nix: update to nixos-23.11

[julm/julm-nix.git] / nixos / profiles / wireguard / wg-intra.nix

diff --git a/nixos/profiles/wireguard/wg-intra.nix b/nixos/profiles/wireguard/wg-intra.nix
index 49fab9973a075f5f3749c24e75359bf2b1261575..ca4bcdf710e6fc8161ca6994038afc62b42686aa 100644 (file)
--- a/nixos/profiles/wireguard/wg-intra.nix
+++ b/nixos/profiles/wireguard/wg-intra.nix
@@ -11,8 +11,8 @@ in
       enable = lib.mkEnableOption "this peer";
     });
   config = {
-    systemd.services."wireguard-${wgIface}".serviceConfig.LoadCredentialEncrypted =
-      [ "privateKey:${inputs.self}/hosts/${hostName}/wireguard/${wgIface}/privateKey.cred" ];
+    #systemd.services."wireguard-${wgIface}".serviceConfig.LoadCredentialEncrypted =
+    #  [ "privateKey:${inputs.self}/hosts/${hostName}/wireguard/${wgIface}/privateKey.cred" ];
     networking.wireguard.interfaces.${wgIface} = lib.recursiveUpdate
       (removeAttrs peers.${hostName} [ "ipv4" "persistentKeepalive" "peer" ])
       {
@@ -111,9 +111,5 @@ in
       (host: host.peer.allowedIPs)
       (lib.attrValues peers);
     networking.networkmanager.unmanaged = [ wgIface ];
-    systemd.services.sshd.after = [ "wireguard-${wgIface}.service" ];
-    services.openssh.listenAddresses = [
-      { addr = peers.${hostName}.ipv4; port = 22; }
-    ];
   };
 }