feat: generate secrets

2025-10-11 07:10:39 +02:00 · 2023-06-12 01:03:44 +02:00 · 2023-06-12 01:03:44 +02:00 · 69bd2a71ce
commit 69bd2a71ce
parent f33fa54b65
24 changed files with 154 additions and 65 deletions
--- a/modules/distributed-config.nix
+++ b/modules/distributed-config.nix
@ -34,6 +34,7 @@ in {
    foreignConfigs = map (n: colmenaNodes.${n}.config.nodes.${nodeName} or {}) otherNodes;
    toplevelAttrs = ["age" "networking" "systemd" "services"];
  in
+    todo wrong, currently extension FROM microvms is not possible
    {
      assertions =
        map (n: {
--- a/modules/proxy-via-sentinel.nix
+++ b/modules/proxy-via-sentinel.nix
@ -0,0 +1,25 @@
+{
+  lib,
+  nodes,
+  ...
+}: {
+  extra.wireguard.proxy-sentinel.client.via = "sentinel";
+
+  networking.nftables.firewall = {
+    zones = lib.mkForce {
+      proxy-sentinel.interfaces = ["proxy-sentinel"];
+      sentinel = {
+        parent = "proxy-sentinel";
+        ipv4Addresses = [nodes.sentinel.config.extra.wireguard.proxy-sentinel.ipv4];
+        ipv6Addresses = [nodes.sentinel.config.extra.wireguard.proxy-sentinel.ipv6];
+      };
+    };
+
+    rules = lib.mkForce {
+      sentinel-to-local = {
+        from = ["sentinel"];
+        to = ["local"];
+      };
+    };
+  };
+}