From 52993be543d4a8c11f2cebbec9f8661734ef77be Mon Sep 17 00:00:00 2001
From: Dmitriy Pleshevskiy <dmitriy@pleshevski.ru>
Date: Sat, 29 Jul 2023 17:21:48 +0300
Subject: [PATCH] host: add talos server

---
 .agenix_config.nix                            | Bin 5467 -> 6134 bytes
 Makefile                                      |   3 +-
 nixos/hosts/canigou/data.secret.nix           | Bin 156 -> 53 bytes
 nixos/hosts/canigou/default.nix               |   1 -
 nixos/hosts/default.nix                       |   6 ++++
 nixos/hosts/istal/services/wireguard.nix      |   8 ++----
 nixos/hosts/tatos/data.secret.nix             | Bin 0 -> 155 bytes
 nixos/hosts/tatos/default.nix                 |  27 ++++++++++++++++++
 nixos/hosts/tatos/hardware-configuration.nix  |  10 +++++++
 nixos/hosts/tatos/networking.secret.nix       | Bin 0 -> 929 bytes
 .../services/update_ru_routes.nix             |   0
 .../services/update_ru_routes.sh              |   0
 .../{canigou => tatos}/services/wireguard.nix |  18 ++++++------
 nixos/modules/wireguard-client.nix            |  20 ++-----------
 nixos/shared/networking.secret.nix            | Bin 405 -> 482 bytes
 secrets/wireguard-canigou-private.age         | Bin 1361 -> 0 bytes
 secrets/wireguard-tatos-private.age           | Bin 0 -> 1435 bytes
 17 files changed, 59 insertions(+), 34 deletions(-)
 create mode 100644 nixos/hosts/tatos/data.secret.nix
 create mode 100644 nixos/hosts/tatos/default.nix
 create mode 100644 nixos/hosts/tatos/hardware-configuration.nix
 create mode 100644 nixos/hosts/tatos/networking.secret.nix
 rename nixos/hosts/{canigou => tatos}/services/update_ru_routes.nix (100%)
 rename nixos/hosts/{canigou => tatos}/services/update_ru_routes.sh (100%)
 rename nixos/hosts/{canigou => tatos}/services/wireguard.nix (82%)
 delete mode 100644 secrets/wireguard-canigou-private.age
 create mode 100644 secrets/wireguard-tatos-private.age

