summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--files/certs/tinternet.crt13
-rw-r--r--nix/programs/sops/default.nix1
-rw-r--r--nix/programs/wireguard/default.nix13
-rw-r--r--nix/system/default.nix1
-rw-r--r--secrets.yaml12
5 files changed, 32 insertions, 8 deletions
diff --git a/files/certs/tinternet.crt b/files/certs/tinternet.crt
new file mode 100644
index 0000000..ddafb1c
--- /dev/null
+++ b/files/certs/tinternet.crt
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB0DCCAXagAwIBAgIRAKk5OC0K/5fULwXrMQuONpIwCgYIKoZIzj0EAwIwRjEd
+MBsGA1UEChMUQ2VydGlmaWNhdGVBdXRob3JpdHkxJTAjBgNVBAMTHENlcnRpZmlj
+YXRlQXV0aG9yaXR5IFJvb3QgQ0EwHhcNMjMxMTA0MDIwMzU1WhcNMzMxMTAxMDIw
+MzU1WjBGMR0wGwYDVQQKExRDZXJ0aWZpY2F0ZUF1dGhvcml0eTElMCMGA1UEAxMc
+Q2VydGlmaWNhdGVBdXRob3JpdHkgUm9vdCBDQTBZMBMGByqGSM49AgEGCCqGSM49
+AwEHA0IABKZzRX5AdjTTzkPr3tUw4SiTYI85sDsrvh7qWCSY70htRk/ldo3q1C3+
+Y1h11ZHha9niYPFEQbAyvupM8nw2hrejRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNV
+HRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBRPy7zJUi60Mx1uvJVL9rD8+XK+3jAK
+BggqhkjOPQQDAgNIADBFAiEAsA5ha5E/pv4UBdIX0XmYqk905hch9YkM0aM1idXK
+2/QCIDQMv88O698/domTyYnIHi2qoSyEl3aKTbntgGE/CNHj
+-----END CERTIFICATE-----
+
diff --git a/nix/programs/sops/default.nix b/nix/programs/sops/default.nix
index c8dec69..7fb5841 100644
--- a/nix/programs/sops/default.nix
+++ b/nix/programs/sops/default.nix
@@ -24,6 +24,7 @@ in
secrets = {
freyanetWg = {};
+ tinternetWg = {};
};
};
}
diff --git a/nix/programs/wireguard/default.nix b/nix/programs/wireguard/default.nix
index 7e4ab7a..3bddc22 100644
--- a/nix/programs/wireguard/default.nix
+++ b/nix/programs/wireguard/default.nix
@@ -18,5 +18,18 @@
persistentKeepalive = 25;
}];
};
+
+ tinternet = {
+ address = [ "69.0.0.2/32" "cafe::2/128" "fe80::2/128" ];
+ dns = [ "1.1.1.1" ];
+ privateKeyFile = config.sops.secrets.tinternetWg.path;
+
+ peers = [{
+ publicKey = "8Ice49Yc7N75OYJW59ohDbfUjgrkwIuGWKWocJQGgzI=";
+ allowedIPs = [ "0.0.0.0/0" "::/0" ];
+ endpoint = "freya.cat:51282";
+ persistentKeepalive = 25;
+ }];
+ };
};
}
diff --git a/nix/system/default.nix b/nix/system/default.nix
index 2338fe4..b54f8a5 100644
--- a/nix/system/default.nix
+++ b/nix/system/default.nix
@@ -96,6 +96,7 @@
# certs
security.pki.certificateFiles = [
../../files/certs/freyanet.crt
+ ../../files/certs/tinternet.crt
];
# fonts
diff --git a/secrets.yaml b/secrets.yaml
index 2a20fa7..35be139 100644
--- a/secrets.yaml
+++ b/secrets.yaml
@@ -1,12 +1,8 @@
freyanetWg: ENC[AES256_GCM,data:mUI3eIwFzanJz9iJCbIBDg3FMKdDMcOQ6u96mk5/zZd8MG5kuOG39wu8xZQ=,iv:Sd6EjuQiNhD0QupGpbRPJF7aIBCJJ3/LNNmUYlBMRNI=,tag:KFKoL0JbSfEQidaEzi049Q==,type:str]
+tinternetWg: ENC[AES256_GCM,data:5ajGIfQp06v4g3AbJFCzXrbxXw7cnoMWwwV8Ti03IDVUxSHlfDiGvB+F2XE=,iv:JOTd7Mc+gnckPAH9ev83y+ZGWwMsZJSQ34VHosNv0p4=,tag:5oAlaF7EgExiNPrZc+KMvw==,type:str]
sops:
- kms: []
- gcp_kms: []
- azure_kv: []
- hc_vault: []
- age: []
- lastmodified: "2025-01-28T03:38:29Z"
- mac: ENC[AES256_GCM,data:2DA6o6yq0jbaNjNf6x15UrzVl7jOz7MXnAZf53kwEU94OIDr10xSLjaPmv9c+7FNTPXlesldNOY6LNsiaMGiOg+CWLA8RF9W0N/m23TtwC91PZEfvHFYpIyJsUlGFh9SzP1kgtIdoPIL40Clt1cjvb5Kf9wXlTlR1IBG0hXnobk=,iv:M7YtsfwDu4rSoXoTwnqxAuMCP92urQZCQxSMU8bWmRU=,tag:pMF1h81YlR8edyA4PddGSQ==,type:str]
+ lastmodified: "2025-04-11T19:33:22Z"
+ mac: ENC[AES256_GCM,data:eD9BZlEgriyrmFqtb/EBmfQieI3/fh5vat1yPc3cQsBvs+lRlsYKBL367TiJ/giXso5KLqoIXAjeJwW/ogimMLACljgw9b3BbUcyhjvcUCXJS3BLe60oTDxLxY+PDyIM5BfrAVSK+1u8ruiOnIIaxfjc+cRsrQ8m5OZB+IoGAL8=,iv:k0tRFqW/syl+fcbzgaI7R6Pcen9+A2aWRCnAe9ydE+k=,tag:JpTyhYKMjP4a7BfdkGe1Hw==,type:str]
pgp:
- created_at: "2025-01-28T03:38:29Z"
enc: |-
@@ -42,4 +38,4 @@ sops:
-----END PGP MESSAGE-----
fp: FDD5D980CA2FEFF1AA8433B10F7CD7B91AB7CF01
unencrypted_suffix: _unencrypted
- version: 3.9.3
+ version: 3.10.1
generated by cgit v1.2.3-freya (git 2.51.0) at 2025-09-22 14:23:10 +0000