WIP: router: wireguard: finalize wg0 config for now

2025-06-03 19:27:35 -07:00 · 2025-06-03 19:27:35 -07:00 · e6a9ab8d29
commit e6a9ab8d29
parent b39b5abb3e
1 changed files with 10 additions and 6 deletions
--- a/hosts/router/wireguard.nix
+++ b/hosts/router/wireguard.nix
@ -28,14 +28,18 @@ in
    mapPeer = name: peer: {
      name = peerSecretName name;
      value.encrypted.file = ./secrets/wireguard/${peerSecretName name}.age;
-      value.decrypted.user = "systemd-network";
-      value.decrypted.group = "systemd-network";
    };
    peerSecrets = lib.attrsets.mapAttrs' mapPeer pskPeers;
-  in
-  {
-    wg0-private-key.encrypted.file = ./secrets/wireguard/wg0-private-key.age;
-  } // peerSecrets;
+
+    allSecrets = {
+      wg0-private-key.encrypted.file = ./secrets/wireguard/wg0-private-key.age;
+    } // peerSecrets;
+
+    setSecretOwnership = name: value: value // {
+      decrypted.user = "systemd-network";
+      decrypted.group = "systemd-network";
+    };
+  in lib.attrsets.mapAttrs setSecretOwnership allSecrets;

  systemd.network.netdevs = {
    "10-wg0" = {