about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--lib/private-wireguard.nix10
1 files changed, 8 insertions, 2 deletions
diff --git a/lib/private-wireguard.nix b/lib/private-wireguard.nix
index 0d9b904..25f30b4 100644
--- a/lib/private-wireguard.nix
+++ b/lib/private-wireguard.nix
@@ -5,7 +5,7 @@ let
   inherit (builtins) readFile fromTOML fromJSON;
 
   cfg = config.networking.private-wireguard;
-  port = 51871;
+  port = 51820;
   wgcfg = fromTOML (readFile ./../configs/wireguard.toml);
   allPeers = wgcfg.peers;
   thisPeer = allPeers."${hostname}" or null;
@@ -16,10 +16,16 @@ in {
   };
 
   config = lib.mkIf cfg.enable {
+    age.secrets.wg-privkey = {
+      file = ../secrets/network/${config.networking.hostName}/wireguard_privatekey.age;
+      mode = "0440";
+      owner = "0";
+    };
+
     networking = {
       wireguard.interfaces.wg0 = {
         listenPort = port;
-        privateKeyFile = "/var/lib/wireguard/wg0.key";
+        privateKeyFile = "/run/agenix/wg-privkey";
         ips = [
           "${wgcfg.subnet4}.${toString thisPeer.ipv4}/${toString wgcfg.mask4}"
         ];