create wireguard tunnel to home

configuration.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, lib, ... }@args:
+{ pkgs, config, ... }:
 
 let
   stateVersion = "23.05";
@@ -29,8 +29,6 @@ in
     excludePackages = with pkgs; [ xterm ];
   };
 
-  # home-manager.users.pim = import ./home/home.nix;
-
   users.users.pim = {
     isNormalUser = true;
     extraGroups = [ "wheel" ];
@@ -74,4 +72,29 @@ in
       experimental-features = nix-command flakes
     '';
   };
+
+  age.secrets.wg-quick-home-privkey.file = ./secrets/wg-quick-home-privkey.age;
+  age.secrets.wg-quick-home-preshared-key.file = ./secrets/wg-quick-home-preshared-key.age;
+  age.identityPaths = [ "/home/pim/.ssh/id_ed25519" ];
+
+
+  networking.wg-quick = {
+    interfaces.home = {
+      privateKeyFile = config.age.secrets.wg-quick-home-privkey.path;
+      address = [
+        "10.225.191.4/24"
+        "fd11:5ee:bad:c0de::4/64"
+      ];
+      dns = [ "192.168.30.8" ];
+      peers = [{
+        presharedKeyFile = config.age.secrets.wg-quick-home-preshared-key.path;
+        endpoint = "84.245.14.149:51820";
+        publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
+        allowedIPs = [
+          "0.0.0.0/0"
+          "::0/0"
+        ];
+      }];
+    };
+  };
 }

flake.lock

@@ -1,5 +1,51 @@
 {
   "nodes": {
+    "agenix": {
+      "inputs": {
+        "darwin": "darwin",
+        "home-manager": [
+          "home-manager"
+        ],
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1696775529,
+        "narHash": "sha256-TYlE4B0ktPtlJJF9IFxTWrEeq+XKG8Ny0gc2FGEAdj0=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "daf42cb35b2dc614d1551e37f96406e4c4a2d3e4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
+    "darwin": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1673295039,
+        "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
+        "owner": "lnl7",
+        "repo": "nix-darwin",
+        "rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
+        "type": "github"
+      },
+      "original": {
+        "owner": "lnl7",
+        "ref": "master",
+        "repo": "nix-darwin",
+        "type": "github"
+      }
+    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -69,6 +115,7 @@
     },
     "root": {
       "inputs": {
+        "agenix": "agenix",
         "home-manager": "home-manager",
         "homeage": "homeage",
         "nixpkgs": "nixpkgs",

flake.nix

@@ -12,14 +12,20 @@
       url = "github:jordanisaacs/homeage";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    agenix = {
+      url = "github:ryantm/agenix";
+      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.home-manager.follows = "home-manager";
+    };
   };
 
-  outputs = { nixpkgs, home-manager, homeage, ... }: {
+  outputs = { nixpkgs, home-manager, homeage, agenix, ... }: {
     nixosConfigurations = {
       pim = nixpkgs.lib.nixosSystem {
         system =  "x86_64-linux";
         modules = [
           ./configuration.nix
+          agenix.nixosModules.default
           home-manager.nixosModules.home-manager {
             home-manager.useGlobalPkgs = true;
             home-manager.useUserPackages = true;

secrets/README.md

@@ -0,0 +1 @@
+nix run github:ryantm/agenix# -- -e secret1.age

secrets/secrets.nix

@@ -0,0 +1,7 @@
+let
+  pim = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILTxn6fDUyEOWhuapt5GptYPZay+3tNH+UeY7aq8KSbh pim@x260";
+in
+{
+  "wg-quick-home-privkey.age".publicKeys = [ pim ];
+  "wg-quick-home-preshared-key.age".publicKeys = [ pim ];
+}

secrets/wg-quick-home-preshared-key.age

@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 vBZj5g 7qZySIRklLEiFuGWmZCzA7o2gFmrj3MaxlpHFv6QQEE
+8JYbQk0j+VQWejVSdO+zSVzJbv1hyfDr13/2D4OEvKU
+-> >9W|B`-grease We!hy%z EIO'3;.3 s} W`
+KNmYbqbYWksSynw
+--- +wtolstlFP+wW8GMh9WvZMwXk+V1VYfaQQq4Wa/j1N4
+þI„{©‹éè¢Cµ¸§×<C2A7>‰´# ¦M2g‚Ã8ßµÆ;nRMEö%rÿõ<0C>²1(oå@R[ÊÚe½©/CÚ"™ÇÊÄUû=8^-Ü‹±