about summary refs log tree commit diff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/default.nix1
-rw-r--r--lib/private-wireguard.nix18
2 files changed, 6 insertions, 13 deletions
diff --git a/lib/default.nix b/lib/default.nix
index 26cd954..4331bf3 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -11,7 +11,6 @@
         inherit inputs system hostname;
       };
       modules = [
-        inputs.agenix.nixosModules.age
         ../modules
         ../profiles
         ../hosts/${hostname}
diff --git a/lib/private-wireguard.nix b/lib/private-wireguard.nix
index 5369c3f..d77c7dd 100644
--- a/lib/private-wireguard.nix
+++ b/lib/private-wireguard.nix
@@ -3,7 +3,7 @@
 let
   inherit (lib) mkEnableOption mkOption mkIf types;
   inherit (builtins) readFile fromTOML fromJSON;
-
+  secrets = config.age.secrets;
   cfg = config.networking.private-wireguard;
   port = 51871;
   wgcfg = fromTOML (readFile ./../configs/wireguard.toml);
@@ -16,22 +16,17 @@ in {
   };
 
   config = lib.mkIf cfg.enable {
-    age.secrets.wg-privkey = {
-      file = ../secrets/network/${config.networking.hostName}/wireguard_privatekey.age;
-      mode = "0440";
-      owner = "0";
-    };
-
     networking = {
       wireguard.interfaces.wg0 = {
         listenPort = port;
-        privateKeyFile = "/run/agenix/wg-privkey";
+        privateKeyFile =
+          secrets."network/${config.networking.hostName}/wireguard_privatekey".path;
         ips = [
           "${wgcfg.subnet4}.${toString thisPeer.ipv4}/${toString wgcfg.mask4}"
         ];
 
-        peers = lib.mapAttrsToList
-          (name: peer: {
+        peers = lib.mapAttrsToList (name: peer:
+          {
             allowedIPs = [
               "${wgcfg.subnet4}.${toString peer.ipv4}/${toString wgcfg.mask4}"
             ];
@@ -40,8 +35,7 @@ in {
             endpoint = "${peer.externalIp}:${toString port}";
           } // lib.optionalAttrs (!(thisPeer ? externalIp)) {
             persistentKeepalive = 10;
-          })
-          otherPeers;
+          }) otherPeers;
       };
     };
   };