machines.nix (8987B)
1 let 2 invert-suffix = ip: 3 let 4 elts = builtins.split "[\.]" ip; 5 in 6 "${builtins.elemAt elts 6}.${builtins.elemAt elts 4}"; 7 gpgRemoteForward = { 8 bind.address = "/run/user/1000/gnupg/S.gpg-agent"; 9 host.address = "/run/user/1000/gnupg/S.gpg-agent.extra"; 10 }; 11 gpgSSHRemoteForward = { 12 bind.address = "/run/user/1000/gnupg/S.gpg-agent.ssh"; 13 host.address = "/run/user/1000/gnupg/S.gpg-agent.ssh"; 14 }; 15 home = { 16 ips = { 17 aomi = "192.168.1.23"; 18 aion = "192.168.1.49"; 19 dev = "192.168.1.60"; 20 hokkaido = "192.168.1.115"; 21 honshu = "192.168.1.17"; 22 kobe = "192.168.1.18"; 23 naruhodo = "192.168.1.36"; 24 okinawa = "192.168.1.19"; 25 sakhalin = "192.168.1.70"; 26 shikoku = "192.168.1.24"; 27 synodine = "192.168.1.20"; 28 wakasu = "192.168.1.77"; 29 hass = "192.168.1.181"; 30 demeter = "192.168.1.182"; 31 athena = "192.168.1.183"; 32 }; 33 }; 34 wireguard = { 35 ips = { 36 kerkouane = "10.100.0.1"; 37 shikoku = "10.100.0.2"; 38 #honshu = "10.100.0.4"; 39 aomi = "10.100.0.17"; 40 hokkaido = "10.100.0.5"; 41 wakasu = "10.100.0.8"; 42 ipad = "10.100.0.3"; 43 vincent = "10.100.0.9"; 44 honshu = "10.100.0.10"; 45 houbeb = "10.100.0.13"; 46 okinawa = "10.100.0.14"; 47 naruhodo = "10.100.0.15"; 48 sakhalin = "10.100.0.16"; 49 hass = "10.100.0.81"; 50 demeter = "10.100.0.82"; 51 athena = "10.100.0.83"; 52 }; 53 kerkouane = { 54 allowedIPs = [ "${wireguard.ips.kerkouane}/32" ]; 55 publicKey = "+H3fxErP9HoFUrPgU19ra9+GDLQw+VwvLWx3lMct7QI="; 56 }; 57 shikoku = { 58 allowedIPs = [ "${wireguard.ips.shikoku}/32" ]; 59 publicKey = "foUoAvJXGyFV4pfEE6ISwivAgXpmYmHwpGq6X+HN+yA="; 60 }; 61 wakasu = { 62 allowedIPs = [ "${wireguard.ips.wakasu}/32" ]; 63 publicKey = "qyxGnd/YJefqb4eEPqKO5XinvNx14fPcuZMNeYuBvSQ="; 64 }; 65 vincent = { 66 allowedIPs = [ "${wireguard.ips.vincent}/32" ]; 67 publicKey = "1wzFG60hlrAoSYcRKApsH+WK3Zyz8IjdLgIb/8JbuW0="; 68 }; 69 ipad = { 70 allowedIPs = [ "${wireguard.ips.ipad}/32" ]; 71 publicKey = "6viS+HqkW+qSj4X+Sj8n1PCJ6QIaZsOkmFQytlRvRwk="; 72 }; 73 # houbeb = { 74 # allowedIPs = [ "${wireguard.ips.houbeb}/32" ]; 75 # publicKey = "tzanPdQBkD6FrWjalZAuc3G9PtLgHjPVCBjvJDCgdSw="; 76 # }; 77 okinawa = { 78 allowedIPs = [ "${wireguard.ips.okinawa}/32" ]; 79 publicKey = "gsX8RiTq7LkCiEIyNk2j9b8CHlJjSUbi1Im6nSWGmB4="; 80 }; 81 sakhalin = { 82 allowedIPs = [ "${wireguard.ips.sakhalin}/32" ]; 83 publicKey = "OAjw1l0z56F8kj++tqoasNHEMIWBEwis6iaWNAh1jlk="; 84 }; 85 aomi = { 86 allowedIPs = [ "${wireguard.ips.aomi}/32" ]; 87 publicKey = "XT4D9YLeVHwMb9R4mhBLSWHYF8iBO/UOT86MQL1jnA4="; 88 }; 89 hass = { 90 allowedIPs = [ "${wireguard.ips.hass}/32" ]; 91 publicKey = "sLi6Qpm6yyI0kuJ5LzCKXzFhhTW3Q50krxSin+b/sWs="; 92 }; 93 demeter = { 94 allowedIPs = [ "${wireguard.ips.demeter}/32" ]; 95 publicKey = "0n1CwaCwBUkRYlq0ZRzHK1VFGx1mXPQZvLKtTA3dqRw="; 96 }; 97 athena = { 98 allowedIPs = [ "${wireguard.ips.athena}/32" ]; 99 publicKey = "3bmLHTJYq++uESQD/WA0Qml38IIchPG3sL4epKPGc0I="; 