3 files changed, 41 insertions, 0 deletions

diff --git a/machines/nixos/x86_64-linux/do-rproxy/default.nix b/machines/nixos/x86_64-linux/do-rproxy/default.nix
index 32005e0..0d74a1f 100644
--- a/machines/nixos/x86_64-linux/do-rproxy/default.nix
+++ b/machines/nixos/x86_64-linux/do-rproxy/default.nix
@@ -18,10 +18,17 @@
       privateKeyFile = config.age.secrets.wireguard.path;
       peers = [
         {
+          # vm-synology
           publicKey = "bJZyQoemudGJQox8Iegebm23c4BNVIxRPy1kmI2l904=";
           allowedIPs = [ "10.100.0.0/24" ];
           persistentKeepalive = 25;
         }
+        {
+          # rivendell
+          publicKey = "jf7T7TMKQWSgSXhUplldZDV9G2y2BjMmHIAhg5d26ng=";
+          allowedIPs = [ "10.100.0.0/24" ];
+          persistentKeepalive = 25;
+        }
       ];
     };
   };
diff --git a/machines/nixos/x86_64-linux/rivendell/default.nix b/machines/nixos/x86_64-linux/rivendell/default.nix
index 700a57f..1f38f6f 100644
--- a/machines/nixos/x86_64-linux/rivendell/default.nix
+++ b/machines/nixos/x86_64-linux/rivendell/default.nix
@@ -12,6 +12,14 @@
     ../../../../profiles/disk/btrfs-on-luks.nix
   ];
 
+  age = {
+    secrets = {
+      wireguard = {
+        file = ../../../../secrets/rivendell/wireguard.age;
+      };
+    };
+  };
+
   boot.initrd.availableKernelModules = [
     "nvme"
     "xhci_pci"
@@ -45,6 +53,26 @@
 
   nix.settings.trusted-users = [ "builder" ];
 
+  networking.wireguard = {
+    enable = true;
+    interfaces.wg0 = {
+      ips = [ "10.100.0.60/32" ];
+      listenPort = 51871;
+      privateKeyFile = config.age.secrets.wireguard.path;
+      peers = [
+        {
+          # digital ocean droplet
+          publicKey = "I+l/sWtfXcdunz2nZ05rlDexGew30ZuDxL0DVTTK318=";
+          allowedIPs = [ "10.100.0.0/24" ];
+          endpoint = "165.232.158.110:51871";
+          persistentKeepalive = 25;
+        }
+      ];
+    };
+  };
+
+  networking.firewall.allowedUDPPorts = [ 51871 ];
+
   my.modules.hardware.baremetal.enable = true;
   my.modules.remote-unlock.enable = true;
 
diff --git a/machines/nixos/x86_64-linux/synology-vm/default.nix b/machines/nixos/x86_64-linux/synology-vm/default.nix
index cbf9f13..d04a44a 100644
--- a/machines/nixos/x86_64-linux/synology-vm/default.nix
+++ b/machines/nixos/x86_64-linux/synology-vm/default.nix
@@ -68,6 +68,12 @@
           endpoint = "165.232.158.110:51871";
           persistentKeepalive = 25;
         }
+        {
+          # rivendell
+          publicKey = "jf7T7TMKQWSgSXhUplldZDV9G2y2BjMmHIAhg5d26ng=";
+          allowedIPs = [ "10.100.0.0/24" ];
+          persistentKeepalive = 25;
+        }
       ];
     };
   };