wireguard: module and peers configurations

Add a new module to automatically configure the peers for wireguard. The module needs a configuration file (in `configs/wireguard.toml`) which lists all the peers, their IP and and their public keys. The secret keys is encrypted as a secret with agenix. There's some initial documentation on how to use this setup.
author: Franck Cuny <franck@fcuny.net> 2022-02-21 13:33:51 -0800
committer: Franck Cuny <franck@fcuny.net> 2022-02-21 13:33:51 -0800
commit: cd9c8ec5fdbe4874c7be95c80f8ab86999b30390 (patch)
tree: 513331627090ae863c064cf2662ba77906e6f54a /docs/wireguard.org
parent: secrets: initial config and a first secret (diff)
download: infra-cd9c8ec5fdbe4874c7be95c80f8ab86999b30390.tar.gz
1 files changed, 21 insertions, 0 deletions
diff --git a/docs/wireguard.org b/docs/wireguard.org
new file mode 100644
index 0000000..154c159
--- /dev/null
+++ b/docs/wireguard.org
@@ -0,0 +1,21 @@
+#+TITLE: Configuration for wireguard
+
+* Creating the keys
+We need a key for the host:
+#+begin_src sh
+(umask 0077; wg genkey > peer_A.key)
+#+end_src
+
+Next we create the public key:
+#+begin_src sh
+wg pubkey < peer_A.key > peer_A.pub
+#+end_src
+
+Now we need to add the private key to the list of secrets:
+#+begin_src sh
+nix run github:ryantm/agenix -- -e secrets/network/<host name>/wireguard_privatekey.age
+#+end_src
+
+Once this is done, update [[file:~/workspace/world/configs/wireguard.toml][wireguard.toml]] to add the new peer with the public key.
+
+Once this is completed, we can delete the files =peer_A.key= and =peer_A.pub=.
author	Franck Cuny <franck@fcuny.net>	2022-02-21 13:33:51 -0800
committer	Franck Cuny <franck@fcuny.net>	2022-02-21 13:33:51 -0800
commit	cd9c8ec5fdbe4874c7be95c80f8ab86999b30390 (patch)
tree	513331627090ae863c064cf2662ba77906e6f54a /docs/wireguard.org
parent	secrets: initial config and a first secret (diff)
download	infra-cd9c8ec5fdbe4874c7be95c80f8ab86999b30390.tar.gz