services: Add wireguard service

2023-04-23 23:42:25 +01:00 · 2023-04-23 23:42:25 +01:00 · 14d29fa49d
commit 14d29fa49d
parent acd7cc802b
4 changed files with 110 additions and 20 deletions
--- a/configuration/sops.nix
+++ b/configuration/sops.nix
@ -1,22 +1,34 @@
 {
  sops = {
    defaultSopsFile = ../keys/production.yaml;
-    secrets."nextcloud/tlater" = {
-      owner = "nextcloud";
-      group = "nextcloud";
-    };
-    secrets."steam/tlater" = {};
-    secrets."heisenbridge/as-token" = {};
-    secrets."heisenbridge/hs-token" = {};
-    secrets."turn/env" = {};
-    secrets."turn/secret" = {
-      owner = "turnserver";
-    };
-    secrets."turn/ssl-key" = {
-      owner = "turnserver";
-    };
-    secrets."turn/ssl-cert" = {
-      owner = "turnserver";
+
+    secrets = {
+      "nextcloud/tlater" = {
+        owner = "nextcloud";
+        group = "nextcloud";
+      };
+
+      "steam/tlater" = {};
+
+      "heisenbridge/as-token" = {};
+      "heisenbridge/hs-token" = {};
+
+      "wireguard/server-key" = {
+        owner = "root";
+        group = "systemd-network";
+        mode = "0440";
+      };
+
+      "turn/env" = {};
+      "turn/secret" = {
+        owner = "turnserver";
+      };
+      "turn/ssl-key" = {
+        owner = "turnserver";
+      };
+      "turn/ssl-cert" = {
+        owner = "turnserver";
+      };
    };
  };
 }