diff --git a/.agenix_config.nix b/.agenix_config.nix
index c133e78f053f80ae8ed7c92dcb8326653b0e8e76..c296fdb1abef3d51ff84f68b5ab6e452b84ca1b9 100644
GIT binary patch
literal 6134
zcmV<S7YXP9M@dveQdv+`0DQ5V=6A*fyNhkY`3p@D4DbelZkfymtY^=_SJ<)CN8wL|
zHa`MI`R$pQiAPQOcr|cD2g1_kcmX`J#;Wj~+XSH230NThIctH*vIp|;2A|wpRKvXn
zqeERP;0QxbK|hS~_hslW6UDn4qw%s*_(|y>G-j^WT?#Q{$$3#~#CN#2!c6cG@qZK|
zlEjy@Jb0bd+l<>Xmj-HhhpK&G^3h{%+Cdjl0xR)^0x?e+K|)zl#ecT1qVJ7x;UM~}
zitD>SkFa~k1r|3Q`naTlJJiu)qNPHwIzD2Z6{UjE2|JSVpZEo3$o8zQZB0+YYb}bU
z{}hlJ!W1c3qjvpv&y{<sJcYe_fMY_L&%k`Y0A9cw^$jTU<oF&=eodnk>$y&tM=}zS
z4HC&WB}O|T7DO=TQuAu8NVCjt_*2&s)(4iYM}RJhNsi>;0U4DZkCWehM_dNQLVClx
z7IFeS<+L^o2XcXm^#~e=Xl;Z*OI*7(f0926*Y@Jc&iC;YC|rG7)wm1dFp{)Nz_%d{
zbY<TE+dIjN-<+aVa;{6Nu&!keNWxNG5e@Zp>;i`CX(DW-UUiTcgVLy`{Ltsk9Xc*6
zO;BD^>(-&u9JvZC`c%n~(rp@ruEL_&;IxAFVrI4z2K&%|duW(KvPs=wK0abWtUqfc
zHlQ&d@WOAF5JSao2XJz#B=Q8Mv3|rmagvz8`N4Vjw<X!QSCqrvNYy2nwyvTpolx}f
zFeJJzFiP1)If<wm`Z%WZImqs!3!QDk4t4;D<$4g1By^cIT5heozA*MC%CpF!tYV`U
zG__L}+bqj+^VQZ8Y`p=qiW^<|X{47kA@jWqVQ?E_H2V(OBTu*Ks%JU(;h|O3+z9$r
zb4FRHo-ja3ujhxM@zP=5z5wFqHK(cAb^J+w)s0$?G(m6tE+%US98d1wmF(vi{aV5$
z#26oKFJe^4Z2LdYNjF7>51zlMLCn^tzVNMzL565LA)3Mff`0>mDdutwVJhD_G~`rt
zY96Gp$}s{E&%LNlgLIW;UH~}X>N*irwM^H`*5_6Z1d4G3sRERCDm(+XbT`WXJDN47
zHiAw-@8R+JP?zpWsO*7|tSsCHR_Q^$2`&;OB|UbZB<>i58$oDF5yAZ}>P#ZDLf2TC
z#cq$!k@6KF)pMeTEP$~y9cH`1mVat}si&Xp&T?~v_ATxDy%(>v+*VJ6^44LIA4#?Y
zs4^IV<|el(0+*P)2NEYWc|pvL>{G)r`yD)@=1;@W;%@az76ZZt6jDgEA-EOKhxS57
z21<72;GBcZn3wp+qaoJI>hR<cZ5)FhfTFhPVqgQgD;vpgAv5ld9294>X22~mhnEr`
z9~2^MmqN11n|bxEJa!+rolNofYQ*Z<+;xDe)iFDf_5<jG9tV)k$nTg^?2J;*V17}$
zaBW_-G5&9G!eXZK@m7S?0g9|sUIXenL@^)2L;*9_g)u4Yk~BxXtxx9fNf+zn%BjBr
zR2<wKr<iQFyZ!LLDvIo0+-pCyPRW1hB4fZgrPcx_n5tRKnKQ#^#tm?UX|UIYo`x<8
zBe=iOG5_0kq11R|%h}Pe=7Avgb)NB_UTsrB_LAAD@>Tu~zps+5sq9Z*GotQcKk_o}
zt}6NV@VWTvd4rb7<?KT&@%uzdS6Vi$0V|y%?uo0+n(ESJi%dC;7J5e`?TC3$TwDvW
zd@<HY5Hy8j`<oCb--&&-)&!_lNlKnPH8_%uHuB6~$@L5=;|CfGAS-`yl&m!Om{vZC
zns$=K<WeFPtWbz0bE+1tx2v;Lu|THBX&8XxxfUEs3W1FOyN~0b>%hWNgYBgF_iPdU
zPZV8v{+BKYQ)?c2C@T5}V|Z&%MyGXPH62SG@AS`A!!HP_Zjh)+vobj)+Bo1(H3dBr
zPj};5&9ob2*UJH&+PqTt$a@p`m_70t3sldhF9(^9MsArjEODU0Fk?!I1x<)-7VlYn
zxQlyEWc<`dS!i-OqRH6TC<`GNMv6WjKroqvridVeeGp?Zxjn~~8iAXrKB`h{xDOWe
zZGHfiIP`z05^r(tf)0bcnp?i5=t$U%cPJ2B{Q=vexZrU66C#o1%Kg|7!nJ-j^vRek
zJ(N&VldPYKLwSikKfDZSbc38XqL^RmqAWJia``7EctHTkA4k?Uq31G#$$LwI!+R5<
z8LSjK_Y4`il@Aw+GF`02lI7O2vmEZ%^s8QNNwGV^Vgd`2qgYY1(&odkq*`hR#bk8Y
z`E5>4H`wRlB{_Ruw^Mdy6)+4VrsTL_PIe0ceonk8Qr$+16lYfe2TrguXK<CG!K<yl
z6k`^FAa70D>!h<I6Z8XTi|tdcx2o7p<KAbcYw_M~&ET;=;&{scS9ZBb7srExBBz)l
z6DOide12xw8i4@jt@&ESU%}pMJ4pCNxwqPx_vKF@6Ll-o>IaHhg5%xAnHpoGSA3Zb
zC`2BtTUv2O&^XEf@j4v5^dlfJ9oKroDk6u+1Xn~U-!OQw&vB8*O9jhW0;M&n4`|HR
z<+1mIF|{oB#VFt<`c)8mS#}?Cp3yt}1=|1AJw=31L2Y5eAzGQ=sBc_tA`b*B&7Q-V
z<Crkks4~;@kP}3!T8VSBtVwP?09ww52z(4-35*&=uick7SlT%Fr+_(8UGTpGyH%3j
zxKSX*pfD`6)7X_segII-dROyz|E;wya^RN;d}uXduXqM!%|7HUg$>mIW7s_krZP|H
z`<#dBC}{JY$A&t?x)Cwt8~RvZ^=1HO6na@;y7wY*N|&g<WH%w-*(HeGinYEcP#{hJ
zMclmujLl%+b0OLWpi2e&o{OAb8q9;T!QSpSH7?xI9XhV=SOw<hBtY%u7Ve>{gA>Lj
zq1?L7S(rdugDN7fEfmXihPDMsf(P_F&$`!^svB!8ZM+ZH0+{T?6Gs}}J=N^~(VRgI
zn-qy)UGTM7OsVg0@IhG~Nfozaw=z9H4wOQg5N`Naz}xIh-0uDjgy8ba;bC*a<J0Ve
zEMWT^$-_eR9K${HTWY>{d9ILNBMG~zIY?G{)}a*Qkw5Fv2iZWR)QL7@I8`~Qf6fUv
z^<ezq-K5|qxr~jc)nEUF4oHd+W;wl~F@@rw{dxV4LKRG4L-E<wTE1w{ixkf_Z2+kd
z7kjJ|aqwKyBynu5nPOj?4CA;kY&o%1^o%wVh15ruWn)8{bl0Fsz<0H>V1SX#cB`j>
z7?^KTxUFChmIo#Oe|A37bgn$I)z7jOUaDW&bGWWjTP9GA#-BYT<6Xk&;iJ<0^09nJ
ztVa5g^H&E8dGSb(4Kv%-N3qBwkmNN?b<1H9j^s?z*e(I*OoRCWfroR53H-O+jyu^T
z_*l6n-{j*4G3CR*W%6KV^GSOR#R6s{=py#moL(;tF(-YX)2U?_k|DXPLQDg1>vW7z
zepxjh`=CP<IuVI&yo(;`-><uOaCrAMd4jOsh1Qk?|Bp?`Z~?wwj(S~1NgKRAuV%wn
zX7E^D(0*W7@FVE5eN+Fe4Iu8FxS`KR3G(jt_m*n|XG?Elih3m|-2;IH#?ryLTR5I8
zb2Ihq+@!%}IkG<$XA-3wHhq&zu8v8o#7|3P+H>TZ9?JE&yV;s{QrRVgu}6n9WVfI!
z*?&=&rQ-}PDlGC6AgZ5xouQKtBys`_^Cs}cEIt~A9h6U>b>szn2;duA)dxn%+6*4}
z(=LD0bPMZzx)XK_X#HJnf0tfT{JHyVJsA8drD~mullLFj0BvO{uABh{eL|6QhCU^~
zK7z0@l?q)vw=YF^ABvluE7mKku9nMP1;{Q)B|FMQduMjTaLy-&Ge-KMW9n^_MH543
zvCFSw?yAv(%Tnplq_49b+7_yG16u<`9O@qy;ZBLz%cwIv3KEV2fy0CN+bcOh?f$5Q
z9!|XI!&wGOpE<>P^9u;S9>sIlL(G-AnWPM2=`EI_27X2UP=Gz;HS}Gr>L^`f4L7r1
