From 3198c309332af83b0f837a89dbca4f99af3bb533 Mon Sep 17 00:00:00 2001
From: Chaos <chaoticryptidz@owo.monster>
Date: Fri, 11 Nov 2022 21:17:57 +0000
Subject: [PATCH] more wg

---
 hosts/tablet/profiles/wireguard.nix | 8 ++++++++
 hosts/vault/profiles/wireguard.nix  | 7 +++++++
 hosts/vault/secrets-db.nix          | 6 ++++++
 hosts/vault/secrets.nix             | 6 ++++++
 4 files changed, 27 insertions(+)

diff --git a/hosts/tablet/profiles/wireguard.nix b/hosts/tablet/profiles/wireguard.nix
index 6f38cca..7ceacdb 100644
--- a/hosts/tablet/profiles/wireguard.nix
+++ b/hosts/tablet/profiles/wireguard.nix
@@ -23,6 +23,14 @@ in {
           endpoint = "vault.servers.genderfucked.monster:51820";
           persistentKeepalive = 25;
         }
+        # storage
+        {
+          publicKey = "biNNeCkjAWi2jUVoL5+1pBtXGa3OFZi4DltB2dqGjGg=";
+          presharedKeyFile = "${secrets-db.wg_preshared_storage.path}";
+          allowedIPs = [ "10.69.42.4/32" ];
+          endpoint = "storage.servers.genderfucked.monster:51820";
+          persistentKeepalive = 25;
+        }
       ];
     };
   };
diff --git a/hosts/vault/profiles/wireguard.nix b/hosts/vault/profiles/wireguard.nix
index 7384e71..4f678dd 100644
--- a/hosts/vault/profiles/wireguard.nix
+++ b/hosts/vault/profiles/wireguard.nix
@@ -22,6 +22,13 @@ in {
           presharedKeyFile = "${secrets-db.wg_preshared_tablet.path}";
           allowedIPs = [ "10.69.42.2/32" ];
         }
+        # storage
+        {
+          publicKey = "biNNeCkjAWi2jUVoL5+1pBtXGa3OFZi4DltB2dqGjGg=";
+          presharedKeyFile = "${secrets-db.wg_preshared_storage.path}";
+          endpoint = "storage.servers.genderfucked.monster:51820";
+          allowedIPs = [ "10.69.42.4/32" ];
+        }
       ];
     };
   };
diff --git a/hosts/vault/secrets-db.nix b/hosts/vault/secrets-db.nix
index 4ee504f..e70407f 100644
--- a/hosts/vault/secrets-db.nix
+++ b/hosts/vault/secrets-db.nix
@@ -29,4 +29,10 @@
     permissions = "660";
     path = "/secrets/wg_preshared_tablet";
   };
+  wg_preshared_storage = {
+    user = "root";
+    group = "root";
+    permissions = "660";
+    path = "/secrets/wg_preshared_storage";
+  };
 }
diff --git a/hosts/vault/secrets.nix b/hosts/vault/secrets.nix
index 1149485..b345aec 100644
--- a/hosts/vault/secrets.nix
+++ b/hosts/vault/secrets.nix
@@ -47,6 +47,12 @@ in {
       simple_get "/private-public-keys/wireguard/chaos-internal/vault" .preshared_keys.tablet > $file
       chown ${secrets-db.wg_preshared_tablet.user}:${secrets-db.wg_preshared_tablet.group} $file
       chmod ${secrets-db.wg_preshared_tablet.permissions} $file
+
+      file=${secrets-db.wg_preshared_storage.path}
+      echo $file
+      simple_get "/private-public-keys/wireguard/chaos-internal/vault" .preshared_keys.storage > $file
+      chown ${secrets-db.wg_preshared_storage.user}:${secrets-db.wg_preshared_storage.group} $file
+      chmod ${secrets-db.wg_preshared_storage.permissions} $file
     '')
   ];
 }