diff options
author | Franck Cuny <franck@fcuny.net> | 2022-02-24 19:12:17 -0800 |
---|---|---|
committer | Franck Cuny <franck@fcuny.net> | 2022-02-24 19:12:17 -0800 |
commit | ba5c5d9f4400759cbcaf137fc98db1c9789e3f78 (patch) | |
tree | 6e9a70500464f9becbf19b9a5dfc43bee5670426 /lib | |
parent | backups: initial configuration (diff) | |
download | world-ba5c5d9f4400759cbcaf137fc98db1c9789e3f78.tar.gz |
agenix: store wireguard key in persistent storage
The key was created under /run/agenix, which is wiped out after a reboot. The key being absent prevents the wireguard interface to come up. Store the key somewhere persistent to prevent this to happen.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/private-wireguard.nix | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/lib/private-wireguard.nix b/lib/private-wireguard.nix index e063f39..0d9b904 100644 --- a/lib/private-wireguard.nix +++ b/lib/private-wireguard.nix @@ -16,12 +16,10 @@ in { }; config = lib.mkIf cfg.enable { - networking = let - age.secrets.wg-net.file = ../secrets/network/hostname/wireguard_privatekey.age; - in { + networking = { wireguard.interfaces.wg0 = { listenPort = port; - privateKeyFile = "/run/agenix/wireguard_privatekey"; + privateKeyFile = "/var/lib/wireguard/wg0.key"; ips = [ "${wgcfg.subnet4}.${toString thisPeer.ipv4}/${toString wgcfg.mask4}" ]; |