z=N)|*C&WWKrEg5R<l6rc=e)ytH20snO$k(<%A>m!i7ocx_Ph`1Z4fzKrsW^l203CN
z^0>Q~ct+9=hF$q*duRMy)zZ-luz3EM8iRGL${H<<tnoRK)&m0IeW1*b-xyjc`Y~cy
z1uWc(C39w5g~?P$Acw#^3L*?;kCCliU;yp?cg;PjZYQX1Gz~)kY5{NJzmqwS;2RC9
zb2-$1Ytswi^uvmVU5#+-4_P+-V!BS$Oc1i+Io=p`E~d&xK-S}deSBVXY~P^cdZCTO
zEE9~GL4x16-3EQ3hj@|JWniA<<T^}*4sGAZDgB9RsYsZ?+r8Oh9X8R9qRFII+qlJc
zxGhz_^xE-wC9{a>^76z1<`SkP5T_0u(Uv^gtOg75^GWHpBO8j$9aAslXEMn>;EmrJ
z)5jg}lp=F_L2Nq|{+|2k`^^G)n<qTcZY=*B1H$Mc>~e>W!v+jlrj8Nl>kYo;CCjyI
zj+SwvO*7dxp_T(%r3F)wf~i=6Za+5%O;Qm<CyPw|uICXQ?TQ88rvP9so6hNzmPpFV
z@e{@xUHLZb%_3L+n}7pm<36fSTZfQI7@|1+>J<Ut!~WMUA`y22L$tT!I51sq`$LDN
z4;hT~+p{ce)v~Hn^v3#2uLAjz?cuKWTr__cl-0KnocEulZ8EOU_+N2P&zq2v;Qi8v
z==Cjeiu*?y^_wCUeLSzGaa%A*8nA&-zM_f6N1`td_De^`SgykOL@nne4SGk*)|Ay|
zR&l8m>}-4uX&VB_&(l&2pR^qr2lI0Wa%C0)eTT`@^nB{+b1OlAtK*(;OPPuT-fwFV
z^DR1?@cKTPK<Gg9X#Yw9PuZ~wYdN4E_l4r6!U^Fap1=6(*a*<?chTPW@JMEkJGcfq
z$(XFq6tR6kzNpmPXTM%uFwnmUeKeiE0+=k2K25*_S1xVsFo^2|56EWY@iP<6kU`a6
z+ClWIeW@O44ZhBrWNLt43d5GI_5(SJ1qf8Aj%Z)tFiO2MJOLdyJ%Hg(F|DPUG^73D
zV1CL7!2>IrmoXJSCq!VmB~BXRS&2ePd|?gwajBW@)SBC0DT`pi!Nvu}xg2s}QwCPC
z=0^=yv+1y0PT{R}A{L2L7P7wQg)?}^>#lo+lOig5V?nTq(zMPHpN@r|WE(W6{)#VQ
z3LoVRxVP5h(UxR5D1kJzlFeeX>zJ<F*~vi~^*aIh82&<Qq^aL7CjztbDB^zBWp3(Y
z$JL0?w}4r13?n^)t5O7Y()_i;HCwKfui%sj@_VyoK3xQF`32DFs5Yn;V~G~hsUjAJ
zPWou?^r=Rfb*86!@a6edqLE;Re(@1T3)cV^fcqOT0<+$vp8^O}a1IWl_7?c+<7V^N
zH<{E<J_U-1xcp52!&upN2OrSq45=iCT@EA;9cfPMKBy)RP!BDw_2XD@!56S1HQ!x^
zg3EGQa7nbIHt$=9l@Udg-v8NYVz_q+6MTp=(-34eV!)d?KR4gNk5%AKB8g9dj4oOg
zg15re<_~;(IBKqXE8NgUMy8)yg2xkB2d4pB_QLl}#b|iE!_1=^6{tUBfkT@1f}mF<
z^b6?*0)}iH{6~u`)0nVye@5+Vq^BkKaB_swWB<jd%)584pVS@H&W5A{y2Hr4*s)Ot
zPK<wKbSL|RR5@}GFvvs`MkL43GGFD;jDMjc4$0V4b-_^05ya|=8dfRkx!fB45z@d<
zI&)eu+sQA@N6Ik;nxWBlMfGGEK)4N!%J?2?a#4i6ue^T~GpY2|dS1)A6%9K_Y59xH
zhhGvFhwFfPZ4t7NpLl7WNOB+e(udIbj8@8#jt}kfXyj8*Yyd$c9tclGfJWVf!=+zE
zV8I%|{}2CcS`4d{mOm-0tL6gIpm$)H$RGvz@C8U0`tCk7qjP%~^VX=wpWD(V=i*p9
zdUgyvrr}cEJc_WYHw~d{g|e9J&fMWSAY{Vj=r0qoo_$K3LzG`5l)xZ{>IF`bW)&Vu
z(x!Xd-Ukcb`F$m)_5a+v(!`)h2mi&m5noRaGc;|#ust*Q-W)G~c0{O%^ZUnd=(EEV
zSpfHHi^zfUoYP*=4SBkRTc?lPgLMPu2KML3-W8<`c5ZZNY(xUPUScbOIkUP`V7t?n
zA?{yXEBwO}Mg;Tn_z!a;dt$2)Inrll8&6J=V(*|HBc!w^Nuk!$7;+s%ol-8hcPYmf
z9_rYw87z20FDEU9oGATJI|1CX*62S^_qnRv;5RcNj<hsoYf;EY9-SpueFyCjeTECB
zupKivZP3_73<nv#<y}Pz-<436XHEsil?=-I0ZZkqSe9?qU23+H9&WN+Ii8ZCese+=
zD}j1(<IJrEQ}L*Jy1^TY#aEuAAc|_d@p+>Rjwlj4MU}v-GAm_ctL(y{<^d#oXak{D
zW&3%LaN;%c<JwA0(>8v7uL@(n*Unvp_C84!MGPx@xG{;ZPF^>Z6urBHn~7Y?NJMjm
zAj&KgA+Z1Q-WfRP_^*9iG?#nolCQy$r!23bVE2V{RQkYD=LJ`#<lX-lyvn_rcV0~M
z?A1UKVi$@lgdtWZMi%qtvHA^{?lkQmhJI!tfSREP>F5j7DI~RjDnzs*cE<!f3|8QI
z$VyMJl*!8SUrKm`?~9!elof{n^$L9;d)KV;g2coK4V8E7iAR1^jY<<e7D>ja2RoBC
zBtPZs29);GEZ`JV0GqFAL$qo@Hg-VOUDBF6=f|bg`F`Z81fBY>=6SO+Sc`!<VU($A
zZHo%DkSw#BWDR(M!We+(9x~dvrD3FpBzsh9BEh~6**5$b*$cz=L;B%dFrkf2MoF!1
zg=e&FFxDXE#9J5hkZI<7>6Lk{<hho^p^Co<RGEa$R+>Px48LmZQ2FK#4+VnwNo;WU
zx4om&+2=({PFPc$3?BbUL+0huw*2pfcFMsqF+}1nnwkgQW3TEr9!;q?A$g>y^J;IN
zYieUmPVTBX50#n=;&+f1^!oyxdcJlKPM-alg9Tm*4-}_GjNtzd@+?rXIGSUW;v{D}
zPEAkfupA@RX)PufgA2l>-;e#3Pt~j9Rm6B8U=mv|txmqOsUdvjVbJzu^|4wxaJc<S
zo<kX@tm6iJ${B*P`rH~<#|h*l7%yv~J=gmP;ajOq%Sq@t+>mFhxrh6}06m`VEJ|0=
z&>icnhUPdg_BKm`PR@LZ$sQc$Iz<y<kHw{duq0t?aa46~X8SYe&ur0SlU-4Dh-zw^
zf*R7aj6jxM+E`x@pSW-E^6zK7dQi(Mu~XQ>%;EgnRxQRLEta*5@&aIHxV*@U^&_Fe
zdQQK36KIVa7B5<HUSXzlhWUWIjF(26&deb7v&xTCr-fXVMv+m1SCJ?bG{c1Z%3J98
z;?&8zI|~R+x!+xUn#Zha($kzuEVXOA@l>CqBs|x5=$`)$Jds&|c-X>7ByK|s9T`<Z
z4Zy?PFW`5V=0Vzx1O0&7CCrSi&W9$v>cQ}3mPgJv*Yzbz$@!xKpH@ycUCY6sXe$ba
zL*U<hDoi)uEk7aVPVYY-cwnaS;qbCOwgrf(?+eKX0X{CRkb%k~f?!y=jSW}^iHU<%
zR>uTg<&$Q@!R0N?t?OLUq)Ln>w<t2>fT<eh0Tp<AdZ{IM-?ce+L>r4)of+bn{!6@<
zwaYY`((mfhGbXtvBetR6cf3w`j<*a>N<_s;aX~as@vzrLjnf&hhSe_{v{GEE?5$Ie
zZmtrp6f!$!(*$BjHX-Pn{`!ZZ3zr;lX5Ec~M*^?Ox9v9@PU9WEfhwcppjRRdT|`6f
z{*UG2yIHFpSQ-Xt!#3PJJ_b5nBzD}p4)oa{5_ewJo1owgVGB(qT1^!PKgjO=sEy0<
zHqWfDT7^kO)Z;Fz_RJtu!En<FRcZRuSk_dOd&3-;{@#Sx%`96MVP=wTv|!-{z)pp1
z5~%(r6YjaIO##ywy~(EU5%ciR2kPg~6;DY_oaXRYg(5TR^z@;&Z<#@lm8i8b&$eHx
zOI+L91{_+GMqfLrjZ69r604Agdd0`#pqZ)cYX)JocM@<d7p!pG{1xrtWln;8IbRyU
zU-E@rYW&dmJ$hmO!&I(n#|9WoE!gQeii~uB4v%%mOA`YFPFVeKJgl~xjG6I^IcB0j
Ic|GS*6LU1{J^%m!

