lilith/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

small sops file fix

Browse source
This commit is contained in:
Lilith 2026-01-15 13:07:11 +01:00
parent e153dabbc9
commit 47952c9dc5
No known key found for this signature in database
GPG key ID: 272C807BD91F8446
3 changed files with 16 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

4
hosts/lilith-lab/default.nix
View file

@ -11,6 +11,10 @@ in
arr.enable = true;
jellyfin.enable = true;
home-assistant.enable = true;
wireguard-bridge = {
enable = true;
ip = "10.0.1.1/32";
};
};
hardware.nvidia = {

8
hosts/lilith-lab/secrets/default.yaml
View file

@ -7,6 +7,10 @@ user:
syncthing:
cert.pem: ENC[AES256_GCM,data:IolcFf/jq3I6P2t/NdvW/vxKJlqzdtijFREYxXKn+Or0H1CSPTlu2VgGbvRNYt8m5TB0psPbjYHgPsteTaedW52rPqJ/ap8SRx2oo7mCmPhG88zdvsuv4QOPuTGM5Qtp1SOrOd313QE2U6SvqZNrdbaNLtCajX6qGoh0V552MTrMJvT0RtN/LKWWCL4SJxTg+9fF3rmmC4pNYNRoDAXSKWvJ7idKSzmL6F95MDyG4LGBZLcA43u/JORsNq/OdGOy2Bh7MFL+dqZTarj3jz/Reqmz72E9b8n7d8DcO5sP4niEmYtWYz/VVZZW0xuCqIrBs10VNLgBmoqwQNeBr9FqqhJ5P7G9IRN/paIV7mR3h4c/YNhd1qF4r9JHNU9+3pM9sbKZQfDzs95uOxFl1JdjImI1NMpsfoZRroL6oD9aCE50FxTgWLJh397wqcU91QuL5DkCAEvQ1nbYQ++jVlJKjVzU8pdpeF/QqLGxVJEquQPR9HBeH4H3fSRPwXXPM2JrlB1afnDs8ReZbEMIpLKp3X+FAS0RdB437N0p17Sels60k6F6MygyIxhX15IOPn1UPqqhIidk89OQtRmNaEGhsnKW/qHOKD1bFE23SAovOTXWRP+IvzuntM3HtKKqPbCslp21eKrnzNL2b7+ex7LFl59Qe5zW0ZUGOvOrSPm/MhRs+QW56LK0wKZzqwLT6Gw9mxLbwyogq+1HjLHXbHLnBY7K8MDeG4DhtSkitl6XBjnjnzWk1zR+XFm1xy97hbci+F/eQU6e1UVN1jXTplgsKapj19riIFSdsTzlj8L4+osvaptGKGMwbtnGUvY2OZlWCMQJAkU791D1pYI4UVPjFQWp3SLt74fS/OP5DfIArvy0Di8bpM1nH8mxPqsWnikW0xKGfrXAWZIeJGhVGKjBBP3AR0OJO5CoXKjIOJTxXAf45Z+CEN1cNp9j77C95+/ipECZUTswPEiFq40xs9ZX/mYMGBMz9h2U8p0qS048BSS4A/Q1bfGOToP/GX3wXDNoFhuu7z9hhS4YV9vOnSpVGedls2VsPQ==,iv:p1XFi45xRDqQCBl5MEXVKyzpFbBfu3EDavgMtnh50qY=,tag:fY67X6MytyFJYDlAVYaQYg==,type:str]
key.pem: ENC[AES256_GCM,data:W0wf7O+U+Hhci/EVkgA31CpeqkBZ39+gsu+pd5H/lZz0L3ap73/BhE5D/NMbhRDFIALTphN/lP99GuZi+1T9ug2xcKG/VSRR1YSE/6Z/3z1mXAIWPigvJ5ZcVjmTqFc0i/TLN7yrpKnZmabcE26ELbYiCupsJHguwDqv96jUdqwluoeZbIueAN8GfBxGSTNPa9YlXoV6vbR5QmByF4t5yKlFMc5ESueCZKc+i0MFCMTlDTQKW9GKfa+r/HCxKzhSPjey7cxvla7R4ShYg3DpwMsIEwc/VEJ2ifco6VHyGf526ccvUT57VtBNXPWs3NKYC5LV+pxrS7wy7APdld6J1OMcCyMuraLM+rQBMx09JYCy8GikNXw78SpP7mNrMdZ/,iv:OpT3xlvSgLl3h9D5cRMm6B8n0RRTPcu5TrsRKAuhHck=,tag:jsNZUtIiNAkEc76/qGEKAQ==,type:str]
wireguard:
bridge:
