about summary refs log tree commit diff
path: root/lib
diff options
context:
space:
mode:
authorFranck Cuny <franck@fcuny.net>2022-02-24 19:12:17 -0800
committerFranck Cuny <franck@fcuny.net>2022-02-24 19:12:17 -0800
commitba5c5d9f4400759cbcaf137fc98db1c9789e3f78 (patch)
tree6e9a70500464f9becbf19b9a5dfc43bee5670426 /lib
parentbackups: initial configuration (diff)
downloadworld-ba5c5d9f4400759cbcaf137fc98db1c9789e3f78.tar.gz
agenix: store wireguard key in persistent storage
The key was created under /run/agenix, which is wiped out after a
reboot. The key being absent prevents the wireguard interface to come
up. Store the key somewhere persistent to prevent this to happen.
Diffstat (limited to 'lib')
-rw-r--r--lib/private-wireguard.nix6
1 files changed, 2 insertions, 4 deletions
diff --git a/lib/private-wireguard.nix b/lib/private-wireguard.nix
index e063f39..0d9b904 100644
--- a/lib/private-wireguard.nix
+++ b/lib/private-wireguard.nix
@@ -16,12 +16,10 @@ in {
   };
 
   config = lib.mkIf cfg.enable {
-    networking = let
-      age.secrets.wg-net.file = ../secrets/network/hostname/wireguard_privatekey.age;
-    in {
+    networking = {
       wireguard.interfaces.wg0 = {
         listenPort = port;
-        privateKeyFile = "/run/agenix/wireguard_privatekey";
+        privateKeyFile = "/var/lib/wireguard/wg0.key";
         ips = [
           "${wgcfg.subnet4}.${toString thisPeer.ipv4}/${toString wgcfg.mask4}"
         ];