literal 5467
zcmV-h6{P9_M@dveQdv+`0M|B@f*$}dSYA1zsH<p5zf*P9-0FG3f%?!5=8>M!or|x|
ziuzfECdv{?PH2VBuMSon3>UQu=()A$S~lFm@=8QHLQ`#F>%MI@#uwlM6~&CyhD(KL
z0s?X{kk&ZC$CrdfG01+IPr>0Bn?Bfg?k;DiZ60?12Psyk`bytc!R&`4^EjTY`@bht
z72|+N7a$cpy`11;x#zeJH8+B`pJaIV7Ww`HqaDMH06^F>h8*FEtK=N>Ubzfy)0Y=3
zE!op_Yoij}M8NGgf2KfAdKw$msm(pw{_(Pq?W@EgV#e+_(XJwK>R}J|)Rcr80ntbM
zw{LgF$W#HJ9ZPCF5sv!^epRjSaH*rRuk#Z-OnG!nSCD+DnG118g>0i0(G4BvcNPqb
z;Q2q40G;3zc>~~ygZG$nDLRFm+tO}uk@gMN+uI<wr(4cDHKCVfv?^vMHQVucp8r^L
z>e(#DGzzVP&~@R(s~UDDf-Q*uwi-R?MVdknaR1hyX)lce<#Mj}iCrJ#{f`7E7k2*b
zYv0av=`6$%@C8c=_lgq?z*F0i)sQxq<&myB<#ogEhjc>5p${L_Kz%XVoWt%1BS~vY
z(@?lWK<h^O5Lpth&afYWVqo75eY=&##LokLx}3=Uh;HqN<&*QL{w*iOgRaz+7v}j`
z^b+4he}N!4&Cu|0)vA0K`a_4;wddp#3`nIFwQQP{PR>(eg54-j01UTAZ_D<%vMU3w
z9Tdh2a=B!zEIB>S-xr6oTo_j6rLpEykDJb<d1UMI{7D6#D%t9<-_nizX`U6+Cb>X{
z)(P~x6zF&?X`6@o$20ERY=?i|#*abN<!RF8b{$BkpoEUVSw>dIwj3lfRO^UEBX_%D
zt18V4(@a?xEO#naEVk_QBf$BZjO22Lz6pK1prtisynJZk%7&ckBI9aOQfR3_6r|kE
zJECI*?=*ODf@|TQ5T8u^(1Zi>d`7A}x$KD;?=5P?=KicdISq(5h}hmuF7IXT-1Rne
zUS5*ABx7`cJ&a%ciU#@F6G!Lwnlg5vb9>@Fh%aCaA*vgxH4-4@TI;x3$HpQ&@VM&S
zcr?xum5#;W^McU*@n`Uj1^zZ#<4fnF6^^HyXr`OEC2N0lRoDYd-b|2aV<y@s2Dn_%
z_YDpNA}7S|GMpCDCGI*YDPJ(J_#x0+4X|Q0mRnw2kMSnoho0g?6mX10>bFx!x1*fu
zhqKp9e-l`yA~(RwZ%@c1UF5JoaTa^Fca0I55C%TUU#-T1W^7L{KKsqyZGtz;YW&h3
zy>V9Wn(&0wOIXht0x(-&KFD-AAl^dQdUbu?!tNZ#$JaI006o&Y&t8XI@R_HPSxj7S
zf$I$4v}-`@IwYnM=3zqNK`bvB_wf0@BgT!Zk<Vf_)IE}R!RPC*|7=?Q<fUPuExL%}
zS)PyuStoHMf=P042|!`xwD`f&V5Faa)94upn^OgMEN-G)bKuNF;VN4d=ol0~6R3R{
z*iSDUIi7Z_y%x&k{lWks;C9Yr9RivhAQmABB%(W*Ex8@Mc<qSt;1laI>)NtYN6Auw
z;3CwGA<(Nwby1&roV;)d@biv=I%W`2gZrp`w@}uTxo&O2(^jE_<%UO23bsy`jRvVR
zS9H2kahqCqQjzhn`%~AyhMU8ED%N*0lE>btQ>86uc3=@ln6c|Aaa6OcSIcWs6v!(O
zSg1M|MKsT6LAc6v6_$+uwsd#cM8*;V{cmlZCB5n7id{OXw1&+P%5+h?{BOP(>~Il8
zlA6yZ7#0i^6~jEQyt_(LXEyO)J>v-7f-#(o%voHvF&TJ}NFZoYxl~=Vh<VXr*7ueN
z{M319MLuh_Cc2o#&0fjIg>8oth^^)Zne{uOpR1Eke%C;`-(GTwwexBZBL=`ANr>ee
z&Y*u}2bqW_L#Aa9l(%OV$5&kdE|Jpb`Lo{rKSa9il13N)0E34R78EPR2`lq(MYK20
z&#F}6w5X7YMgpx>Uw2SZO8{pY-<%zSKPqK{pfo|*YQ!8#1l|_44SfHN`w{saoEg-u
z!39lbJeX*Q`80j+{)XsLsyc!ph$G=s2f&V@|4^@C{*LlAU73D4fc*m(pSn=~Y!^G^
zS|-VV(NVfO8cfG-KDF9P)q)f@{f$-@6AafyuO1$MU0>8H($se_qAbTw01p<%T=<nM
z1fnqI!czg?7*3)%$;swp^(aE{#94?@V8$faDZx<i2v^i}rj=eLabRxELb!4+k}gzK
zfsvog+1_yFO8vLwB?)mCCI?>wF{CygJy_+S14;r3JO`AaMC9ip8hDr>eWIhKGm8m}
zc4<OQ&zNU)d6g7sUFw%#8&GtE)0M0(Gc|UI8D*bK?J7BCt1>cyN5(0s!`{N5IIwfg
zr^R{$;r1Ci*~{v>)&S^;bS{ev{p8?ZDFFcr+i)d8txFqN+wQ0fH%XEvGI1Zjq1a6f
zF@ou8MqA&xyA3&l@9sa%xmbofG2y{kiYzX(4;RG<dHmAoZGSwas@0*c7{#Jrp)6;_
zjfk#9+3rc)PYv}$$EBSsd*4xCRV3>o?vp^~56i<!Eg+WZrk1d>ESiH4hoM291tD{n
z_BDA|=*%6uue9qi0ds3kE{$8y`N&8Hp8f54JJZl3MBKXDZ?ZCcTmgbrT(c(oHR+-B
z@6}C3#)0~o1ucR|9MtF%25#ovtGcghKyzF<Y9r>`nunN#Grp0VS-=khVo>3385112
z`MtGgSNYoXtfimuv^M+51@<{qwLW3l4$LR3)Sgd!pt~T<exK0EW28Wnwx+_H$S*k9
zGs?4;l^#n#MLtaqS>OFxLz@Auj2a#72vY;82nKI=`Z?}Q*SB7gdFNg>rrFFNaY#P5
z1&0+hk<0Gj$GuWl!_D9Pskh4r!Z#;do6)~<!Z+=!L)G0vqxfGCc~T)OUmy-6c?u@W
zlX>VeX18WFB#d1flWfEbiywxToBW<&n1wfP$Jg32nsEJXSLnDN|18!?3aC(`wA&4p
z{J&WBRyhz2ZkgwxcjYt%FUTQZ!=C+L>m+QvhE>yhy;8@wB0$5QMU(JHnC;klqUs80
zkk2mw>OW4d8`bA$GAea@;0Lm30SX7PSyT3Ms0B&{I+X9uXBNl|yinIC?|8J}x92m;
zk@X=0&vPHf>Mw8j{o*IoE7na3@q*iEU6-1ba;#u%w6(Y8QKsS5D?Ewsvtkk*?~5kb
zmaKbvJuO`+x_3?rQ=N+!GR7cP<&~SiC~Q~}v5nSph~B(`cKDBx!%~D~Ar|9Bxm0xj
z=>bAde{d2vz6{EJxj5*5;xY@v3L5qQ{lg*QNg*L#eoXf%Y1^fkAjV0n-Dbu#!&>il
z7eXmw$%tpEzUJwq&OYk15~g`~i|+RSDFD>SgFCxJOa3OI>Qybb6(jPPz)qv3>?|^J
zMl#DN?SueI$P!us-BoB;jN9t9>2lgjmDl`#IXb+UAqU{zlRexY2p!Jj1DEIH5#c-9
zfZg}m@>A`DtEF$iS`uOvT_VC3RUgO--@MIV6JyG>UK*#gRA@kT^@Rr80HgerVxj?z
z?Tn}pvIwMc3H7g780&UU^sdD2$Y7DG`>De(d@qqfUIu)EE$u@CXRf<-xZrQu_={zV
zEVY!)Jo4?QKT0v0MQ#e7*JG)BpAY*cJ}@_6dp>cV*jL2%UbsV1gXVttzXO4f4CLvl
zV|wig^_MZj-f+;Z_G|&sh9hWrzY^7CCjm*4c~Y<#u7)bk#{(jTmSE1N8_Q(3VI>jk
zy+aAh4fxRNP^nkxnCe<oH@t@d?%m=D&7MuHEjNDxEps0!Q)dA$W<nwh=;)R}kS;Qh
zMqZW)DFS3x(2NikPY#?KCDCpf!{?p-v4Ljw9aNosq5K3A^sH`2GJ^tM6oup@U&e~-
zmd=$dm~SDE7K1XmGOzu^6Dph61<8xEnvreFrS+lU)jK-|2Z-iF?gpePM4=SjUYQ1>
z?jpd=sEPseWG{qXt3}ii(vI=WhlO+WM4k=zr+4bSAAfzc>%1f$chgj*xZM)YaqG9k
zG^OfyO`{vn@S+yK#Q<N!zQ1N~{}Ha#6#DvYp|He<PD1}&oPx&CiuL06E=}0}mPbj?
zS0guI79zGEeq?0hPFjF(9ZxyPFx=GHZfjIav+Ol>xuof=Gt`a+v|Z1uK9&#>B{MM2
z+C$TDddqn-L)dxz#kgoo(~0>}HrKF{kE<{7!~tk85i@{?HRj1$PUB<NwuRa|pjjoC
z+T63DYLxNKi>2G(U0ubD!^$zl9AoIE>BV>p3xcc>37+Km8LIZfA$TDxX4D)w7SF7t
zD@mF&nC0W#rTP{j@gp8IPH+}|GiNHVL5N1p0#CsIT5wVg;F}0Sc76CM8aSTFGZona
z!=Hrq*xDz1$^;^!$zw>TTC3YMb1Ni(jaM-JAuCB|9AAnE#x4D&PB;#vDQX2V2&9S`
z4mxK4kYVh9@I4bkrdkBG>Mf%?K-F%8?4<{<EIHg$Y~8wnV1MA|8mEn~B9gD-;bMXm
z7B_#8$FJ&LK4_xF3leV3u(Im6<<_)EcC$h(!5=YQbWOQ?eql(RLKAym#Z6HxW?9sv
zUfZ`R4Eq}FsyY4^A^xo7(|zc~0+xTdsfR`J&8{Gdz#!O;WI-v>`eue|j+T5&0HrCw
zD_lU`!%(+{a_SroeZ^ad?R|Kg^}Sw>$))v?6?fk*9PsV&>{mf2Ivef*Fb?BR^**hv
zCz9jHjE1_fYIm)ZGd9x3Ayq}+Aq%_V!MavNKjPtrYN`;lm*Ws*R}n+ige02>)9Yc7
z4V)Y+c?TMWwG04lm2Nd+2L_n!3*UR7k?4ojx3XQic)e^BTV@yEe$|ZtkdF$vA=!|Z
z!vLIXb_lHSiW0C7HC`1^r?6pW+7>Q_6=>%wTi;^gf=tEwt9=fYdiUC5?;eC3%YRgD
zcb#P`?#d>n;*}y&>Sv7I%dT3}K}Vv{zSG<>?UM^95Ku|B)l<zlZ9$C*qY(_LgMZ7t
z2krF5vb{w|v(_x&GYGW@rZ1eQK@a`&ihuvaAhB0He-7(;_p2_{2Z_NmRz3zx(MvQy
z`Lds|U@dojT!rygQ)}$5WHN=5@<(^~xDqnoqb^ZxN$10)36uD;bi8@?DNbBoijoLd
z^>Q4O3^l-tjBaWQn@Ee6%NmCkWw@hc!(A<X##mpmu^wwsWPJ)Z2Am>sP55J1qNQBj
zqPq+EeQDXH7F=yN&w30(oc(W8fP+uBAjl%j+a6*?BcLHPDhfpY)>a5+p)s~98_(M-
zRwp`o^!p~9VLT+Rfcn<e@?XChHyOo1z92ePd3o=`qU4xnKkHA^v<C|*6Ye;Mg)<~@
z1(TRBm1xYX1d?8hdg-KKnO4mpCS3iO-nOlln3$nthpiUN)|{iw(%rMx`#+w8F)D3f
z7<(qy{+ccdiWPp12|m)+3#o1>nMuKt(m2?G9Ff|R>89~K6HG#Yxi$L?$K*Y%rsUE!
z$T~%$VinmR{WS`dQM(9Id{MlOLQHo=%cG^9rvr3N9sieqi`<F(?S_o<Q<iR;|Lm36
z5x;Vug4Od04TOK3A<n<Pl^Q^>>5UFsPa<&-p18irJJKuK42IhhS;FCfMT0F-pTQmO
z5`%(~>q(g3YqHnBQC_{gtC4yG2aj7-bJF2^?jj6|T(24FiW6kT@J7uO@AUTM-g&rq
zW^V(m-^w#}1Xu9#CrPr(r^j`h=L24+Yx`R?EASo3ez{dUIxn)*;r#Jc3O|HQ?_UBq
z9l^&|Ym2c?jzfvX-_s-ye4mTQ767~Pl}VUFUR5X%u*tgi)wJKt>WQo88~rZ7Uy0rR
z=m%1XAn4s;v-%YF>h{t#|E5m#Dp`w24G>LqT*$~_GB&&U*>IiY`GYgfR_dkk#S&zF
zUDK%32F5sM&5f9|Xh^{N(vn>7hLt-QDQ5@(F!1@1tG6=A3p9lvv{A=xymu*I+At{|
zU<#@NG&wH|2SFzaHcO2jf4)Yu$W^_5d)EQ;X8_R<WxWL%_D9-)oc}7D{q~eJ<nj4A
zs=Q+RWXq?EFxEaRE0z7iH+-R0%XyeEfK?8?lw^4HzHUKe?}ga<@syMD{bX^u>s9dp
zh-*clhtUiO7MNrx=tm@X_|&IK<VR>?zXNS+FMQqsc#?nE5A1vxbGD-D!Y)v(a+CtH
zO$ss<mL%29c!i&f2COox#7Ida64KM2O9#J}iWJ?tH#9CyG^Nf{U>&TGZyU?Td4$Fi
z@L5dopOlvhrlvDId$l=sCtit*nf`P+h5|d_GK;@SAj=zdkCN$+;^S?zW}!qv2{G~p
z*cuy(y^tL%4!!n=AHdGb<RWjt3#pXKE^ABZWffoRzs45gL(~Jahr&uUBz#mrC?Wby
z((yuP;kWv3FNfJ;*R{X&FV4E@CqvpAf1mMZ2;2bK+viW`g}#<p+;-p?a|Lc~i1i7(
za(<<OymQCl7ZZ(}4Jk$r3fUF$ZR->B<p!*6^d#^Mgj=Y8F=wM{=vB>{V**8Pj*Az^
zBBV&*&-PI0=Q}h6+37!@wtO$8MBiO2sDmGrhR=;$Do)iO0FYNFJd9mN`$d6wsp0tb
z3W6x8Oww%zb83LA_?Plb&_F0|I#yn{&YO~V;j30^U{Eb7@S({}6#X@q3ZOLD&HLV2
zSparSCz1kQ(HAXO`cA?dCJ_Lt%dm+H%8r|(h^^R<vo6ySt1I)J>Xn`wX<8O(FexzM
zD0tH>?xwqM{?}I?P{=?G4RmwBTNFpBRrbAk-E+fS<D52GH2>?O9h#Zt8fhj@c8Gy`
z0%>*Gu~9S7faw79sV^K$%ed%Y2dt3H$NXqBK?59duWMcNN3LhVOVTlm6++yhC6cUZ
zBENmaIxyuj&(@9_>bl~|f&*-tHV%3&<^U)=u17Z}oFryfC`33(uH;)WR__=$VDRN=
z^Tn1tAGeI2vs=1Mqv{fkEI#z7m{Xs2P>ZwN4}$=s3?7=vS3#|2aFoueCWEC^9)h}a
zOW5|0eH{c@hY@#Lv=5*>;E0?m^eDqC*-b7sE;)5tit2H|*=6@!@HK*#CqCTNSj;3|
z1;OgE-#NMJzaN;_9&ldm+nj<S5}}a%gzU_YKnhs373qxQVkwYsP=A)ee>M`1zavO%
zP88m(wDiew>~TSn)(UU@*$zaYDo>6a2a?)Z0z7!zD6!e6j2#9duoSS<^AZ;)BQm$v
Ri^I<K2u%L7W=YI7D%%r$pjQ9@

