nix: update home-manager input

[julm/julm-nix.git] / hosts / oignon / wireguard.nix

diff --git a/hosts/oignon/wireguard.nix b/hosts/oignon/wireguard.nix
index 411cd8f024697fa569fd8fb510e5bea422f67b3a..fef5a842063cfc0694ba5299bb378b358333ed50 100644 (file)
--- a/hosts/oignon/wireguard.nix
+++ b/hosts/oignon/wireguard.nix
@@ -1,30 +1,12 @@
-{ pkgs, lib, config, ... }:
+_:
 {
-networking.wireguard.wg-intra.peers.mermet.enable = true;
-networking.wireguard.wg-intra.peers.losurdo.enable = true;
-networking.wireguard.wg-intra.peers.patate.enable = true;
-networking.hosts."192.168.42.2" = [
-  "sourcephile.wg"
-  "builds.sourcephile.wg"
-  "dispatch.sourcephile.wg"
-  "git.sourcephile.wg"
-  "hg.sourcephile.wg"
-  "hub.sourcephile.wg"
-  "lists.sourcephile.wg"
-  "man.sourcephile.wg"
-  "meta.sourcephile.wg"
-  "pages.sourcephile.wg"
-  "paste.sourcephile.wg"
-  "todo.sourcephile.wg"
-];
-/*
-systemd.services =
-  {
-    openssh = {
-      after = ["wireguard-${iface}.service"];
-      serviceConfig.Restart = "on-failure";
-    };
+  systemd.services."wireguard-wg-intra".serviceConfig.LoadCredentialEncrypted = [
+    "privateKey:${./wireguard/wg-intra/privateKey.cred}"
+  ];
+  networking.wireguard.wg-intra.peers = {
+    mermet.enable = true;
+    losurdo.enable = true;
+    patate.enable = true;
+    aubergine.enable = true;
   };
-services.openssh.listenAddresses = map (ip: {addr=lib.removeSuffix "/32" ip;}) peer.allowedIPs;
-*/
 }