diff --git a/nixos/hosts/eidola/services/samba.nix b/nixos/hosts/eidola/services/samba.nix index 9ff5299..36e2f92 100644 --- a/nixos/hosts/eidola/services/samba.nix +++ b/nixos/hosts/eidola/services/samba.nix @@ -9,6 +9,7 @@ _: { min = shareUser; # other ppls u2-1 = shareUser; + u3-1 = shareUser; }; groups."share" = {}; }; @@ -42,7 +43,7 @@ _: { lostlibrary = { "path" = "/terra/lostlibrary"; "read only" = false; - "valid users" = "min u2-1"; + "valid users" = "min u2-1 u3-1"; }; }; }; diff --git a/nixos/hosts/silver/services/wireguard.nix b/nixos/hosts/silver/services/wireguard.nix index d85b4ea..4fb8a84 100644 --- a/nixos/hosts/silver/services/wireguard.nix +++ b/nixos/hosts/silver/services/wireguard.nix @@ -10,6 +10,7 @@ in { sops.secrets."svc-wireguard-psk-0-2" = {}; sops.secrets."svc-wireguard-psk-1-1" = {}; sops.secrets."svc-wireguard-psk-2-1" = {}; + sops.secrets."svc-wireguard-psk-3-1" = {}; boot.kernel.sysctl."net.ipv4.ip_forward" = true; @@ -56,6 +57,11 @@ in { allowedIPs = ["10.193.2.1/32"]; presharedKeyFile = config.sops.secrets."svc-wireguard-psk-2-1".path; } + { + publicKey = "pUEQnX5+lG7sHydXVWtqLFmDVJ1Mqn/sZOTTwaFwnVc="; + allowedIPs = ["10.193.3.1/32"]; + presharedKeyFile = config.sops.secrets."svc-wireguard-psk-3-1".path; + } ]; }; }; diff --git a/secrets/silver.yaml b/secrets/silver.yaml index 4afe565..c223374 100644 --- a/secrets/silver.yaml +++ b/secrets/silver.yaml @@ -11,6 +11,7 @@ svc-wireguard-key: ENC[AES256_GCM,data:dmxJ07UnQAtet4RtlVXEMFLVKxOU44XQcUW7h7UPb svc-wireguard-psk-0-2: ENC[AES256_GCM,data:0sTGYa3HUe70hYJZnPy9w0iG37aRDTplmdvGdc5C8KN8Dg5XbVc2CmVS1r4=,iv:9Dnr3BYhzKKOZ7S565HY4CkhgPv1JEd3Zk7662/cd9s=,tag:Dd0BLrIjfX0F2lBan59jUg==,type:str] svc-wireguard-psk-1-1: ENC[AES256_GCM,data:YbxjRleUWTr1+rZyzZ+5vB9Po/V0T1mYhH+H8igjascGV/Oo4lPn1xoYqLg=,iv:+fcWdpRqR7GU5UXug+6GCX9Be5DoE944T5PIm0csgEU=,tag:3mGEL3KYjfSJ9uM+i6Wirg==,type:str] svc-wireguard-psk-2-1: ENC[AES256_GCM,data:+80iLdsHE0rtM1rVb4xUfzOwpMSOqgxtuKWg4d7Kj7kDuvrCrHPX83NruNo=,iv:HDfGq2o41qTyUU3PwfUvJJcb88JIcbW3yrfqRY8lBxY=,tag:+jWwRf5vqSriCOKdOu3Qag==,type:str] +svc-wireguard-psk-3-1: ENC[AES256_GCM,data:USX+fQeT+f+ZU8R7pgIXYPBd4f+8BGrFpuJwxCLprkhhxEY2U8kz85zg8Tw=,iv:QxzQyJEIqoT7szXBgE6M2qd0MeO8Y2e4wLRY9PH0x9M=,tag:kWLwR18SVfj52xkN4tJM7g==,type:str] sops: age: - recipient: age1yubikey1qg5k0y844v5e79uwax3r00u7zdljwnjlrmwvdr3st9m5a3ra5098qy0sjdj @@ -32,7 +33,7 @@ sops: MXdERWkyRitkbWtHMnpQaGxhbTRma2cK75S4x9TdquXAV00m9EQ1vJno14YTmPD4 K8ne37brRWWi3gW6JsaOQOshNE19u4uwkAXZ2IQ+NdAq7Kt/qrcU8w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-05-10T21:20:57Z" - mac: ENC[AES256_GCM,data:DW6JeUzmMBOTvf6ryn943ZzbQ8785cPERuCALUdd9AS+SfbXwSOrHB8O+P8CFOFhgEyQZAxTX3s/Zgf7kXrNkZw42GOebdHIK/GN4ZVcY//RJ9muuYPrnniBe158vGzqBtq73tZRKIyp725hhfEc+vISsQ4c6023dPpToFQQH6w=,iv:himdgdJFnQVyowYcqiJcWd44XIWI3ToPeVV2tXfFhGg=,tag:8gO8KJk88sCp0lj+kPlOGg==,type:str] + lastmodified: "2025-05-11T01:03:55Z" + mac: ENC[AES256_GCM,data:QiKJfX/odDwZLH8Ds6pTBrQ5FplSMGLzDwk9jhXu8y5B6SAnahuf4X9Nj9V6rNHvYMN7MBnVQKcb5lD/nofNPOLvck9CTP6yWJ3WTK4Nd79Ffx0kRK3QY8Q1WlzjE0fDel5pJaytivf/l+BZwrWKIR20h0HmT2ETSb+lzMdYFSs=,iv:rrT6VJkf/D3tzbuysu77eUiwUmHKZCwdrbcx3oTyBUI=,tag:zsBE/r7WGQ0PIo/ZQHS4/w==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2