mediaserver: make wg details private

2023-04-20 21:41:45 +02:00 · 2023-04-20 21:41:45 +02:00 · 75993ec17b
commit 75993ec17b
parent d86ea7fd5e
4 changed files with 6 additions and 5 deletions
--- a/agenix/hosts/mediaserver/wireguard/config.age
+++ b/agenix/hosts/mediaserver/wireguard/config.age
--- a/secret/hosts/mediaserver.nix
+++ b/secret/hosts/mediaserver.nix
--- a/system/hosts/mediaserver.nix
+++ b/system/hosts/mediaserver.nix
@ -1,6 +1,7 @@
 args@{ pkgs, config, lib, ... }:

 let
+  secret = import ../../secret/hosts/mediaserver.nix;
  ssh-keys = import ../shared/ssh-keys.nix;
 in
 {
@ -19,7 +20,7 @@ in
    ../nixos/tailscale.nix

    ../nixos/mediaserver-setup.nix
-    ../nixos/wireguard-netns.nix
+    (import ../nixos/wireguard-netns.nix (args // { inherit secret; }))
    ../nixos/prowlarr.nix
    ../nixos/sabnzbd.nix
    ../nixos/sonarr.nix
--- a/system/nixos/wireguard-netns.nix
+++ b/system/nixos/wireguard-netns.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ pkgs, config, secret, ... }:

 {
  environment.systemPackages = with pkgs; [ ldns tcpdump wireguard-tools ];
@ -6,7 +6,7 @@
  environment.etc."netns/wg/resolv.conf" = {
    mode = "0644";
    text = ''
-      nameserver 10.64.0.1
+      nameserver ${secret.wireguard.dns}
    '';
  };

@ -61,8 +61,8 @@
        ${iproute}/bin/ip link add wg0 type wireguard
        ${wireguard-tools}/bin/wg setconf wg0 ${config.age.secrets.wireguard-config.path}
        ${iproute}/bin/ip link set wg0 netns wg
-        ${iproute}/bin/ip -n wg address add 10.66.10.158/32 dev wg0
-        ${iproute}/bin/ip -n wg -6 address add fc00:bbbb:bbbb:bb01::3:a9d/128 dev wg0
+        ${iproute}/bin/ip -n wg address add ${secret.wireguard.ipv4} dev wg0
+        ${iproute}/bin/ip -n wg -6 address add ${secret.wireguard.ipv6} dev wg0
        ${iproute}/bin/ip -n wg link set wg0 up
        ${iproute}/bin/ip -n wg route add default dev wg0
        ${iproute}/bin/ip -n wg -6 route add default dev wg0