diff --git a/roles/server/default.nix b/roles/server/default.nix index 075c012..af9c11a 100755 --- a/roles/server/default.nix +++ b/roles/server/default.nix @@ -12,7 +12,6 @@ ./transmission.nix ./ddclient.nix ./beep.nix - ./wireguard.nix ./tailscale.nix ./traefik.nix ./minecraft.nix diff --git a/roles/server/wireguard.nix b/roles/server/wireguard.nix deleted file mode 100644 index 6ad8b0d..0000000 --- a/roles/server/wireguard.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ config, pkgs, ... }: - -{ - # Set up secrets - age.secrets = { - silverPrivate.file = ../../secrets/wg/silver/serverPriv; - silverPhonePsk.file = ../../secrets/wg/silver/phonePsk; - toastPrivate.file = ../../secrets/wg/toast/serverPriv; - toastPhonePsk.file = ../../secrets/wg/toast/phonePsk; - }; - - networking = { - # You need NAT if you want to use wireguard as a VPN - nat = { - enable = true; - externalInterface = "eno1"; - internalInterfaces = [ "wg-*" ]; - }; - - # Allow the wireguard port though the firewall - firewall.allowedUDPPorts = with config.networking.wireguard.interfaces; [ vpn-silver.listenPort vpn-toast.listenPort]; - - wireguard = { - enable = true; - interfaces = { - vpn-silver = { - /* - I see people normally use 10.0.X.X, but I already have the muscle memory of - typing 192.168.X.X so I went with this one. Plus I'm only going to have 2-3 - peers connected at once, so a type C IP is more than enough - */ - ips = [ "192.168.10.1/24" ]; - listenPort = 51820; - privateKeyFile = config.age.secrets.silverPrivate.path; - postSetup = '' - ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o eno1 -j MASQUERADE - ''; - postShutdown = '' - ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 192.168.10.0/24 -o eno1 -j MASQUERADE - ''; - peers = [ - { - # Silver's phone - allowedIPs = [ "192.168.10.2" ]; - publicKey = "silvrNOD8j5aDm4PhY8zJBV3JZOeBX6VK5KPvT+3yic="; - presharedKeyFile = config.age.secrets.silverPhonePsk.path; - } - ]; - }; - vpn-toast = { - ips = [ "192.168.11.1/24" ]; - listenPort = 51821; - privateKeyFile = config.age.secrets.toastPrivate.path; - postSetup = '' - ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 192.168.11.0/24 -o eno1 -j MASQUERADE - ''; - postShutdown = '' - ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 192.168.11.0/24 -o eno1 -j MASQUERADE - ''; - peers = [ - { - # My phone - allowedIPs = [ "192.168.11.2" ]; - publicKey = "pHonE1YaBZcTU5sTMLg6Iy4FIyzInfHfH4x0NZ1lBRA="; - presharedKeyFile = config.age.secrets.toastPhonePsk.path; - } - ]; - }; - - }; - }; - }; -} diff --git a/secrets/secrets.nix b/secrets/secrets.nix index f43b96a..fbb968e 100755 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -7,10 +7,4 @@ in "cock".publicKeys = [ everest ]; "syncthing/key".publicKeys = [ everest ]; "syncthing/cert".publicKeys = [ everest ]; - "wg/silver/serverPriv".publicKeys = [ everest ]; - "wg/silver/phonePriv".publicKeys = [ everest ]; - "wg/silver/phonePsk".publicKeys = [ everest ]; - "wg/toast/serverPriv".publicKeys = [ everest ]; - "wg/toast/phonePriv".publicKeys = [ everest ]; - "wg/toast/phonePsk".publicKeys = [ everest ]; } diff --git a/secrets/wg/silver/phonePriv b/secrets/wg/silver/phonePriv deleted file mode 100644 index e6d0722..0000000 --- a/secrets/wg/silver/phonePriv +++ /dev/null @@ -1,8 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 VoNo4A vExPc7M17NblMkOjJCxVm6I4v6/6yYBzE6nfc9saOEc -muXFANq6dGV+ToPwlUTkZ84wVsGqnTcCLvncmOgcbrk --> VN-grease (ijvp 99` (qc -f+ZaYegYdxUu4uj7uGtIl1Pm1ipMe4gQxs57vQxYCHOYO6tejSbwI8Y8sOAzkNV0 -pv0EFylBo9Y ---- SrPUCAPc2SmcpvPoPEK/gYJ9hn+vdplxJRMBfRSamAo -bϾr ?/⻏Q2Drr4;^|T {!] \ No newline at end of file diff --git a/secrets/wg/silver/phonePsk b/secrets/wg/silver/phonePsk deleted file mode 100644 index 796fddf..0000000 --- a/secrets/wg/silver/phonePsk +++ /dev/null @@ -1,8 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 VoNo4A 8YvcfWII3BKsM+V+ceoFC3XXldC0qvwnL/6ggK+Il0s -irwDqE2NcFHU/mVlhvIt787a4EW3kmEd11d0P393zXA --> Wu;RC:#-grease EIrU+ a1!S.4 t Uq#Qab6^ -mpekj8nSA5jpzDm1l5VrrYxMxmcuG5Yh+ABWkv2Dn9dKuJG6E1CIcAnU+9rpP6n4 -waoAYhTnVZpcHd1qVVm1Mwlz1REymNYxYw7MVplfM3lm1jSU ---- Q+IuFa2gerHpADs2TR/ZkULZV0rIaUvqFpoiovmbcQs -A3zX"Ijlkx u7 UhGJ֏{+^qbL?RImS܈=PԽgqFtJx \ No newline at end of file diff --git a/secrets/wg/silver/serverPriv b/secrets/wg/silver/serverPriv deleted file mode 100644 index 0c42bd4..0000000 --- a/secrets/wg/silver/serverPriv +++ /dev/null @@ -1,8 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 VoNo4A xu8kFORPIO3cpRKruN2H3Ab8kGHKooWF+a51uvo6AnQ -2LyysvbhXMTJ+CXZtqYksxNAH5E+fgpmtCkX0TVp1SI --> T$7CzH-grease ZJA,Gm -fyYJztvSX5VrUustF3Y3XpgdmAhpMR/4 ---- S/lJcXIuerNOPN687eO9CgsLZE8/yTEGfs2GUD4H/+Y -ҵI - }v''9Fnג؏<W]t`k+xl7p9/5zCxFFHr \ No newline at end of file diff --git a/secrets/wg/toast/phonePriv b/secrets/wg/toast/phonePriv deleted file mode 100644 index 76cc573..0000000 Binary files a/secrets/wg/toast/phonePriv and /dev/null differ diff --git a/secrets/wg/toast/phonePsk b/secrets/wg/toast/phonePsk deleted file mode 100644 index 853edab..0000000 --- a/secrets/wg/toast/phonePsk +++ /dev/null @@ -1,8 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 VoNo4A LJQA1BbMRZCiasZkqUIYdEF4U8AFfHv+tiDkIfp5xV0 -YVKxaYXmLMimAjQ5N0ALSkptDcSmUafX1JPaA+lXLiU --> {m4@-grease o=oC?P u1g sMgp\s" -GwnTCGHOjeG1XzcjSD/nqqY5eJRAkCIikGEIhLCLfuKqryn69mRz0mxoy7949j4j -oSG2 ---- z6TjnxxvqB7M7IXuIEJIpQrSvtW6yUC+FJDC9e9o2rg -fYR"gg`AO;&; h;'(ujNw吨FDg \ No newline at end of file diff --git a/secrets/wg/toast/serverPriv b/secrets/wg/toast/serverPriv deleted file mode 100644 index e7e3de5..0000000 --- a/secrets/wg/toast/serverPriv +++ /dev/null @@ -1,8 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 VoNo4A Y2wquDHovRlD2P7tv+6Z+DV3uoOeqs219woSenjJGBg -ZvHSzvAxlK2hZt41I1q4lAV3g9dg+8onphpG8V3gPM8 --> /-grease leqR -wT1Jyk7ceGKQlsQrNuTigKJbRLbk32r1ic/kHZnFikn1/Jx8W5t7VEVxV/qbbjM7 -2eV73hu3QR8uz/1/wwMuX9yyPX79o/BbmThqAwXR ---- v2H9k4DcOqjtAuw7fgX2AEOnJLC8BMH5l8KPvoLxxKc -'.|^_|svO'3@l6eQB.3/+I0-?Ihdm{h \ No newline at end of file