diff --git a/Makefile b/Makefile
index 71629aa..f971045 100644
--- a/Makefile
+++ b/Makefile
@@ -25,7 +25,8 @@ MACHINES := \
 VPS := \
 	magenta \
 	canigou \
-	istal
+	istal \
+	tatos
 
 .PHONY: help
 help:
diff --git a/nixos/hosts/canigou/data.secret.nix b/nixos/hosts/canigou/data.secret.nix
index cb378e6a16958f458f7600914c6414a318db8666..468c5f4cfb46a548cd74f87f27554e6ecfe540f0 100644
GIT binary patch
literal 53
zcmV-50LuRWM@dveQdv+`0Bmh<#f&1*hNfi-m9m4hH_aA%Oc+T}{F)zO^dM;z;_WNo
LJ*nvyy7FT+Ij0v_

literal 156
zcmV;N0Av3EM@dveQdv+`08r^kRMA|nL{T8belfoo_kbpEGZ$j&$o5TKzB&%x)Zsk0
z$1dpW%6cy*lbV&pnEn_|LuhAuf+LS<2r{(vnZa(@8*I%CxRqG2kX7X4KH1Gc*`Jt*
zwanj4qt~SXm+s+4<nSh`kavR0?ZoY7r|E`VK?;SjlOXQ25GZUfrMXH52O=s$<?>5q
KHtpKf4%i7kcusr(

diff --git a/nixos/hosts/canigou/default.nix b/nixos/hosts/canigou/default.nix
index 621fc3e..69c0c13 100644
--- a/nixos/hosts/canigou/default.nix
+++ b/nixos/hosts/canigou/default.nix
@@ -14,7 +14,6 @@ in
     ../../shared/garbage-collector.nix
     ../../shared/docker-swarm.nix
 