private: ENC[AES256_GCM,data:/Emba1VUA9gQR26h3aZM5Js9rmF49IZAX60IzNy2MJYcrpDOdP8XbPrnkTc=,iv:/BdE057mYfHT4vZ55690Xd2bjVWIEy7QS3Y8TjKJFU4=,tag:df1P9NkcEfKBDjh9yNtr3Q==,type:str]
public: ENC[AES256_GCM,data:+KcdWvXUnzMX7hDwMXYNmivXkHUuTVmGw1WdDOL3qpp284/4o8ZO9AaCrl0=,iv:KbNEXdSOjzRDDM5mftZ3xvU1c655j/6PMaTE5SFuTro=,tag:zZ0wnzM+kK5KIX7VU8aW1Q==,type:str]
home-assistant:
mosquitto:
hass: ENC[AES256_GCM,data:X6Lv5faZ6PlFy8OHH1I94MhkRrW7uTFDYChEILxm6ruyTXKY9r5KieFcvSyeJTU99yHZ77zmnUZJ1akFwRwKziSQiBNM5eBthNjX5lRmQcbKx5kDQSPauvWp6MfF69S38j6SBdCE5VjyIh8cglD7+Q==,iv:eEoCYDW3MGl8WGaVNQczvaTi+Eg40l/lUQfm2fQO8HE=,tag:2CjNPDbmlE/D1lHfh0AHFQ==,type:str]
@ -21,8 +25,8 @@ sops:
Q0lSZ2J3cHM1Zjc3TXMwWDlnaHdWazAKo64uQ1arscAhF4gbq3ly8mCNPzSDPWql
F+75SNZB24Vet5HNf0lsjZw6Iz5xiF43w05/yrSKg49cqAuij+PiCw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-01-14T00:52:52Z"
mac: ENC[AES256_GCM,data:Ikx/wjfyZQ+fopySJ87iXtGX+BdPo/QleLGe4WTb3q4hjjOfYbmp4tVJQWAKomwISEDoZwcrF5PghgooBg4pqfNsOJ02xUMRtKo0S9VnEnaIyU6lndX4AJ99s9tr5ilLWMDKS9EHEIkHT50tVjuJ+ikoKaTie1RAOx5Z0Gc/fYI=,iv:ivba645e2E/OxbGwGW5RR/Q++PO9zEMWMrQK3TvJwco=,tag:P8KeW8rsTHRMgWWIQ89aFw==,type:str]
lastmodified: "2026-01-15T11:55:21Z"
mac: ENC[AES256_GCM,data:GRNJRBFcgcamJ8IMWpQh8jEEB/N+aVmpLg9bLsTQqWpL+0IyR+5Ew0s58S/S6mrrZUyMMmsnbFD2ou2SaCQbDhWTp3Vp02IgrvEw8BJSHH2n/0ZdxQ2itnjzlfjsPKEudJOvE/GlYSWknz8uI7I8DNjMTdJZVXHwfbAVo0FnD9Y=,iv:HkqiBmDkfehYwnyJtf5k5XPesUD+MBjKVG6BS/m+760=,tag:koFBtoMsUsD995Wl4eisTA==,type:str]
pgp:
- created_at: "2025-08-21T19:07:51Z"
enc: |-

10
server/wireguard.nix
View file

@ -1,17 +1,19 @@
{ config, lib, ... }:
{
options.server.wireguard-bridge.enable = lib.mkEnableOption "Enables Wireguard host functionality";
options.server.wireguard-bridge.ip = lib.mkOption;
options.server.wireguard-bridge.ip = lib.mkOption { };
config = lib.mkIf config.server.wireguard-bridge {
sops.secrets."wireguard/bridge/private" = { };
config = lib.mkIf config.server.wireguard-bridge.enable {
sops.secrets."wireguard/bridge/private" = {
sopsFile = ../hosts/${config.networking.hostName}/secrets/default.yaml;
};
networking.firewall.allowedUDPPorts = [ 51821 ];
networking.wireguard.interfaces = {
bridge = {
ips = [ config.server.wireguard-bridge.ip ];
listenPort = 51821;
privateKeyFile = config.sops.secrets."wireguard-bridge/private".path;
privateKeyFile = config.sops.secrets."wireguard/bridge/private".path;
peers = [
{