diff options
| author | Franck Cuny <franck@fcuny.net> | 2022-04-13 10:23:20 -0700 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2022-04-13 10:23:20 -0700 |
| commit | 5e4d8a007254b9811c86b2ea142a280c9828271d (patch) | |
| tree | 83c1b8e3ab3b502cb82c79d8438e201334f012c4 /lib | |
| parent | secrets: fix the path to the ssh key (diff) | |
| download | infra-5e4d8a007254b9811c86b2ea142a280c9828271d.tar.gz | |
secrets: move the actual secrets with hosts config
Having the secrets closer to the host is easier to manage. At the moment
I don't have secrets that are shared across multiple hosts, so that's an
OK approach.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private-wireguard.nix | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/lib/private-wireguard.nix b/lib/private-wireguard.nix index d77c7dd..706dfd8 100644 --- a/lib/private-wireguard.nix +++ b/lib/private-wireguard.nix @@ -19,8 +19,7 @@ in { networking = { wireguard.interfaces.wg0 = { listenPort = port; - privateKeyFile = - secrets."network/${config.networking.hostName}/wireguard_privatekey".path; + privateKeyFile = secrets."wireguard_privatekey".path; ips = [ "${wgcfg.subnet4}.${toString thisPeer.ipv4}/${toString wgcfg.mask4}" ]; |