devices.pi3b: enable ssh and wireguard

.sops.yaml

@@ -7,7 +7,7 @@ keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
   - &nas age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
   - &xmupc1 age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
   - &xmupc2 age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
-  - &pi3b age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
+  - &pi3b age1yjgswvexp0x0de0sw4u6hamruzeluxccmx2enxazl6pwhhsr2s9qlxdemq
 creation_rules:
   - path_regex: devices/pc/.*$
     key_groups:

devices/pi3b/default.nix

@@ -24,6 +24,24 @@ inputs:
         kernel.varient = "rpi3";
       };
       packages.packageSet = "server";
+      services =
+      {
+        # snapper.enable = true;
+        sshd.enable = true;
+        xray.client =
+        {
+          # dae.wanInterface = [ "wlp4s0" "enp5s0" ];
+        };
+        fail2ban = {};
+        wireguard =
+        {
+          enable = true;
+          peers = [ "vps6" ];
+          publicKey = "X5SwWQk3JDT8BDxd04PYXTJi5E20mZKP6PplQ+GDnhI=";
+          wireguardIp = "192.168.83.8";
+        };
+        # beesd.instances.root = { device = "/"; hashTableSizeMB = 64; };
+      };
     };
   };
 }

devices/pi3b/secrets.yaml

@@ -1,12 +1,7 @@
-hello: ENC[AES256_GCM,data:gYWUY12BwOdE0/xVvxPzfJRlpkghKUIPjSr8f6EImTGT2xzpPf+zsKCSAhCpFA==,iv:7Z/yCADBqjerLBq1bJapZ2K6hajSpakvb/lbkmUvpHw=,tag:rvI/70cZyy33XB+XQ6ERlg==,type:str]
-example_key: ENC[AES256_GCM,data:dRe2yzZieLjgWjviSA==,iv:pTNmxYo6pewcavnFXt4i4a6ybxdc5kF4LAPbOY9RbD0=,tag:h7Dtrjvt954lIVryCnDfoQ==,type:str]
-example_array:
-    - ENC[AES256_GCM,data:0xfhD2tQuQsIrJMAD40=,iv:8E214l7PoJwjP9wkGMkN91s2vRefYzqqNuANappwGTo=,tag:TglXrM74sE6ukc1mQsPRIA==,type:str]
-    - ENC[AES256_GCM,data:mj9YI0JTBd/MNE/czkk=,iv:BCUQEOnlyflyXJwuIz2hwUDISS4JjXFKAPknxdfrW5M=,tag:r+2zvCKxAjWt2TuMTaVtaw==,type:str]
-example_number: ENC[AES256_GCM,data:0rxe8tlinN1pPg==,iv:sReZgb8dadC/LUcLTScRA5X8DblllMdRGdYGNtPDlkk=,tag:BKNzaRlXTaMlrwTE1gh/sw==,type:float]
-example_booleans:
-    - ENC[AES256_GCM,data:li2/7Q==,iv:QrNSpMbnGbp94wmTUjI3HISMmtGwy+sLYSfdALUf5kA=,tag:mcUYXhcjqUhyN4zjuBqiXg==,type:bool]
-    - ENC[AES256_GCM,data:7WLBDdM=,iv:NdAvGVpfPrd2IuRgW6yLGP6Hum5Oo4vVyaVykTfMB6U=,tag:N5bxC/2+347C4/gHsqRKWA==,type:bool]
+xray-client:
+    uuid: ENC[AES256_GCM,data:Ju/bUMmtb0NwiUCAmt73cJY34pZRqrHsX+LB5CCs5NWSoHpj,iv:T+PiKHv057QccSxC9uvFoTahZX+XHFXuVbuRAICbX58=,tag:WnLfP0werjY7vYWP2uGvbg==,type:str]
+wireguard:
+    privateKey: ENC[AES256_GCM,data:aZY122OUG7zWxoZgTynW4WqYPwmPdGci7NIWO47kszTuGNQAaE9tAqii77o=,iv:mYLvVn5EE4tXF5IVBYZjWNPhS67tQyg2zvKmCgCLTrc=,tag:7iiX8S7/S2Na/sE3ioeV0g==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -31,8 +26,8 @@ sops:
             NE5vNm96MHpTNk5sYTdFTDRyZVFzdE0K7vEfh1wZ5m48joS5lamVcuXWRn6cZh4v
             peYqTk5FxepZLycNVdmo9Gl+ZfoTCZd528ABdRxG2jjLw428lU0tzg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-03-25T09:00:52Z"
-    mac: ENC[AES256_GCM,data:+7I5AT1UCgTSpYhxjBGn4FT2UhgBRhof6oi3yjpsOEZZW5iNFLCmUhNgD9nHBIlTZ6jbFBPtepWmMJWMKWdMbw36U0cv1iGbG5NhaZcUI4+n9Ilkr4lUfbcWoezNLdbM0Ud1h3NYRbGzMRhQetrE1XNwAkUVUhsPGopHu82LAig=,iv:11+GojRpaunD3wb6tJ3nefXuBNTp4Eg2J2hDCfRep58=,tag:6AyUF6wqguX2nVbJOgZPpw==,type:str]
+    lastmodified: "2024-03-28T10:33:36Z"
+    mac: ENC[AES256_GCM,data:oVDPouX8bLTJ/UQD4YXZBIub+9Lyy4e6UrVAu0KJhSYVox8NdjeSlLndicZtSeUxC310qNG9WAiWJPbfmDV5yZj9+UQxqFO1D0MCnxozRQQAb/AQfkEX9QV06/rzzcgm1QcQPp+eBnPxC0qjpavpogqVjwtfqHq5//XBjKBrm0A=,iv:yzAiof3knCqH6ZcCH6pAByWuPtUapLuUA2yQpkGwbA0=,tag:QcK8BC8WvG2Cuq9CruZc7w==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1

