resolved
(on NixOS) so it resolves any <machine-name>.vpn
or <machine>
to the bastion’s IP address.dnsmasq
server on port 53 that listens to the Wireguard network interface, with the list of the hosts and their IP addresses stored in /etc/hosts
. In doing so, there is no need for the existing hosts to re-deploy their configuration if a new host is added to the project.nicos create
command.Generate the bastion keys
bastion
machine:hosts-nixos/bastion.vpn.age
private key and prints the public key that will be used in the next step.Bastion configuration
Generate the client keys
bastion
machine:hosts-nixos/client.vpn.age
private key and prints the public key that will be used in the next step.Configure the client
Deploy the configurations