diff options
Diffstat (limited to 'lib/private-wireguard.nix')
-rw-r--r-- | lib/private-wireguard.nix | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/lib/private-wireguard.nix b/lib/private-wireguard.nix index 0d9b904..25f30b4 100644 --- a/lib/private-wireguard.nix +++ b/lib/private-wireguard.nix @@ -5,7 +5,7 @@ let inherit (builtins) readFile fromTOML fromJSON; cfg = config.networking.private-wireguard; - port = 51871; + port = 51820; wgcfg = fromTOML (readFile ./../configs/wireguard.toml); allPeers = wgcfg.peers; thisPeer = allPeers."${hostname}" or null; @@ -16,10 +16,16 @@ in { }; config = lib.mkIf cfg.enable { + age.secrets.wg-privkey = { + file = ../secrets/network/${config.networking.hostName}/wireguard_privatekey.age; + mode = "0440"; + owner = "0"; + }; + networking = { wireguard.interfaces.wg0 = { listenPort = port; - privateKeyFile = "/var/lib/wireguard/wg0.key"; + privateKeyFile = "/run/agenix/wg-privkey"; ips = [ "${wgcfg.subnet4}.${toString thisPeer.ipv4}/${toString wgcfg.mask4}" ]; |