100 }; 101 }; 102 ssh = { 103 yubikey = { 104 key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCDr3bRw6r43BVOltmTXtDQAtZlJ/viBrCb58fG8suSdO97xLEGukZzf1QX46aXQEsenfKOalcd+OrukcoVIiZtlh1BHAaBB09Q0vKjtB1zKcUdZQYb6kA21/ItpW3gNsZq5M98QpwS9soJOLSccQosDoVBWDcHx72Kpzp2x4seKyAIpb1gtPnQjnnwA7urTcANw7CU8lmB3UtJZNPHclJNKso7h0ZBapausk9t0xGP18rmzQAe2ipa6pwUzS5rRq+j0LiY/JZQaQWBfc1i3IcKictKW5EykKmywJcwmr/PcTdcgTT4FaD+b1t1QAPLV82HxGzOYQO+/WBptBdq7Ss5 openpgp:0x86ADD81F"; 105 authorized = true; 106 }; 107 yubikey5 = { 108 # key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJoArpBsTXr3m6q2QnA1vI1DSwmgdU0OAp7DUxcxl9CJfeZIEs/iAerk8jmHgJ2xCEF6SpzI0FWSQIXy8dKpF4wLJ0tCoq5LqQx3jEzy3NUBLfxK+/Baa1te4qG2YImlgnzmEEm5uZlCGZRY2L/U9+4Hwo1AgD69Zzin6QGh2pyTWpmZ/WyhwIfGgqsnlM9XlaVzlMHYfStDi+rUU6XEAfdSqo1SnWKDBHc3mDYGTVhfAlt2LucLKu7oI2MsSlSxva072BExctadtB3TGHbt8gRJZj8CdwgRNhT+hFfbsL6YDvQn6dhTSMuiD8sBEvVble0Nj4p+Q6ROCRIuMuhgh3 cardno:000610153832"; 109 key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJoArpBsTXr3m6q2QnA1vI1DSwmgdU0OAp7DUxcxl9CJfeZIEs/iAerk8jmHgJ2xCEF6SpzI0FWSQIXy8dKpF4wLJ0tCoq5LqQx3jEzy3NUBLfxK+/Baa1te4qG2YImlgnzmEEm5uZlCGZRY2L/U9+4Hwo1AgD69Zzin6QGh2pyTWpmZ/WyhwIfGgqsnlM9XlaVzlMHYfStDi+rUU6XEAfdSqo1SnWKDBHc3mDYGTVhfAlt2LucLKu7oI2MsSlSxva072BExctadtB3TGHbt8gRJZj8CdwgRNhT+hFfbsL6YDvQn6dhTSMuiD8sBEvVble0Nj4p+Q6ROCRIuMuhgh3 cardno:10 153 832"; 110 authorized = true; 111 }; 112 kerkouane = { 113 port = 20000; 114 key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILtEnw+3WMa9ESRyKdBUp/OHd8NPQdHLoqQ58L3YXF1o vincent@kerkouane"; 115 authorized = true; 116 }; 117 california = { 118 key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICl4uBPx98p0m1ra4nKxaDvCP8TCou5J10gFUpYAuzp9 u0_a103@localhost"; 119 }; 120 hokkaido = { 121 key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcmRh9Khviqrl9wPPzogW9vTMAtkFc0HfWQ5kgvOpCw vincent@hokkaido"; 122 authorized = true; 123 }; 124 wakasu = { 125 key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITpgxTnebhBnFyjWiF1nPM7Wl7qF+ce3xy/FvA4ZVN+ vincent@wakasu"; 126 authorized = true; 127 }; 128 vincent = { 129 key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINsbGtpU/w7Ff3O7hJ1QoO/5CuCrssBXrT+iHev/+rbf Generated By Termius"; 130 }; 131 kobe = { 132 key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOqGw3BHWvCtVr1YPlsUSO2Hw8wJ67jdajnOlROX2H/Y vincent@kobe"; 133 }; 134 houbeb = { 135 key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGUnBCTxRoIDhExcSaiirM5nf2PIcTMDUodYlGNvqfmD Generated By Termius"; 136 }; 137 phantom = { 138 key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDm23WasboyoiYcaCyxb/DWXRwWXR183gHwOcWTGMKZaYy0WMAWkBUPJjD5s7tlib2D7GJIoBqoPRvNQbmUdxFle+CftY7aj7oP7s0FlbNzFmybTzcZ/3zkkkKAOw2USw3saQ4kd8IqyACo9TsfhajX8jsrrHl3dzyjqTDWlcJmETUGpdYbSA7E3WavzPF2x3/kFcA5cmoYgpcFpGgXAKvaG2IFONLv+vTDPtGVq+GiOwQSVR7TXpFmdhHEw9hnzHnsuffQMxANaQMvqPV8+H0jfF3H2WNqp8GULcGyudngkKioTAVvBiTiRJnVK7hg6SxpdlszqO0yMjN37NB2gPJz houbeb@phantom.local"; 139 }; 140 