diff options
| author | Franck Cuny <franck@fcuny.net> | 2022-02-24 19:12:17 -0800 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2022-02-24 19:12:17 -0800 |
| commit | ba5c5d9f4400759cbcaf137fc98db1c9789e3f78 (patch) | |
| tree | 6e9a70500464f9becbf19b9a5dfc43bee5670426 /lib/private-wireguard.nix | |
| parent | backups: initial configuration (diff) | |
| download | infra-ba5c5d9f4400759cbcaf137fc98db1c9789e3f78.tar.gz | |
agenix: store wireguard key in persistent storage
The key was created under /run/agenix, which is wiped out after a
reboot. The key being absent prevents the wireguard interface to come
up. Store the key somewhere persistent to prevent this to happen.
Diffstat (limited to '')
| -rw-r--r-- | lib/private-wireguard.nix | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/lib/private-wireguard.nix b/lib/private-wireguard.nix index e063f39..0d9b904 100644 --- a/lib/private-wireguard.nix +++ b/lib/private-wireguard.nix @@ -16,12 +16,10 @@ in { }; config = lib.mkIf cfg.enable { - networking = let - age.secrets.wg-net.file = ../secrets/network/hostname/wireguard_privatekey.age; - in { + networking = { wireguard.interfaces.wg0 = { listenPort = port; - privateKeyFile = "/run/agenix/wireguard_privatekey"; + privateKeyFile = "/var/lib/wireguard/wg0.key"; ips = [ "${wgcfg.subnet4}.${toString thisPeer.ipv4}/${toString wgcfg.mask4}" ]; |