From 9e7855ceb4281327f9cb600d54448ca0077f37a1 Mon Sep 17 00:00:00 2001
From: min <minish@riseup.net>
Date: Thu, 5 Jun 2025 13:45:51 -0400
Subject: [PATCH] Add peers

---
 nixos/hosts/silver/services/wireguard.nix | 13 +++++++++++++
 secrets/silver/default.yaml               |  5 +++--
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/nixos/hosts/silver/services/wireguard.nix b/nixos/hosts/silver/services/wireguard.nix
index e8a5706..1ef5533 100644
--- a/nixos/hosts/silver/services/wireguard.nix
+++ b/nixos/hosts/silver/services/wireguard.nix
@@ -10,6 +10,7 @@ in {
   sops.secrets."svc-wireguard-psk-0-2" = {};
   sops.secrets."svc-wireguard-psk-1-1" = {};
   sops.secrets."svc-wireguard-psk-1-2" = {};
+  sops.secrets."svc-wireguard-psk-1-3" = {};
   sops.secrets."svc-wireguard-psk-2-1" = {};
   sops.secrets."svc-wireguard-psk-3-1" = {};
   sops.secrets."svc-wireguard-psk-4-1" = {};
@@ -47,31 +48,43 @@ in {
 
         peers = [
           {
+            # infra eidola
             publicKey = "37FwgVhjem6QCSAzPtdYNwHMPC0YIKpsBOp4Ix23lGU=";
             allowedIPs = ["10.193.0.2/32"];
             presharedKeyFile = config.sops.secrets."svc-wireguard-psk-0-2".path;
           }
           {
+            # u1 laptop
             publicKey = "ayscoZwIMa9eNciYODZlILrXzfwn0t/2j/qa7/ftUQM=";
             allowedIPs = ["10.193.1.1/32"];
             presharedKeyFile = config.sops.secrets."svc-wireguard-psk-1-1".path;
           }
           {
+            # u1 temp server
             publicKey = "acLrMesy/gPvmUQKSJY42X9+WlMW9nwc8dYcreivtDo=";
             allowedIPs = ["10.193.1.2/32"];
             presharedKeyFile = config.sops.secrets."svc-wireguard-psk-1-2".path;
           }
           {
+            # u1 desktop
+            publicKey = "oMT4xjH7ASh7dUZV7KF9ZX0lhbACqReMagxYrfTaIm8=";
+            allowedIPs = ["10.193.1.3/32"];
+            presharedKeyFile = config.sops.secrets."svc-wireguard-psk-1-3".path;
+          }
+          {
+            # u2 desktop
             publicKey = "E+cApvpWOfwehlwDxA8paR/fWZq8iozSofTSRA7dBx0=";
             allowedIPs = ["10.193.2.1/32"];
             presharedKeyFile = config.sops.secrets."svc-wireguard-psk-2-1".path;
           }
           {
+            # u3 desktop
             publicKey = "pUEQnX5+lG7sHydXVWtqLFmDVJ1Mqn/sZOTTwaFwnVc=";
             allowedIPs = ["10.193.3.1/32"];
             presharedKeyFile = config.sops.secrets."svc-wireguard-psk-3-1".path;
           }
           {
+            # u4 desktop
             publicKey = "mMLd7efRu2BCdv+X+jzRtz1U1EnCU5hzGb7G0x3N7jY=";
             allowedIPs = ["10.193.4.1/32"];