okinawa = { 141 key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcu4MmZNeBLE7HDjLc6T10tz6rerziQbsZN0LS+mAiq vincd@okinawa"; 142 }; 143 honshu = { 144 key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAocnNHVCqloXfsvbOoMV0KYAdeon5NYrZX3bnWK+SAo vincent@honshu"; 145 }; 146 aomi = { 147 key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHJ3QqVCUiE4BIFKTJLN6mSnp9bLSnJ3gE8ScbAajGsH vincent@aomi"; 148 authorized = true; 149 }; 150 }; 151 in 152 { 153 home = home; 154 wireguard = wireguard; 155 wg = { 156 allowedIPs = "10.100.0.0/24"; 157 listenPort = 51820; 158 endpointIP = "167.99.17.238"; 159 persistentKeepalive = 25; 160 peers = [ wireguard.shikoku wireguard.wakasu wireguard.vincent wireguard.sakhalin wireguard.aomi wireguard.ipad wireguard.hass wireguard.demeter wireguard.athena ]; # wireguard.honshu wireguard.hokkaido wireguard.houbeb 161 }; 162 ssh = ssh; 163 sshConfig = { 164 "naruhodo.home" = { 165 hostname = "${home.ips.naruhodo}"; 166 }; 167 "naruhodo.vpn" = { 168 hostname = "${wireguard.ips.naruhodo}"; 169 }; 170 "aomi.home" = { 171 hostname = "${home.ips.aomi}"; 172 remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ]; 173 }; 174 "aion.home" = { 175 hostname = "${home.ips.aion}"; 176 remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ]; 177 }; 178 "aomi.vpn" = { 179 hostname = "${wireguard.ips.aomi}"; 180 remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ]; 181 }; 182 "okinawa.home" = { 183 hostname = "${home.ips.okinawa}"; 184 remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ]; 185 }; 186 "okinawa.vpn" = { 187 hostname = "${wireguard.ips.okinawa}"; 188 remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ]; 189 }; 190 "sakhalin.home" = { 191 hostname = "${home.ips.sakhalin}"; 192 remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ]; 193 }; 194 "sakhalin.vpn" = { 195 hostname = "${wireguard.ips.sakhalin}"; 196 remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ]; 197 }; 198 "hokkaido.home" = { 199 hostname = "${home.ips.hokkaido}"; 200 remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ]; 201 }; 202 "hokkaido.vpn" = { 203 hostname = "${wireguard.ips.hokkaido}"; 204 remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ]; 205 }; 206 "wakasu.home" = { 207 hostname = "${home.ips.wakasu}"; 208 remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ]; 209 }; 210 "wakasu.vpn" = { 211 hostname = "${wireguard.ips.wakasu}"; 212 remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ]; 213 }; 214 "athena.home" = { 215 hostname = "${home.ips.athena}"; 216 remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ]; 217 }; 218 "demeter.home" = { 219 hostname = "${home.ips.demeter}"; 220 remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ]; 221 }; 222 "dev.home" = { 223 hostname = "${home.ips.dev}"; 224 }; 225 "kerkouane.vpn" = { 226 hostname = "${wireguard.ips.kerkouane}"; 227 remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ]; 228 }; 229 }; 230 }