diff --git a/.gitsecret/paths/mapping.cfg b/.gitsecret/paths/mapping.cfg index 4305c78..71183a9 100644 --- a/.gitsecret/paths/mapping.cfg +++ b/.gitsecret/paths/mapping.cfg @@ -1 +1 @@ -configs/secrets.nix:259586563a3c51652650618e0cc26aaee07b482ea801e2a1641d24510446bf50 +configs/secrets.nix:a83d724b6fe99623ff5a9e649a30227c3c199d302b10dce75db8ab3f3271d7f8 diff --git a/configs/secrets.nix.secret b/configs/secrets.nix.secret index e986f2f..13c2a7f 100644 Binary files a/configs/secrets.nix.secret and b/configs/secrets.nix.secret differ diff --git a/machine/vps.nix b/machine/vps.nix index ccd2f74..0d80f90 100644 --- a/machine/vps.nix +++ b/machine/vps.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: let - secrets = import ./secrets.nix; + secrets = import ../configs/secrets.nix; in { imports = @@ -24,21 +24,22 @@ in useDHCP = false; interfaces.ens3.useDHCP = true; wireguard.interfaces = { - wg0 = { - ips = [ "10.100.0.1/24" ]; - listenPort = 51820; - postSetup = '' - ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ens3 -j MASQUERADE - ''; - postShutdown = '' - ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ens3 -j MASQUERADE - ''; - privateKey = secrets.wireguard-vps-private; - peers = [{ - publicKey = secrets.wireguard-desktop-public; - presharedKey = secrets.wireguard-preshared; - allowedIPs = [ "10.100.0.2/32" ]; - }]; + wg0 = { + ips = [ "10.100.0.1/24" ]; + listenPort = 51820; + postSetup = '' + ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ens3 -j MASQUERADE + ''; + postShutdown = '' + ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ens3 -j MASQUERADE + ''; + privateKey = secrets.wireguard-vps-private; + peers = [{ + publicKey = secrets.wireguard-desktop-public; + presharedKey = secrets.wireguard-preshared; + allowedIPs = [ "10.100.0.2/32" ]; + }]; + }; }; nat = { @@ -127,4 +128,3 @@ in system.stateVersion = "21.05"; } -