             presharedKeyFile = config.sops.secrets."svc-wireguard-psk-4-1".path;
diff --git a/secrets/silver/default.yaml b/secrets/silver/default.yaml
index 6ceb04b..831119c 100644
--- a/secrets/silver/default.yaml
+++ b/secrets/silver/default.yaml
@@ -12,6 +12,7 @@ svc-wireguard-key: ENC[AES256_GCM,data:dmxJ07UnQAtet4RtlVXEMFLVKxOU44XQcUW7h7UPb
 svc-wireguard-psk-0-2: ENC[AES256_GCM,data:0sTGYa3HUe70hYJZnPy9w0iG37aRDTplmdvGdc5C8KN8Dg5XbVc2CmVS1r4=,iv:9Dnr3BYhzKKOZ7S565HY4CkhgPv1JEd3Zk7662/cd9s=,tag:Dd0BLrIjfX0F2lBan59jUg==,type:str]
 svc-wireguard-psk-1-1: ENC[AES256_GCM,data:YbxjRleUWTr1+rZyzZ+5vB9Po/V0T1mYhH+H8igjascGV/Oo4lPn1xoYqLg=,iv:+fcWdpRqR7GU5UXug+6GCX9Be5DoE944T5PIm0csgEU=,tag:3mGEL3KYjfSJ9uM+i6Wirg==,type:str]
 svc-wireguard-psk-1-2: ENC[AES256_GCM,data:K7tml5C3DEFkyJCf/U/CqNIcYIm4xDTmUQJTNw1AOgnxjWQhcfXDAU9xfME=,iv:h3xL81wHb4itBKo4+wUPbxxlzZNpbM7yfjIryBc+nfg=,tag:+5aXxvMi8j9fH9ZcrUVAUQ==,type:str]
+svc-wireguard-psk-1-3: ENC[AES256_GCM,data:66Yw2km4aWUAiy5Gk4diyeUV5AcLh4iJX+nJJLfq06emY9sYu43jUrCGYBc=,iv:FAr0K9CzOnCC3+XC70DZdsi7gtmvr4MZLl66Z+GUi2I=,tag:6AaxexFHSzGQGtk+lSjmjw==,type:str]
 svc-wireguard-psk-2-1: ENC[AES256_GCM,data:+80iLdsHE0rtM1rVb4xUfzOwpMSOqgxtuKWg4d7Kj7kDuvrCrHPX83NruNo=,iv:HDfGq2o41qTyUU3PwfUvJJcb88JIcbW3yrfqRY8lBxY=,tag:+jWwRf5vqSriCOKdOu3Qag==,type:str]
 svc-wireguard-psk-3-1: ENC[AES256_GCM,data:USX+fQeT+f+ZU8R7pgIXYPBd4f+8BGrFpuJwxCLprkhhxEY2U8kz85zg8Tw=,iv:QxzQyJEIqoT7szXBgE6M2qd0MeO8Y2e4wLRY9PH0x9M=,tag:kWLwR18SVfj52xkN4tJM7g==,type:str]
 svc-wireguard-psk-4-1: ENC[AES256_GCM,data:gQmzz0CP3b6aLLe1ucGTHmSpTP9RHDAhpnqkQci8RLdm2gQNIxfU5ASmSW8=,iv:Klq6y+81EqjQXZNDpnmPKhq8+gCtWklq09bzlKwm9Ys=,tag:H0GoCLLcVMC8FtzFx9HyPA==,type:str]
@@ -45,7 +46,7 @@ sops:
             NVREcHJGWWIvY0Z1OGt4cGN6am1RaXMKAnlb8FOJ1wO5qtcmej57s7rhWjv5wqIn
             nCUJX0R7s0/KH3aj98bX/4hQg2ZAw1l+xViOOIfwfRnzLWeyaAnk5A==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-05-31T00:25:25Z"
-    mac: ENC[AES256_GCM,data:dpaVHzh3xF1A3UgjbtYEmKVk4VQSX5r2e+IMVPruJLgMTmGMByMsWwY+n46XcGUJWem4W60upcU/NL9WCFKwoSBk9lPsbm/w34G0xquAfI9m0m9CoddRRuZfhI4Q/J0jcVAH2JebryVrQXJNUuB2tQ9MkIjXjYIONiMF831O2D0=,iv:ex3+hDvkbW+tWjZqhaOf+WXEvhJTzuGxXffFxUahiiM=,tag:h72Zq8H6gOC6Cl4jJoyBrw==,type:str]
+    lastmodified: "2025-05-31T03:40:23Z"
+    mac: ENC[AES256_GCM,data:KXxw3HwdVnQcsVhYfTvn4zxlTjmEqHHdDkKqNkY2keZ99mhQVXhHLU7P63+I5VhZy6sid4ueQ/H2+fM38+twMyDo0xLYkhkJd0pXVGgi5GiN+5JcTVf4NvR1+hEt43XEEfTLzRfeEd3resexNu1C/C9LCEZX5LK3GsOlt/xL1s0=,iv:8T0XfBS+ZSOK7gzoQpBnTu+dMis739AI8s5f48DDy1c=,tag:5lr/C1rCsPChqPsfEu7JTQ==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.10.2