1
0
Fork 0

mediaserver: make wg details private

This commit is contained in:
Daniel Kempkens 2023-04-20 21:41:45 +02:00
parent d86ea7fd5e
commit 75993ec17b
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
4 changed files with 6 additions and 5 deletions

Binary file not shown.

View file

@ -1,6 +1,7 @@
args@{ pkgs, config, lib, ... }: args@{ pkgs, config, lib, ... }:
let let
secret = import ../../secret/hosts/mediaserver.nix;
ssh-keys = import ../shared/ssh-keys.nix; ssh-keys = import ../shared/ssh-keys.nix;
in in
{ {
@ -19,7 +20,7 @@ in
../nixos/tailscale.nix ../nixos/tailscale.nix
../nixos/mediaserver-setup.nix ../nixos/mediaserver-setup.nix
../nixos/wireguard-netns.nix (import ../nixos/wireguard-netns.nix (args // { inherit secret; }))
../nixos/prowlarr.nix ../nixos/prowlarr.nix
../nixos/sabnzbd.nix ../nixos/sabnzbd.nix
../nixos/sonarr.nix ../nixos/sonarr.nix

View file

@ -1,4 +1,4 @@
{ config, pkgs, ... }: { pkgs, config, secret, ... }:
{ {
environment.systemPackages = with pkgs; [ ldns tcpdump wireguard-tools ]; environment.systemPackages = with pkgs; [ ldns tcpdump wireguard-tools ];
@ -6,7 +6,7 @@
environment.etc."netns/wg/resolv.conf" = { environment.etc."netns/wg/resolv.conf" = {
mode = "0644"; mode = "0644";
text = '' text = ''
nameserver 10.64.0.1 nameserver ${secret.wireguard.dns}
''; '';
}; };
@ -61,8 +61,8 @@
${iproute}/bin/ip link add wg0 type wireguard ${iproute}/bin/ip link add wg0 type wireguard
${wireguard-tools}/bin/wg setconf wg0 ${config.age.secrets.wireguard-config.path} ${wireguard-tools}/bin/wg setconf wg0 ${config.age.secrets.wireguard-config.path}
${iproute}/bin/ip link set wg0 netns wg ${iproute}/bin/ip link set wg0 netns wg
${iproute}/bin/ip -n wg address add 10.66.10.158/32 dev wg0 ${iproute}/bin/ip -n wg address add ${secret.wireguard.ipv4} dev wg0
${iproute}/bin/ip -n wg -6 address add fc00:bbbb:bbbb:bb01::3:a9d/128 dev wg0 ${iproute}/bin/ip -n wg -6 address add ${secret.wireguard.ipv6} dev wg0
${iproute}/bin/ip -n wg link set wg0 up ${iproute}/bin/ip -n wg link set wg0 up
${iproute}/bin/ip -n wg route add default dev wg0 ${iproute}/bin/ip -n wg route add default dev wg0
${iproute}/bin/ip -n wg -6 route add default dev wg0 ${iproute}/bin/ip -n wg -6 route add default dev wg0