-    ./services/wireguard.nix
     ./services/miniflux.nix
     ./services/telegram-bot.nix
   ];
diff --git a/nixos/hosts/default.nix b/nixos/hosts/default.nix
index 028490d..235d8cd 100644
--- a/nixos/hosts/default.nix
+++ b/nixos/hosts/default.nix
@@ -66,4 +66,10 @@ in
 
     targetHost = (import ./istal/data.secret.nix).addr;
   };
+
+  tatos = {
+    system = "x86_64-linux";
+
+    targetHost = (import ./tatos/data.secret.nix).addr;
+  };
 }
diff --git a/nixos/hosts/istal/services/wireguard.nix b/nixos/hosts/istal/services/wireguard.nix
index f665266..4c69395 100644
--- a/nixos/hosts/istal/services/wireguard.nix
+++ b/nixos/hosts/istal/services/wireguard.nix
@@ -1,7 +1,7 @@
 { config, pkgs, ... }:
 
 let
-  canigouData = import ../../canigou/data.secret.nix;
+  tatosData = import ../../tatos/data.secret.nix;
 
   istalData = import ../data.secret.nix;
   inherit (istalData.wireguard) port;
@@ -41,12 +41,10 @@ in
       privateKeyFile = config.age.secrets.wireguard-istal-private.path;
 
       peers = [
-        # List of allowed peers.
         {
-          publicKey = canigouData.wireguard.publicKey;
-          # List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
+          publicKey = tatosData.wireguard.publicKey;
           allowedIPs = [ "10.20.30.0/24" ];
-          endpoint = "${canigouData.addr}:${toString canigouData.wireguard.port}";
+          endpoint = "${tatosData.addr}:${toString tatosData.wireguard.port}";
           persistentKeepalive = 25;
         }
       ];
diff --git a/nixos/hosts/tatos/data.secret.nix b/nixos/hosts/tatos/data.secret.nix
new file mode 100644
index 0000000000000000000000000000000000000000..c25e89326fde24304d29a5363186164d644ed812
GIT binary patch
literal 155
zcmV;M0A&9FM@dveQdv+`0A7KmigIAGJu=8E_C08cW!cg%11PE^Lyjt>Z=2btL1C!{
zb{UYh7vHcHyRaGQ&hyc@olhaeD#;(kg(})gn#hai^PDbxhKe}5>BbK068d`J$1S+e
z2<zN|hmJzh0s<5{*uQwS@PuhB8)Rw6kL})WCs|rrPKT+>{YeZ9`N3HPvvKKOJtism
J^Y*O_*TpeAOvC^H

literal 0
HcmV?d00001

diff --git a/nixos/hosts/tatos/default.nix b/nixos/hosts/tatos/default.nix
new file mode 100644
index 0000000..956b037
--- /dev/null
+++ b/nixos/hosts/tatos/default.nix
@@ -0,0 +1,27 @@
+{ pkgs, ... }:
+
+let
+  data = import ../../../data.nix;
+in
+{
+  imports = [
+    ./hardware-configuration.nix
+    ./networking.secret.nix # generated at runtime by nixos-infect
+
+    ../../modules/nix.nix
+    ../../shared/common.nix
+    ../../shared/garbage-collector.nix
+
+    ./services/wireguard.nix
+  ];
+
+  boot.kernelPackages = pkgs.linuxPackages_6_1;
+  boot.tmp.cleanOnBoot = true;
+
+  zramSwap.enable = true;
+
+  networking.hostName = "tatos";
+
+  services.openssh.enable = true;
+  users.users.root.openssh.authorizedKeys.keys = data.publicKeys.users.jan;
+}
diff --git a/nixos/hosts/tatos/hardware-configuration.nix b/nixos/hosts/tatos/hardware-configuration.nix
new file mode 100644
index 0000000..ceb5686
--- /dev/null
+++ b/nixos/hosts/tatos/hardware-configuration.nix
@@ -0,0 +1,10 @@
+{ modulesPath, ... }:
+
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+  boot.loader.grub.device = "/dev/sda";
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
+  boot.initrd.kernelModules = [ "nvme" ];
+  fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
+
+}
diff --git a/nixos/hosts/tatos/networking.secret.nix b/nixos/hosts/tatos/networking.secret.nix
new file mode 100644
index 0000000000000000000000000000000000000000..c59c683899c905a8639a5617391e538737b40327
GIT binary patch
literal 929
zcmV;S177?9M@dveQdv+`09LhFU0|=@*>d_fe?<*A!a!*<`+cUy?R3h1N5IZu=Oz*w
z0~Q5u{gNo<F4yY7<Je_tIF4g37K%9*FRR7`6{{oIS;QVrAxS#u3%3IwqC8#7;dph>
zrB1fiOyeqL=SygbDLH$dwy1EcW2Y<Xr!E$XE&Y+2qGNk4-Ik~QTcFl(68|gU(c503
z!eNbX4}l%q1Lp|`hHCPAW;jA;XU9=p72K2mk+2&h0?j!e)${x0<l07d2-3(y>gHFq
z%d|6d*|A@(QmB3vL?QQpOoA;khDx2yf5)G}f^CxSP_u1N){NUK(IhSx&6rBP7%1>a
z>NTUav_qFmhVQ(4UB8Kh?5HSsU*EobMEPA{2ah9E1vMK4)2v;uWgrg&E@$9@fZ~_B
z4XEn9v-0%3K_L(Y#V4h^&#fRd?)2Q(GAxpJw4x$B`Yc9#bgAJt_;iQMKne!6#x|?z
z#|xj#GO0O%$!Q!Tb~LGgShY{0imfKJ)yAD!ylctT_ecu5__?d8;z6@D#u6BKZO3L(
zU8mkr)lPZ0FBr$L&NbaRt||Q)sSiiv<=Iv&xwq&8bSi0s&uNy)nEChpEGo|V^$a`4
zil{MEL;WBkwoE@Yyhyk=AXb<WQ@DQRCxf|r+tiCI;XGZQTyZQDS-PbziDb6cdb92B
zwjc+%>%LYa)P*0SlCQZ-M~C?oVDq$yP$I7bc<&Wj*2Xi#%xh#eY}LzQfz~=R0K;wz
zmpsOX8;4x2Lmz$QvSH<UNaEkPNT2BmGtz8+mA=$_SX%n1VztzR?LLkjL?>UoL{ii<
zbgrXRXZ7uY#z+j%R`7?2_PO-B&uCaOHgKj3cV-Z2Xf^6E>c)+6rVy|k^vP8@jh#_c
z)#OOE7V2@0GrBAbu&I|zQ32((YZ`Eg!F8{?`eCJJ7xyQmxE<XtUDGpWMf9OLwCJ+o
zGznlh9&!=MkfGG&dJj{n6A<|;xcsaw(o?Q)EEIHrhO;y#b85|Cl3HR$>O*uv+v_Hr
zw7iE%q4N0>i-v3fv%-e7A`y=2&_##T-Y)Gwy(=6#KahN0E&v4tGh$20ANf9|<wFdH
z<1G6V?BnRmVhq7;00u_74&!2?l50WVsDO(cr5)?b7h;??201i;b9@X%Dhmq&eCknM
z_fu2qQtrfUbZA}}JZFdPZ#tf?Y9_EeH!<d9zr_*Q!lH(UyR)XnX8}Uq%AY6EeWkqk
Dg8|GA

literal 0
HcmV?d00001

diff --git a/nixos/hosts/canigou/services/update_ru_routes.nix b/nixos/hosts/tatos/services/update_ru_routes.nix
similarity index 100%
rename from nixos/hosts/canigou/services/update_ru_routes.nix
rename to nixos/hosts/tatos/services/update_ru_routes.nix
diff --git a/nixos/hosts/canigou/services/update_ru_routes.sh b/nixos/hosts/tatos/services/update_ru_routes.sh
similarity index 100%
rename from nixos/hosts/canigou/services/update_ru_routes.sh
rename to nixos/hosts/tatos/services/update_ru_routes.sh
diff --git a/nixos/hosts/canigou/services/wireguard.nix b/nixos/hosts/tatos/services/wireguard.nix
similarity index 82%
rename from nixos/hosts/canigou/services/wireguard.nix
rename to nixos/hosts/tatos/services/wireguard.nix
index 77c5f7b..e355724 100644
--- a/nixos/hosts/canigou/services/wireguard.nix
+++ b/nixos/hosts/tatos/services/wireguard.nix
@@ -5,8 +5,8 @@
 let
   istalData = import ../../istal/data.secret.nix;
 