devices/vps6/secrets.yaml

@@ -32,6 +32,8 @@ xray-server:
         user12: ENC[AES256_GCM,data:FAF9lXOzXW9CrZgnQ1a2+E8snZj2+JHqP5Gny92k09o/Wzga,iv:/qZuAtFmUQE7A9lMzJUoCvGx+3Sv9Ioh2ahch3puaC4=,tag:urwbLwGkSX3e85NCjyPhhg==,type:str]
         #ENC[AES256_GCM,data:HueqiREBet2bxQ==,iv:WCjTAGg2gXgBSvY3zc/YyB/1X0XjvphPduVXLsjOwH8=,tag:wC+On6lyyYQ1Dt/BHDvONw==,type:comment]
         user13: ENC[AES256_GCM,data:ExbnvWDIBqga5+k2mpoT8AKBOXAvUNMjBTPXUKrmtWzz4l+L,iv:UI7CvSx2FHYGf6BEHS4e3iwHZZWkl2Zt5xg2WdKbLvY=,tag:ad0c7YW2Bxo+Dn+BoSZ0Ng==,type:str]
+        #ENC[AES256_GCM,data:R8lN5T0=,iv:FXLf8Vtjg+PkwNhxXWDViMKqwn7tFMaPhio9zhnudZw=,tag:34gxRH+P9lmkUxlOPKcYMg==,type:comment]
+        user14: ENC[AES256_GCM,data:dgNPPlJD5JOFPbKhlvlRHBLmUNKeDm/JAiawUVpBE7H07Box,iv:w+t9BkqYvlxVKr+x0MwtBz0/YSR/7z1OnZLIoPdW4gc=,tag:CR3GLbaO0jSQgA2HuwzRqg==,type:str]
     telegram:
         token: ENC[AES256_GCM,data:xsJoGgQ8pLeZqA2alGKkCyrvnjY6rVF5TlXn4GWDrStFBl65XXzwVY/9ZZthYQ==,iv:qTLfpRUyuIGFM668URfknhSRtx3WEHp/WTGzGUPuFd4=,tag:p8mF0tM+t02g7v2EQZN3Vg==,type:str]
         chat: ENC[AES256_GCM,data:X1JxFQw0bPCu,iv:hf+TOSH2p9RdnXDFKxTpSRzxDLdJyzNHVV8MfOQuGWY=,tag:iiWw9IFiBGOOyOSl9Jj2wQ==,type:str]
@@ -75,8 +77,8 @@ sops:
             ZXFTU3ZCaW1pTVh0RUJzdDdGdHlPYTgK2mlgcX2kEc8+2UDdBnhUm6IIuh8V6agW
             ooxH9OEPXUVI/4JcDo4v8ZUhAyU1ehLH0Ef7PJCChOZe2KZmWSNbhA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-03-27T10:31:10Z"
-    mac: ENC[AES256_GCM,data:XQPqVB9uEOhWWYteFICIIluVLC4vNfMB6rMwKeZondaCV5hwxR1Fi+WP9i0KzZeMGcGvoF4wGSFpDF2SEIcK9ZhrWmB9f2I8nGJvBMH1a60p//va9tWmSc9+h0nCnw8f/W/vmouWjojvHUYy5nECym4NVRShd03L5yJ1tvQvll4=,iv:19C5drzucA7PHS5TRNIju520bQGYND4pTWeB9wKMe+M=,tag:C5spdi6hZGkAnA6jS/sWnQ==,type:str]
+    lastmodified: "2024-03-28T10:31:05Z"
+    mac: ENC[AES256_GCM,data:6Z+ltjbvQaYhDPoiCN7ajQeWcp6vj3TIcUXUm/r/tZU4mIOvfxA7hxW971b76bYPTeVwgp7ZB9qQy9emDHV9i+aSyJpTPKQHRRz5J+T+NJhTP/IL3R3VmG89ssC6NH8FSk0S487JkPd8tNz+G6bvwFCPRxRLNj1pXX0Dp6tgwIw=,iv:xLw2iX1ODAbJCTJ8fEvG7SdZ1GnGwADIckH8DibVM2Y=,tag:TTzlHdcyIQr/92ZHmViRXQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1