From 7256b7fbc38cc2d11f25318bf2702472c9b0fb97 Mon Sep 17 00:00:00 2001
From: Romain Paquet <rpqt@rpqt.fr>
Date: Fri, 21 Nov 2025 21:15:35 +0100
Subject: [PATCH] clan: add wireguard

---
 clan/network.nix                 | 15 +++++++++++++++
 infra/templates/turifer.dev.zone |  7 +++++++
 2 files changed, 22 insertions(+)

diff --git a/clan/network.nix b/clan/network.nix
index ee0286e..2cf7400 100644
--- a/clan/network.nix
+++ b/clan/network.nix
@@ -17,4 +17,19 @@
       settings.host = "git.turifer.dev";
     };
   };
+
+  clan.inventory.instances.wireguard = {
+    module.name = "wireguard";
+    module.input = "clan-core";
+    roles.controller = {
+      machines.verbena.settings = {
+        endpoint = "wg1.turifer.dev";
+      };
+    };
+    roles.peer.machines = {
+      haze = { };
+      crocus = { };
+      genepi = { };
+    };
+  };
 }
diff --git a/infra/templates/turifer.dev.zone b/infra/templates/turifer.dev.zone
index bee1da4..f5cd895 100644
--- a/infra/templates/turifer.dev.zone
+++ b/infra/templates/turifer.dev.zone
@@ -30,3 +30,10 @@ buildbot.turifer.dev. 10800 IN A ${addr}
 %{ for addr in verbena_ipv6_addresses ~}
 buildbot.turifer.dev. 10800 IN AAAA ${addr}
 %{ endfor ~}
+
+%{ for addr in verbena_ipv4_addresses ~}
+wg1.turifer.dev. 10800 IN A ${addr}
+%{ endfor ~}
+%{ for addr in verbena_ipv6_addresses ~}
+wg1.turifer.dev. 10800 IN AAAA ${addr}
+%{ endfor ~}