about summary refs log tree commit diff
path: root/lib/private-wireguard.nix
diff options
context:
space:
mode:
Diffstat (limited to 'lib/private-wireguard.nix')
-rw-r--r--lib/private-wireguard.nix18
1 files changed, 6 insertions, 12 deletions
diff --git a/lib/private-wireguard.nix b/lib/private-wireguard.nix
index 5369c3f..d77c7dd 100644
--- a/lib/private-wireguard.nix
+++ b/lib/private-wireguard.nix
@@ -3,7 +3,7 @@
 let
   inherit (lib) mkEnableOption mkOption mkIf types;
   inherit (builtins) readFile fromTOML fromJSON;
-
+  secrets = config.age.secrets;
   cfg = config.networking.private-wireguard;
   port = 51871;
   wgcfg = fromTOML (readFile ./../configs/wireguard.toml);
@@ -16,22 +16,17 @@ in {
   };
 
   config = lib.mkIf cfg.enable {
-    age.secrets.wg-privkey = {
-      file = ../secrets/network/${config.networking.hostName}/wireguard_privatekey.age;
-      mode = "0440";
-      owner = "0";
-    };
-
     networking = {
       wireguard.interfaces.wg0 = {
         listenPort = port;
-        privateKeyFile = "/run/agenix/wg-privkey";
+        privateKeyFile =
+          secrets."network/${config.networking.hostName}/wireguard_privatekey".path;
         ips = [
           "${wgcfg.subnet4}.${toString thisPeer.ipv4}/${toString wgcfg.mask4}"
         ];
 
-        peers = lib.mapAttrsToList
-          (name: peer: {
+        peers = lib.mapAttrsToList (name: peer:
+          {
             allowedIPs = [
               "${wgcfg.subnet4}.${toString peer.ipv4}/${toString wgcfg.mask4}"
             ];
@@ -40,8 +35,7 @@ in {
             endpoint = "${peer.externalIp}:${toString port}";
           } // lib.optionalAttrs (!(thisPeer ? externalIp)) {
             persistentKeepalive = 10;
-          })
-          otherPeers;
+          }) otherPeers;
       };
     };
   };
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-10-16 22:37:29 +0000