index — nix @ cc764d6933951f08b8eb0cf76c92d95883d02f72

My first nix server; runs a minecraft server 

everything: add wireguard with agenix
crispy-caesus crispy@crispy-caesus.eu
Mon, 06 Apr 2026 17:44:23 +0200
commit

cc764d6933951f08b8eb0cf76c92d95883d02f72

parent

b6085adde968df24c7684d6a7cb8e8b5c9fc4181

5 files changed, 131 insertions(+), 1 deletions(-)

jump to
M configuration.nixconfiguration.nix 
@@ -41,12 +41,32 @@ vim
     curl 
     microfetch
     gdu
+    age
   ];
 
   programs.gnupg.agent = {
     enable = true;
     enableSSHSupport = true;
   };
+
+  age.secrets.wg0-key = {
+    file = ./secrets/wg0-key.age;
+  };
+
+  networking.wg-quick.interfaces = {
+    wg0 = {
+      address = ["10.0.0.18/32"];
+      privateKeyFile = config.age.secrets.wg0-key.path;
+      peers = [
+        {
+          endpoint = "202.61.203.128:51820";
+          publicKey = "dGeLAqZD81XYcZQBJ5SELiUGh7hD//G+o1rahSpxY0s=";
+          allowedIPs = [ "10.0.0.1/32" ];
+        }
+      ];
+    };
+  };
+
   programs.git = {
     enable = true;
     config = {
M flake.lockflake.lock 
@@ -1,7 +1,87 @@
 {
   "nodes": {
+    "agenix": {
+      "inputs": {
+        "darwin": "darwin",
+        "home-manager": "home-manager",
+        "nixpkgs": "nixpkgs",
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1770165109,
+        "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
+    "darwin": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1744478979,
+        "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
+        "owner": "lnl7",
+        "repo": "nix-darwin",
+        "rev": "43975d782b418ebf4969e9ccba82466728c2851b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "lnl7",
+        "ref": "master",
+        "repo": "nix-darwin",
+        "type": "github"
+      }
+    },
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1745494811,
+        "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
+        "lastModified": 1754028485,
+        "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "59e69648d345d6e8fef86158c555730fa12af9de",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-25.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
         "lastModified": 1775002709,
         "narHash": "sha256-d3Yx83vSrN+2z/loBh4mJpyRqr9aAJqlke4TkpFmRJA=",
         "owner": "nixos",

@@ -18,7 +98,23 @@ }
     },
     "root": {
       "inputs": {
-        "nixpkgs": "nixpkgs"
+        "agenix": "agenix",
+        "nixpkgs": "nixpkgs_2"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
       }
     }
   },
M flake.nixflake.nix 
@@ -4,6 +4,7 @@ description = "This might just be the crispiest flake out there";
 
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
+    agenix.url = "github:ryantm/agenix";
   };
 
   outputs = inputs: {

@@ -11,6 +12,7 @@
     nixosConfigurations.RFC-7168 = inputs.nixpkgs.lib.nixosSystem {
       modules = [
         { nix.settings.experimental-features = ["nix-command" "flakes"]; }
+	inputs.agenix.nixosModules.age
         ./configuration.nix
       ];
     };
A secrets.nix 
@@ -0,0 +1,7 @@
+let
+  user1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBVW86Y4N8AvVzSbjHyofU/eAK7YO4w6q1nPSFZ+MT/1 root@RFC-7168";
+  users = [ user1 ];
+in
+{
+  "secrets/wg0-key.age".publicKeys = users;
+}
A secrets/wg0-key.age 
@@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 m2eV9A Wn7qDQdRGiwlphenSbRDNtswtJ5CR0vrZ+nnR6UnaW8
+VKKd7bhvhCejuQSrRNOEDp4nStIIz2JJ4OQxgQ5Cgec
+--- hOgKlMTFhyq7dnTeHRDiV395uDcFChlq3RPr3y7Y88A
+Õ>>Y=!J2W@>ny}0MgF1B~127$tfDctD靻>0