-  canigouData = import ../data.secret.nix;
-  port = canigouData.wireguard.port;
+  tatosData = import ../data.secret.nix;
+  port = tatosData.wireguard.port;
 
   update_ru_routes = pkgs.callPackage ./update_ru_routes.nix { };
 in
@@ -42,19 +42,19 @@ in
         gateway=`${pkgs.iproute}/bin/ip route | ${pkgs.gawk}/bin/awk '/default/ {print $3; exit}'`
         interface=`${pkgs.iproute}/bin/ip route | ${pkgs.gawk}/bin/awk '/default/ {print $5; exit}'`
         ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -o $interface -j MASQUERADE
-        ${pkgs.iproute}/bin/ip rule add from ${canigouData.addr} table main
-        ${pkgs.iproute}/bin/ip route add 193.0.6.150 via $gateway dev $interface
+        ${pkgs.iproute}/bin/ip rule add from ${tatosData.addr} table main
+        ${pkgs.iproute}/bin/ip route add 193.0.6.150/32 via $gateway dev $interface
       '';
       preDown = ''
         gateway=`${pkgs.iproute}/bin/ip route | ${pkgs.gawk}/bin/awk '/default/ {print $3; exit}'`
         interface=`${pkgs.iproute}/bin/ip route | ${pkgs.gawk}/bin/awk '/default/ {print $5; exit}'`
         ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -o $interface -j MASQUERADE
-        ${pkgs.iproute}/bin/ip rule del from ${canigouData.addr} table main
-        ${pkgs.iproute}/bin/ip route del 193.0.6.150 via $gateway dev $interface
+        ${pkgs.iproute}/bin/ip rule del from ${tatosData.addr} table main
+        ${pkgs.iproute}/bin/ip route del 193.0.6.150/32 via $gateway dev $interface
       '';
 
       # Path to the private key file.
-      privateKeyFile = config.age.secrets.wireguard-canigou-private.path;
+      privateKeyFile = config.age.secrets.wireguard-tatos-private.path;
 
       peers = [
         # Istal
@@ -86,8 +86,8 @@ in
     };
   };
 
-  age.secrets.wireguard-canigou-private = {
-    file = ../../../../secrets/wireguard-canigou-private.age;
+  age.secrets.wireguard-tatos-private = {
+    file = ../../../../secrets/wireguard-tatos-private.age;
     mode = "0400";
   };
 }
diff --git a/nixos/modules/wireguard-client.nix b/nixos/modules/wireguard-client.nix
index 07b5551..fcf2b20 100644
--- a/nixos/modules/wireguard-client.nix
+++ b/nixos/modules/wireguard-client.nix
@@ -1,17 +1,12 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, ... }:
 
 let
   cfg = config.local.wireguard;
 
-  # externalServerData = import ../hosts/istal/data.secret.nix;
-  serverData = import ../hosts/canigou/data.secret.nix;
-  # serverData = import ../hosts/istal/data.secret.nix;
+  serverData = import ../hosts/tatos/data.secret.nix;
 
   serverAddr = serverData.addr;
   serverPort = serverData.wireguard.port;
-
-  # Run `ip route` to show gateway
-  defaultGateway = "192.168.0.1";
 in
 {
   options.local.wireguard = with lib; {
@@ -42,17 +37,6 @@ in
         # Path to the private key file.
         privateKeyFile = cfg.privateKeyFile;
 
-        # Add a more specific ip route allowing traffic to the VPN via the default gateway
-        # Source: https://discourse.nixos.org/t/route-all-traffic-through-wireguard-interface/1480/18
-        /*
-        postUp = ''
-          ${pkgs.iproute}/bin/ip route add ${serverAddr} via ${defaultGateway}
-        '';
-        preDown = ''
-          ${pkgs.iproute}/bin/ip route del ${serverAddr} via ${defaultGateway}
-        '';
-        */
-
         peers = [
           # For a client configuration, one peer entry for the server will suffice.
 
diff --git a/nixos/shared/networking.secret.nix b/nixos/shared/networking.secret.nix
index 3d8a086b41a76c381d1f08b3799d7de8086ab042..5cc35c02b03cd5a508ef3c15a9aa9d696d999583 100644
GIT binary patch
literal 482
zcmV<80UiDTM@dveQdv+`0Hh~BUxgW-xcM{ra#x?2n%<2$ux9B3Y!vRcIV8irua9kk
z0eNA7&Elg@G8PKJzVG2fiHMb!ORm5TYtrsL+|F>-*{rW#mUbO^n8@07alJeIO1`!K
zSxqcpD=UnO-fGbNi7yX9+EKm8Tw1fJM?wbQnI%^wduhwj(CU*z*~s4HUD3A|-*MA~
z(M3XIzaJ)PNipnWf}|gEWfb4aIwHE0BCXuq^rI*gMfl(8Mz!<q>I8favu4LEwjM3+
z3OvLEP!vF>+3yG0b;!iG(?tv;e=(SIN+wvmV&@}*;ipM(zh5(DSr|h4Ga=>{V!Xum
zt}ql~Tlx}5uX;&Dig!H!5yO9YgwwZ(m`PKamtF5m7*V)Y3+TeNn5_bP-8|$nCNy)M
z$VVC09TjkvIL0F<mfW#-4BV%m7cQSNvoY-m{+v-@^_~`aHCUMy&c<?QW=Tc%x51Tf
zfrw26AP&qRv+P%T6rUZ>#Ku<r@S&h6HhKgQ1|VXjYj11cUG|?nFKSp|Dh__NJ8l4g
z$X6LT1w)R-{Ije%_zkEjowvs*${jytbD%%c&(`~IuVBslox>LP@K%OpnlDoAo-()@
Yt;B)NIx0zjzV~}yyE<V~&aE)C(qLWe@&Et;

literal 405
zcmV;G0c!pLM@dveQdv+`0Ol2yIN<*CUUVzN=}^uYABX57s<`-{=W7|(M-|P4FNGml
zvQ?`fY{=GSgxBUq0guo#_nB^9zeKcZaa~+(hLz=wGM4IQQ_!E9A=oG!enUIk*ZXFM
zD@hr3S1}ZsrOx1S<Oxp2pr{>0n+jRA9MX}fwZ`|>{hmF?cQ@mV?14*mS(4_VBHCf=
zTQ$X~Xg~+eKgTNJbfgog%32nG&?6Mcnu3DP$E(xgXp3}!O%=KxxG{|TdTofcbb2t?
z;p`OeZ>W=>pNaIRQMHC%(zkCl%4LX?*#8HKy?&IwVrx@%qg`D;${4DJ1(&8NC^a3F
zKD@kE)xCUrB@KA__5*Xa>DT^B`edMDSu;~TUO8Yk6qd4h^b%V@7VQtX&4)f<n-s@~
zdX~(bb*-MOi^4e-ul_}OZqH8PFAIhRP|Ka-B$3~c^1X)cLR8|cNq+S6kS%xs?MC|G
zgC(+3UyZr|mE-TZy_pE07BN4|8@;>jhmXpAA^YWBo(=kwa$RzxJ2a1Tj5tM?Xz<S8

