From 889b5e421f1cca16c04684e8b9d06d96e30f470c Mon Sep 17 00:00:00 2001
From: imterah <me@terah.dev>
Date: Tue, 6 May 2025 08:46:33 -0400
Subject: [PATCH 1/2] flake.lock: Update
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Flake lock file updates:

• Updated input 'nix-secrets':
    'git+https://git.terah.dev/imterah/sops?ref=main&rev=c07d110d71e32ff5fabf0219bc9cadab47d3d2a7&shallow=1' (2025-05-05)
  → 'git+https://git.terah.dev/imterah/sops?ref=main&rev=7851d29bba582893f904cf7b9244abd7adaa0068&shallow=1' (2025-05-06)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/5e3e92b16d6fdf9923425a8d4df7496b2434f39c?narHash=sha256-ePyTpKEJTgX0gvgNQWd7tQYQ3glIkbqcW778RpHlqgA%3D' (2025-04-22)
  → 'github:Mic92/sops-nix/e93ee1d900ad264d65e9701a5c6f895683433386?narHash=sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB%2Bqsl9BZUnRvg%3D' (2025-05-05)
---
 flake.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/flake.lock b/flake.lock
index ee51202..88c4850 100755
--- a/flake.lock
+++ b/flake.lock
@@ -90,10 +90,10 @@
     "nix-secrets": {
       "flake": false,
       "locked": {
-        "lastModified": 1746456167,
-        "narHash": "sha256-wOfe72o2Su+GcuHO6JERTzgCeo7O3mGtjgvfiD/KjGQ=",
+        "lastModified": 1746533618,
+        "narHash": "sha256-DWSvionIGvuSO4C+b/DEYBCOI+eeKg4Zpx/JzV27Alg=",
         "ref": "main",
-        "rev": "c07d110d71e32ff5fabf0219bc9cadab47d3d2a7",
+        "rev": "7851d29bba582893f904cf7b9244abd7adaa0068",
         "shallow": true,
         "type": "git",
         "url": "https://git.terah.dev/imterah/sops"
@@ -185,11 +185,11 @@
         "nixpkgs": "nixpkgs_4"
       },
       "locked": {
-        "lastModified": 1745310711,
-        "narHash": "sha256-ePyTpKEJTgX0gvgNQWd7tQYQ3glIkbqcW778RpHlqgA=",
+        "lastModified": 1746485181,
+        "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "5e3e92b16d6fdf9923425a8d4df7496b2434f39c",
+        "rev": "e93ee1d900ad264d65e9701a5c6f895683433386",
         "type": "github"
       },
       "original": {

From 8c4f84cf1ab5634ca283b0732738fa96cfaa684f Mon Sep 17 00:00:00 2001
From: imterah <me@terah.dev>
Date: Tue, 6 May 2025 08:47:03 -0400
Subject: [PATCH 2/2] chore: Add wireguard configuration

---
 hosts/andromeda/configuration.nix | 19 +++++++++++++++++++
 secrets                           |  2 +-
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/hosts/andromeda/configuration.nix b/hosts/andromeda/configuration.nix
index 5a2ef9e..d2492c7 100755
--- a/hosts/andromeda/configuration.nix
+++ b/hosts/andromeda/configuration.nix
@@ -60,6 +60,25 @@
 
   virtualisation.oci-containers.backend = "docker";
 
+  # Reverse Proxy setup
+  networking.wireguard.interfaces = {
+    wg0 = {
+      ips = [ "10.10.0.3/24" ];
+      privateKeyFile = config.sops.secrets.reverse_proxy_client_privkey.path;
+      table = "69";
+
+      postSetup = "ip rule add from 10.10.0.2 table 69";
+      preShutdown = "ip rule del from 10.10.0.2 table 69";
+
+      peers = [{
+        publicKey = "QXDlW73/+hKJu6CPiCmpSWOXqKvJPC+b7E7iuvRpL2A=";
+        allowedIPs = [ "0.0.0.0/0" "::/0" ];
+        endpoint = "terah.dev:55107";
+        persistentKeepalive = 25;
+      }];
+    };
+  };
+
   # Volumes
   fileSystems."/mnt/NASBox" = {
     device = "192.168.0.3:/mnt/Diskette/KubeData";
diff --git a/secrets b/secrets
index c07d110..7851d29 160000
--- a/secrets
+++ b/secrets
@@ -1 +1 @@
-Subproject commit c07d110d71e32ff5fabf0219bc9cadab47d3d2a7
+Subproject commit 7851d29bba582893f904cf7b9244abd7adaa0068