ips readjustments to add workstation to wireguard

2026-02-15 13:34:03 -06:00
parent 13a525ca12
commit a5f45292ff
5 changed files with 31 additions and 22 deletions
--- a/modules/modules.nix
+++ b/modules/modules.nix
@@ -53,8 +53,9 @@ in
        vps = "45.79.25.87";
        wg-vps = "10.77.0.1";
        wg-server = "10.77.0.2";
-        wg-galaxy = "10.77.0.3";
-        wg-phone = "10.77.0.4";
+        wg-workstation = "10.77.0.3";
+        wg-galaxy = "10.77.0.4";
+        wg-phone = "10.77.0.5";
        wg-guest1 = "10.9.0.2";
        wg-guest2 = "10.9.0.3";
        wg-friend1 = "10.8.0.2";
--- a/modules/services/wireguard.nix
+++ b/modules/services/wireguard.nix
@@ -9,7 +9,7 @@ in
 {
  options.my.services.wireguard.enable = lib.mkEnableOption "WireGuard VPN configuration";
  config = lib.mkIf (config.my.services.wireguard.enable && config.my.secureHost) {
-    sops.secrets."vps/server/private".sopsFile = ../../secrets/wireguard.yaml;
+    sops.secrets."vps/private".sopsFile = ../../secrets/wireguard.yaml;
    networking = {
      firewall.allowedUDPPorts = [ port ];
      wireguard.interfaces.wg0 = {
@@ -21,12 +21,16 @@ in
        listenPort = port;
        postSetup = "";
        postShutdown = "";
-        privateKeyFile = config.sops.secrets."vps/server/private".path;
+        privateKeyFile = config.sops.secrets."vps/private".path;
        peers = [
          {
            publicKey = "OUiqluRaS4hmGvLJ3csQrnIM3Zzet50gsqtTABaUkH4=";
            allowedIPs = [ "${config.my.ips.wg-server}/32" ];
          }
+          {
+            publicKey = "AR17CdtUPs595sbb9WZvAYoEpdKezOKKbDmgUa9+IxQ=";
+            allowedIPs = [ "${config.my.ips.wg-workstation}/32" ];
+          }
          {
            publicKey = "BwN4uCkMd6eAS5Ugld0oXnA16IhgEEQF8mOJ3+vHliA=";
            allowedIPs = [ "${config.my.ips.wg-galaxy}/32" ];