aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--lib/private-wireguard.nix10
1 files changed, 8 insertions, 2 deletions
diff --git a/lib/private-wireguard.nix b/lib/private-wireguard.nix
index 0d9b904..25f30b4 100644
--- a/lib/private-wireguard.nix
+++ b/lib/private-wireguard.nix
@@ -5,7 +5,7 @@ let
inherit (builtins) readFile fromTOML fromJSON;
cfg = config.networking.private-wireguard;
- port = 51871;
+ port = 51820;
wgcfg = fromTOML (readFile ./../configs/wireguard.toml);
allPeers = wgcfg.peers;
thisPeer = allPeers."${hostname}" or null;
@@ -16,10 +16,16 @@ in {
};
config = lib.mkIf cfg.enable {
+ age.secrets.wg-privkey = {
+ file = ../secrets/network/${config.networking.hostName}/wireguard_privatekey.age;
+ mode = "0440";
+ owner = "0";
+ };
+
networking = {
wireguard.interfaces.wg0 = {
listenPort = port;
- privateKeyFile = "/var/lib/wireguard/wg0.key";
+ privateKeyFile = "/run/agenix/wg-privkey";
ips = [
"${wgcfg.subnet4}.${toString thisPeer.ipv4}/${toString wgcfg.mask4}"
];
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 14:51:17 +0000