From 468c3d63f915c6032f5a5aee4ed553a0b8e3b08b Mon Sep 17 00:00:00 2001
From: kalipso <kalipso@c3d2.de>
Date: Tue, 14 Jan 2025 13:45:53 +0100
Subject: [PATCH] [fanny] add to malovpn

---
 machines/configuration.nix         |  1 +
 machines/fanny/configuration.nix   | 10 +++++++++-
 machines/modules/malobeo/peers.nix |  7 +++++++
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/machines/configuration.nix b/machines/configuration.nix
index a55a370..0fae148 100644
--- a/machines/configuration.nix
+++ b/machines/configuration.nix
@@ -117,6 +117,7 @@ in
     system = "x86_64-linux";
     specialArgs.inputs = inputs;
     modules = defaultModules ++ [
+      self.nixosModules.malobeo.vpn
       ./fanny/configuration.nix
     ];
   };
diff --git a/machines/fanny/configuration.nix b/machines/fanny/configuration.nix
index 3f79087..d1105fd 100644
--- a/machines/fanny/configuration.nix
+++ b/machines/fanny/configuration.nix
@@ -1,9 +1,11 @@
-{ inputs, pkgs, ... }:
+{ inputs, config, ... }:
 let
   sshKeys = import ../ssh_keys.nix;
 in
 {
   sops.defaultSopsFile = ./secrets.yaml;
+  sops.secrets.wg_private = {};
+
   imports =
     [ # Include the results of the hardware scan.
       #./hardware-configuration.nix
@@ -43,6 +45,12 @@ in
     ethernetDrivers = ["r8169"];
   };
 
+  services.malobeo.vpn = {
+    enable = true;
+    name = "vpn";
+    privateKeyFile = config.sops.secrets.wg_private.path;
+  };
+
   services.tor = {
     enable = true;
     client.enable = true;
diff --git a/machines/modules/malobeo/peers.nix b/machines/modules/malobeo/peers.nix
index bb83d86..fb16a40 100644
--- a/machines/modules/malobeo/peers.nix
+++ b/machines/modules/malobeo/peers.nix
@@ -28,4 +28,11 @@
     allowedIPs = [ "10.100.0.0/24" ];
     publicKey = "TrJ4UAF//zXdaLwZudI78L+rTC36zEDodTDOWNS4Y1Y=";
   };
+
+  "fanny" = {
+    role = "client";
+    address = [ "10.100.0.101/24" ];
+    allowedIPs = [ "10.100.0.0/24" ];
+    publicKey = "3U59F6T1s/1LaZBIa6wB0qsVuO6pRR9jfYZJIH2piAU=";
+  };
 }