2 files changed, 8 insertions, 41 deletions

diff --git a/machines/nixos/x86_64-linux/synology-vm.nix b/machines/nixos/x86_64-linux/bree.nix
index 600312d..7c8a661 100644
--- a/machines/nixos/x86_64-linux/synology-vm.nix
+++ b/machines/nixos/x86_64-linux/bree.nix
@@ -13,43 +13,15 @@
     ../../../profiles/server.nix
   ];
 
-  age = {
-    secrets = {
-      restic_gcs_credentials = {
-        file = ../../../secrets/restic_gcs_credentials.age;
-      };
-      restic_password = {
-        file = ../../../secrets/restic_password.age;
-      };
-      nas_client_credentials = {
-        file = ../../../secrets/nas_client.age;
-      };
-      wireguard = {
-        file = ../../../secrets/vm-synology/wireguard.age;
-      };
-    };
-  };
+  age.secrets.wireguard.file = ../../../secrets/bree/wireguard.age;
 
   boot.loader.efi.canTouchEfiVariables = true;
   boot.loader.systemd-boot.enable = true;
 
-  networking.hostName = "synology-vm";
+  networking.hostName = "bree";
   networking.useDHCP = lib.mkDefault true;
   systemd.network.wait-online.anyInterface = lib.mkDefault config.networking.useDHCP;
 
-  users.users.builder = {
-    openssh.authorizedKeys.keys = [
-      # my personal key
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"
-      # remote builder ssh key
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGFGxdplt9WwGjdhoYkmPe2opZMJShtpqnGCI+swrgvw"
-    ];
-    isNormalUser = true;
-    group = "nogroup";
-  };
-
-  nix.settings.trusted-users = [ "builder" ];
-
   networking.wireguard = {
     enable = true;
     interfaces.wg0 = {
@@ -58,21 +30,23 @@
       privateKeyFile = config.age.secrets.wireguard.path;
       peers = [
         {
-          publicKey = "I+l/sWtfXcdunz2nZ05rlDexGew30ZuDxL0DVTTK318=";
-          allowedIPs = [ "10.100.0.0/24" ];
-          endpoint = "165.232.158.110:51871";
+          # argonath
+          publicKey = "vTItDh9YPnA+8hL1kIK+7EHv0ol3qvhfAfz790miw1w=";
+          allowedIPs = [ "10.100.0.51/32" ];
+          endpoint = "157.230.146.234:51871";
           persistentKeepalive = 25;
         }
         {
           # rivendell
           publicKey = "jf7T7TMKQWSgSXhUplldZDV9G2y2BjMmHIAhg5d26ng=";
-          allowedIPs = [ "10.100.0.0/24" ];
+          allowedIPs = [ "10.100.0.60/32" ];
           persistentKeepalive = 25;
         }
       ];
     };
   };
 
+  networking.firewall.trustedInterfaces = [ "wg0" ];
   networking.firewall.allowedUDPPorts = [ 51871 ];
 
   home-manager = {
diff --git a/machines/nixos/x86_64-linux/rivendell.nix b/machines/nixos/x86_64-linux/rivendell.nix
index e07e876..1e7abcf 100644
--- a/machines/nixos/x86_64-linux/rivendell.nix
+++ b/machines/nixos/x86_64-linux/rivendell.nix
@@ -54,13 +54,6 @@
       privateKeyFile = config.age.secrets.wireguard.path;
       peers = [
         {
-          # digital ocean droplet
-          publicKey = "I+l/sWtfXcdunz2nZ05rlDexGew30ZuDxL0DVTTK318=";
-          allowedIPs = [ "10.100.0.50/32" ];
-          endpoint = "165.232.158.110:51871";
-          persistentKeepalive = 25;
-        }
-        {
           # argonath
           publicKey = "vTItDh9YPnA+8hL1kIK+7EHv0ol3qvhfAfz790miw1w=";
           allowedIPs = [ "10.100.0.51/32" ];