CaZzzer/nix-conf
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

WIP: router: wireguard: finalize wg0 config for now

Browse Source
This commit is contained in:
Yuri Tatishchev 2025-06-03 19:27:35 -07:00
parent b39b5abb3e
commit e6a9ab8d29
Signed by: CaZzzer
SSH Key Fingerprint: SHA256:sqXB3fe0LMpfH+IeM/vlmxKdso52kssrIJBlwKXVe1U
1 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
hosts/router/wireguard.nix
View File

@ -28,14 +28,18 @@ in
mapPeer = name: peer: { mapPeer = name: peer: {
name = peerSecretName name; name = peerSecretName name;
value.encrypted.file = ./secrets/wireguard/${peerSecretName name}.age; value.encrypted.file = ./secrets/wireguard/${peerSecretName name}.age;
value.decrypted.user = "systemd-network";
value.decrypted.group = "systemd-network";
}; };
peerSecrets = lib.attrsets.mapAttrs' mapPeer pskPeers; peerSecrets = lib.attrsets.mapAttrs' mapPeer pskPeers;
in
{ allSecrets = {
wg0-private-key.encrypted.file = ./secrets/wireguard/wg0-private-key.age; wg0-private-key.encrypted.file = ./secrets/wireguard/wg0-private-key.age;
} // peerSecrets; } // peerSecrets;
setSecretOwnership = name: value: value // {
decrypted.user = "systemd-network";
decrypted.group = "systemd-network";
};
in lib.attrsets.mapAttrs setSecretOwnership allSecrets;
systemd.network.netdevs = { systemd.network.netdevs = {
"10-wg0" = { "10-wg0" = {