From 8c4f84cf1ab5634ca283b0732738fa96cfaa684f Mon Sep 17 00:00:00 2001
From: imterah <me@terah.dev>
Date: Tue, 6 May 2025 08:47:03 -0400
Subject: [PATCH] chore: Add wireguard configuration

---
 hosts/andromeda/configuration.nix | 19 +++++++++++++++++++
 secrets                           |  2 +-
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/hosts/andromeda/configuration.nix b/hosts/andromeda/configuration.nix
index 5a2ef9e..d2492c7 100755
--- a/hosts/andromeda/configuration.nix
+++ b/hosts/andromeda/configuration.nix
@@ -60,6 +60,25 @@
 
   virtualisation.oci-containers.backend = "docker";
 
+  # Reverse Proxy setup
+  networking.wireguard.interfaces = {
+    wg0 = {
+      ips = [ "10.10.0.3/24" ];
+      privateKeyFile = config.sops.secrets.reverse_proxy_client_privkey.path;
+      table = "69";
+
+      postSetup = "ip rule add from 10.10.0.2 table 69";
+      preShutdown = "ip rule del from 10.10.0.2 table 69";
+
+      peers = [{
+        publicKey = "QXDlW73/+hKJu6CPiCmpSWOXqKvJPC+b7E7iuvRpL2A=";
+        allowedIPs = [ "0.0.0.0/0" "::/0" ];
+        endpoint = "terah.dev:55107";
+        persistentKeepalive = 25;
+      }];
+    };
+  };
+
   # Volumes
   fileSystems."/mnt/NASBox" = {
     device = "192.168.0.3:/mnt/Diskette/KubeData";
diff --git a/secrets b/secrets
index c07d110..7851d29 160000
--- a/secrets
+++ b/secrets
@@ -1 +1 @@
-Subproject commit c07d110d71e32ff5fabf0219bc9cadab47d3d2a7
+Subproject commit 7851d29bba582893f904cf7b9244abd7adaa0068