diff --git a/secrets/wireguard-canigou-private.age b/secrets/wireguard-canigou-private.age
deleted file mode 100644
index 4f4fa7ed3d969b4732bc58fb53eacc0a713f3ead..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1361
zcmV-X1+Mx4M@dveQdv+`01=MMTwf%K>1+pf=1KTvvB9%f#VbVn8U8%|)0(pcL1JYT
zW~nnJj#<%(+_i%a4T@1PJ!v$~W3nvhrI_b5l@SSAs$`dSCf4sArB0{~#s?*%kX~2&
znI7<#d3#J6TJ5bb<m>*2c9Xz&D}4g*m@M%*RomaZ7?jZU!H9NA1syl)$qk5k<-UlS
zW^rh+p5QzzYO9y2F_8ZF!w9XrThyv0NcvCO`YaL(t!9|RHD(9JA<qcfqYu)wLF}Q7
z)vZy3Dr(m=#IXw$rSCG|a^sLkG|ENHY5fF>0mH_Bc-+8mP*KWdDJTdeU~1_Z7x^el
zPy8M0YQjY8w;5Utd1L*7%S7_EYA8*4YCniXhx2=rd>$Mk&JT7)2`(z|Wr;m?b?R_d
z@_h4LSE(moyMEX!Wh!R;8wJxISk8|MtUnV5jC4wSN*|Yld;nohsu&lb*E<nhc_bjH
zw#jhfF#iTY_So*+sPMgJy(%3PzL;{=TFywFNm`-B0gfG9^Evc4t~dPWvJ%Md3M!Dt
z>%nM+EzeJhQbEiV@fAL?UZIj%b374^;`R%6cAPyK?HEiO$O|DDX(HP5ewj-JTnn12
zcq%+ThH0WzweNBJ6s70vzWpZN57iCQ<fe!<??i6rf1wJhW%f{QGuoAePoe*ujX}G}
z!_G|>nKAy}${?{G@$ib)CLSN=C~U4`ti+xE41GQ~+#c2d=}DHAvk(xjBE?t3S;GzI
zU@~dt--Uq$Q4SYB^x0u1TZHH6tol-T6%=xL3COu8-bFj(?6*T*^cxj7^>>(@1;C7-
zy8{vB-Kih~>@d@XTK@uDIo(#Ps}77f4y1pPpG?ImoUG=9SroI@>ur;ao{@@A1#5S?
z*~+SEfD%x|829~qmE*1b<(lgnb;%33P>pjrZm}ulK1%@?V<iapiu+xMoV13SxqJ`l
z4Yps$De#D?ct&Ph1woR|EdR4JLA{hOj-lEu@D<nPh3la*OdOB<uI{P)o(kL>oJRf8
z&^OGZQAn6KkGM4hfxj5tv8XaA*F+`U;(3=dU>lUBMuHB2dWSM=wY{4OM=%?V^J@{y
zq(lHgCZrs`q(XBwn8f=*n#3Reux34=FJm~MnHai@5YZw6!Nlp1A*>q?{uTU)UIS)5
zjs_A8OxLQh1UU~kcZyI&*W+ol@C!tR2y+P`Bw^j`E2*UlH`2`FfP)2jTatgDFH6?i
z?Og=uK6P%^h?Y~6<*4#r>&_j)ji0Bcu*XFU)zS{+r3R!_5WZ%L)$#50f(jw+yJ5wl
z><NR#oVGexMBM^e9<DbwadCG3YvYKkVUQH8j-I3Qw-8UQX&ZOX{@yw@;-d~&z{ZI2
zp-nq!j|~x99-tB?7v>gx*uHb*IUtn+RF0~rhi6^|bSac!QYM>#NZbDi)^6v<#90r|
zASyy_PXLEptPi$Lz`>-|_`?XPH3&orE?-;l&9*s`^1MHo1>fXI0fd&D-h#S<ICuNk
z-Taz@o@oWa(jRN>(1ru$DwGz4LTwHi@QyuDIE^Ak1?#j1Bh1z{q5@GK-*jERagYIj
zcyut2>$7*{*8FPRAv_<qhv-1r5}p?;=;V8@HAy?RnIvv?9cn*4qu+gF$h!AQEyKgp
zM;IKuL)iCR=EWW5=|!-J$@V|qG$I+v8I#ke$x!${j#(y~(1vMH(zm(3F;-M|b^mU<
z(^UqSu`?7SP7p=c+JZ20RYNdVce~PEyh96fI_|}g?NZQxe(2EYy2!J%JpqFIWHZu7
TR@Wc$N-lE?*KMY>3WU+OYxkPW

diff --git a/secrets/wireguard-tatos-private.age b/secrets/wireguard-tatos-private.age
new file mode 100644
index 0000000000000000000000000000000000000000..1039776b10ca3fb94157055e16f4431d89bdddcb
GIT binary patch
literal 1435
zcmV;M1!VdFM@dveQdv+`0J1K8%=>fH1yore25O1{l(UWoM|R%#qqX+RqyOOYea4!X
zmieXpBF61gmGP3Q&_S{=k%TYc*4V+0S#J3ni}W%al$(I9B%RB-OssVNGOY&0%%vPx
zsucaA$dTAE5?x{c5MOaT>hKEw0T`G8$;S)#{}Mkr$sxSHW&?b6P;O0O)WoUZp|!iB
z8oNHL13={yd%4nrn?_V9<1z9H!U&xxyA(*mEQ!^s3W}*qkB01Ow&tveg5#>zii`M+
z>+aKe55OZ*1r`j~IzKE)$imoqX?$X%_(PgRW^1I+w<9K;Wi-Z?wAq6?#)6bWDwuTA
zE?fvA&!`Y!W{kH4^o5?BQB>tg7?#j9k%q^<-zQN4XG#gU(*zKWvt!`|n7@vKS~=Oi
z8l#r$4dEX5f8?)u73*KAD%h+qV^kAwtqKCa1_G22di!8b(ww1#v<e-*-e8;AhN)yo
zQYq$}N&#q0tT0Q0s`iAv9sif#4dYD22cmZRGAmq=I$&EACvMKceDgK>-rG6Dq#hu!
zSrl@fs*YJ_a!=wBA0({&Z~th_iuN51u#~9XKR5%&XT}0M4Fsx<>4G7KkAI^wzT#ln
z<r_@ilmL@>NDbz0t}#p&M&0sIsLANVW_005>oNy(M0cx6YZZ1rdUH24XA)<E0}?o_
z-Xe#{u`0WTgx=GTHuc|+Y9A(^5)Uf*$GK<xY>(?Dn`L{%NlTc#)*N<vuk>Me#~CK)
z@o53W*HdH~L^_IO9K$%d&CqfaJ%}B#-<=W%72s9!eV{av<sAk{+5@kY9m2wYQ<ctD
z1+WP_dK9T#(O`7!UIh+s#kQ8a+@tyB_)w8Trxx{u^imD-y5-1cJ2s8m5PWAUOftFn
zCc+YdWN`N8!$g{}dejFiT;@L7AJ@vzG<W-leWJdrYoz@*DIgzA2PwPcF;Vm2i@{m9
z&05zo0Wgrfv>XTUK@0QNbMiIMsf=Q$;*zvTz`b@Exb<;UmUM4ks1><N`!Q#TF4`JS
z89|<LD(*!Y7|D0&4ze-^55pROzB({9m);~J9hgDTE0TfEWy}baI}&3G*_NAv`!CZr
zO%6XUSI*6r!?9Y)bkmR2bs&>V^W`Tw<v~0eB8Uk=)iG=+A1*W?`7eIa1l)^I4u07i
z?FjpyBNZW!$0oPF-tT8?6`v3nN^ptNmSz2iCQ<V`_DH=XPzcijkDEB~n}AJZt4KzC
zr?skp5>!Oyvhl%p8=FtQQ{tDWw!`5*kxIUYjQGY2Ai%&LILcLNy5m<oXN6}V8%eI{
z+L|t9Z{2t+Xv;?FaNy9lU~~RnzI7=6QyLcooeu}c`|Kypo{uYeIo5cWEFUxmx|C)w
zlt5r7wKRjoST0PTQbSNz0pgS~M4<Qeu-6{2{6m8LgC>2e^?Iuq+oKj}laZ{PVJlL6
z-g6Z*0-F#mpOJD{keXkzrqdI#&)i=ck>MlQaU;)?ISnATQK#<O^BL;sj+}yBHyGBw
zckgv__vVb%s?^&SSe_B%*>v6oLTnvmYBz~SDFvpqn^<=(55Edor_fd;uGoK$eq=0o
zZze;uvC-zl%W)hd0b(&;aaokF$y-|X3AP4K*6MDO7W6yNJ_QMdjIifGE{?W=V8I7&
z+D-hTp<@bMO_?)-Ulxv8splGf^sv<N`DF&MN7<Q%q#<iMV;9XL``o^Hs?2w~zDZsO
z+az?sE%v+b(avL4jvE_XtWlY&Dh`#|Yc#qcS&$`jPvVi#Sq8f@n8E7^p##$fTk&}*
zfGydDsgU5F&^x{R#iO@RZY-?0J}Q$XO&Ag<kndd_Mh^k3sYNHeVUVDs%`)9=NT*#$
p&|tQuI;yl29dz*6tlU|}<To>Z=TXNI{1xiUcyYf&=fg?=0?pT+zq$Yb

literal 0
HcmV?d00001