From e6a9ab8d29c089668c7c5372c5db5889a3efeb58 Mon Sep 17 00:00:00 2001
From: Yuri Tatishchev <itatishch@gmail.com>
Date: Tue, 3 Jun 2025 19:27:35 -0700
Subject: [PATCH] WIP: router: wireguard: finalize wg0 config for now

---
 hosts/router/wireguard.nix | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/hosts/router/wireguard.nix b/hosts/router/wireguard.nix
index 61252d4..97d7837 100644
--- a/hosts/router/wireguard.nix
+++ b/hosts/router/wireguard.nix
@@ -28,14 +28,18 @@ in
     mapPeer = name: peer: {
       name = peerSecretName name;
       value.encrypted.file = ./secrets/wireguard/${peerSecretName name}.age;
-      value.decrypted.user = "systemd-network";
-      value.decrypted.group = "systemd-network";
     };
     peerSecrets = lib.attrsets.mapAttrs' mapPeer pskPeers;
-  in
-  {
-    wg0-private-key.encrypted.file = ./secrets/wireguard/wg0-private-key.age;
-  } // peerSecrets;
+
+    allSecrets = {
+      wg0-private-key.encrypted.file = ./secrets/wireguard/wg0-private-key.age;
+    } // peerSecrets;
+
+    setSecretOwnership = name: value: value // {
+      decrypted.user = "systemd-network";
+      decrypted.group = "systemd-network";
+    };
+  in lib.attrsets.mapAttrs setSecretOwnership allSecrets;
 
   systemd.network.netdevs = {
     "10-wg0" = {