GCM,data:wFWETiGqtmpF87zLdVdDeEgBYHxGMYN9GGWW+wBIK/otcYjoWWdqhFtqVy4t7Xpxs63J6U3dELQUkIiI7voGxoJRMWiK3txNy2GCJUG1eL/XtlrANy6FXDtuRh7bmn/VE23Xhagzz3qAFXElezOLFV7DNCBDrLj0TqfdbN2YzXg=,iv:9WgJDFwhtYl2IRn/r0X3ZrTBAHqQ5ADeDKaBii8nFIw=,tag:PlqRvyIjFbFQxgNYI0cYZg==,type:str]
     pgp:
         - created_at: "2025-06-22T02:32:57Z"
           enc: |-
@@ -27,4 +26,4 @@ sops:
             -----END PGP MESSAGE-----
           fp: 2A8A27879715447AEEC59D0C18DCCBE353963394
     unencrypted_suffix: _unencrypted
-    version: 3.10.1
+    version: 3.10.2
diff --git a/hosts/shinji/sops.nix b/hosts/shinji/sops.nix
index a0724e1..a7ede54 100644
--- a/hosts/shinji/sops.nix
+++ b/hosts/shinji/sops.nix
@@ -20,7 +20,6 @@
 
     secrets = {
       freyanetWg = {};
-      tinternetWg = {};
     };
   };
 }
diff --git a/hosts/shinji/wireguard.nix b/hosts/shinji/wireguard.nix
index ed0872d..8e42f9d 100644
--- a/hosts/shinji/wireguard.nix
+++ b/hosts/shinji/wireguard.nix
@@ -9,32 +9,16 @@
 
   networking.wg-quick.interfaces = {
     freyanet = {
-      address = ["10.2.0.2/32" "fd:cafe:dead:bee::2/128" "fe80::2/128"];
-      dns = ["10.3.0.138"];
+      address = ["10.3.0.3/32"];
+      dns = ["10.2.0.1"];
       privateKeyFile = config.sops.secrets.freyanetWg.path;
       autostart = false;
 
       peers = [
         {
           publicKey = "x0ykwakpYCvI/pG+nR83lNUyeOE9m54thnX3bvZ+FUk=";
-          allowedIPs = ["10.0.0.0/14" "fd:cafe::/32"];
-          endpoint = "cid.freya.cat:3000";
-          persistentKeepalive = 25;
-        }
-      ];
-    };
-
-    tinternet = {
-      address = ["69.0.0.2/32" "cafe::2/128" "fe80::2/128"];
-      dns = ["1.1.1.1"];
-      privateKeyFile = config.sops.secrets.tinternetWg.path;
-      autostart = false;
-
-      peers = [
-        {
-          publicKey = "8Ice49Yc7N75OYJW59ohDbfUjgrkwIuGWKWocJQGgzI=";
-          allowedIPs = ["0.0.0.0/0" "::/0"];
-          endpoint = "freya.cat:51282";
+          allowedIPs = ["10.0.0.0/8"];
+          endpoint = "freya.cat:3000";
           persistentKeepalive = 25;
         }
       ];
diff --git a/hosts/thinkpad/secrets.yaml b/hosts/thinkpad/secrets.yaml
index 33ef635..df406fc 100644
--- a/hosts/thinkpad/secrets.yaml
+++ b/hosts/thinkpad/secrets.yaml
@@ -1,7 +1,7 @@
-freyanetWg: ENC[AES256_GCM,data:Smy7s+aH8+4QsNkIbK4YCT0KKUBY+9xMviTtep6lRl31hLxmym6sntqDQl4=,iv:V2OJt6y9bE/sWC4S+aKSmNpyYiZ0WOPHi1FZ1IOMfjc=,tag:UK5R8iE7wed3iZSAdI+WJQ==,type:str]
+freyanetWg: ENC[AES256_GCM,data:iupv8u+jrRsCVjHwrRYSsONftzk1+Q9MughsZR0VPJAKPHMHwJ66z/wxvYw=,iv:igAfgl+Uf5mPmuwuYoPGOSCibDLa3ioRjLQBvRhZbos=,tag:mzGYEesXyLuo3vrN4oz8LA==,type:str]
 sops:
-    lastmodified: "2025-07-02T23:48:03Z"
-    mac: ENC[AES256_GCM,data:0+UiaZgu6cfQTTRZTl89/sYXL8BV2/XUHsNAuYQsPUY6udWb7j4Nfj1cDMi+O7rnhl3TK61ms6QhdQkkLiMIUVlngzFHi+iWYTQ8WU1V2YneeepVDJuxiQn5PhzSlFDqDvdgPwVRT/HM/KeJ7iUsHKTFBF+MTuKUZTbftCL9ZaM=,iv:3QBubDeW27udjHjJlPXWihNLnFsu0PP5c4CcxCvpzQM=,tag:N0wKnLVVrIhn+aHUJeHWzw==,type:str]
+    lastmodified: "2025-08-24T03:46:59Z"
+    mac: ENC[AES256_GCM,data:TW/7tmlxBgH/7Op7EFA3kGYcpDxkNwhQKFPR001ebEsrkcRvjbVewHo0AO3k/TNSxDaGfPlCo4johEcEF1iD+A+KDurDsZVhjkxSnrofgFKWxL3i+TgEcRXh6CyujMtLmaZi+o17lczQcMEQsZVjgM6Dkx1Uf2i/OS/XvySZ9x4=,iv:EUqRBeRtSTzIYI3cDXqFW2ATeinFu/hLZ77WVNvg2xg=,tag:Zw9mMRTM5zPZ+98TZyDSFw==,type:str]
     pgp:
         - created_at: "2025-07-02T23:48:03Z"
           enc: |-
diff --git a/hosts/thinkpad/wireguard.nix b/hosts/thinkpad/wireguard.nix
index 84ba8d1..72eb113 100644
--- a/hosts/thinkpad/wireguard.nix
+++ b/hosts/thinkpad/wireguard.nix
@@ -9,16 +9,16 @@
 
   networking.wg-quick.interfaces = {
     freyanet = {
-      address = ["10.2.0.10/32" "fd:cafe:dead:bee::10/128" "fe80::10/128"];
-      dns = ["10.3.0.138"];
+      address = ["10.3.0.5/32"];
+      dns = ["10.2.0.1"];
       privateKeyFile = config.sops.secrets.freyanetWg.path;
       autostart = false;
 
       peers = [
         {
           publicKey = "x0ykwakpYCvI/pG+nR83lNUyeOE9m54thnX3bvZ+FUk=";
-          allowedIPs = ["10.0.0.0/14" "fd:cafe::/32"];
-          endpoint = "cid.freya.cat:3000";
+          allowedIPs = ["10.0.0.0/8"];
+          endpoint = "freya.cat:3000";
           persistentKeepalive = 25;
         }
       ];