more wg

hosts/tablet/profiles/wireguard.nix

@@ -23,6 +23,14 @@ in {
           endpoint = "vault.servers.genderfucked.monster:51820";
           persistentKeepalive = 25;
         }
+        # storage
+        {
+          publicKey = "biNNeCkjAWi2jUVoL5+1pBtXGa3OFZi4DltB2dqGjGg=";
+          presharedKeyFile = "${secrets-db.wg_preshared_storage.path}";
+          allowedIPs = [ "10.69.42.4/32" ];
+          endpoint = "storage.servers.genderfucked.monster:51820";
+          persistentKeepalive = 25;
+        }
       ];
     };
   };

hosts/vault/profiles/wireguard.nix

@@ -22,6 +22,13 @@ in {
           presharedKeyFile = "${secrets-db.wg_preshared_tablet.path}";
           allowedIPs = [ "10.69.42.2/32" ];
         }
+        # storage
+        {
+          publicKey = "biNNeCkjAWi2jUVoL5+1pBtXGa3OFZi4DltB2dqGjGg=";
+          presharedKeyFile = "${secrets-db.wg_preshared_storage.path}";
+          endpoint = "storage.servers.genderfucked.monster:51820";
+          allowedIPs = [ "10.69.42.4/32" ];
+        }
       ];
     };
   };

hosts/vault/secrets-db.nix

@@ -29,4 +29,10 @@
     permissions = "660";
     path = "/secrets/wg_preshared_tablet";
   };
+  wg_preshared_storage = {
+    user = "root";
+    group = "root";
+    permissions = "660";
+    path = "/secrets/wg_preshared_storage";
+  };
 }

hosts/vault/secrets.nix

@@ -47,6 +47,12 @@ in {
       simple_get "/private-public-keys/wireguard/chaos-internal/vault" .preshared_keys.tablet > $file
       chown ${secrets-db.wg_preshared_tablet.user}:${secrets-db.wg_preshared_tablet.group} $file
       chmod ${secrets-db.wg_preshared_tablet.permissions} $file
+
+      file=${secrets-db.wg_preshared_storage.path}
+      echo $file
+      simple_get "/private-public-keys/wireguard/chaos-internal/vault" .preshared_keys.storage > $file
+      chown ${secrets-db.wg_preshared_storage.user}:${secrets-db.wg_preshared_storage.group} $file
+      chmod ${secrets-db.wg_preshared_storage.permissions} $file
     '')
   ];
 }