From 5e4d8a007254b9811c86b2ea142a280c9828271d Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Wed, 13 Apr 2022 10:23:20 -0700
Subject: secrets: move the actual secrets with hosts config

Having the secrets closer to the host is easier to manage. At the moment
I don't have secrets that are shared across multiple hosts, so that's an
OK approach.
---
 lib/private-wireguard.nix | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'lib')

diff --git a/lib/private-wireguard.nix b/lib/private-wireguard.nix
index d77c7dd..706dfd8 100644
--- a/lib/private-wireguard.nix
+++ b/lib/private-wireguard.nix
@@ -19,8 +19,7 @@ in {
     networking = {
       wireguard.interfaces.wg0 = {
         listenPort = port;
-        privateKeyFile =
-          secrets."network/${config.networking.hostName}/wireguard_privatekey".path;
+        privateKeyFile = secrets."wireguard_privatekey".path;
         ips = [
           "${wgcfg.subnet4}.${toString thisPeer.ipv4}/${toString wgcfg.mask4}"
         ];
-- 
cgit v1.2.3