From b6aef858606ba43c8760f9538924b7ef9e34d928 Mon Sep 17 00:00:00 2001
From: kalipso <kalipso@c3d2.de>
Date: Tue, 17 Dec 2024 23:04:50 +0100
Subject: [PATCH] [vpn] init wireguard

---
 machines/modules/malobeo/peers.nix | 2 +-
 machines/vpn/configuration.nix     | 8 ++++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/machines/modules/malobeo/peers.nix b/machines/modules/malobeo/peers.nix
index c42ae119..be109b77 100644
--- a/machines/modules/malobeo/peers.nix
+++ b/machines/modules/malobeo/peers.nix
@@ -5,7 +5,7 @@
     ips = [ "10.100.0.1/24" ];
     allowedIPs = [ "10.100.0.0/24" ];
     listenPort = 51821;
-    publicKey = "";
+    publicKey = "hF9H10Y8Ar7zvZXFoNM8LSoaYFgPCXv30c54SSEucX4=";
   };
 
   "fanny" = {
diff --git a/machines/vpn/configuration.nix b/machines/vpn/configuration.nix
index 10db2879..d29bb7c2 100644
--- a/machines/vpn/configuration.nix
+++ b/machines/vpn/configuration.nix
@@ -3,6 +3,8 @@
 with lib;
 
 {
+  sops.secrets.wg_private = {};
+
   networking = {
     hostName = mkDefault "vpn";
     useDHCP = false;
@@ -15,6 +17,12 @@ with lib;
     ../modules/minimal_tools.nix
   ];
 
+  services.malobeo.vpn = {
+    enable = true;
+    name = "vpn";
+    privateKey = config.sops.secrets.wg_private.path;
+  };
+
   system.stateVersion = "22.11"; # Did you read the comment?
 }