1 { pkgs, lib, config, hostName, inputs, ... }:
3 inherit (config.security) gnupg;
8 (inputs.julm-nix + "/nixos/profiles/wireguard/wg-intra.nix")
10 networking.wireguard.interfaces.${iface} = {
11 privateKeyFile = gnupg.secrets."wireguard/${iface}/privateKey".path;
13 security.gnupg.secrets."wireguard/${iface}/privateKey" = {
15 systemdConfig.serviceConfig = {
16 before = [ "wireguard-${iface}.service" ];
17 wantedBy = [ "wireguard-${iface}.service" ];
18 requiredBy = [ "wireguard-${iface}.service" ];
22 systemd.services."wireguard-${iface}" = {
23 after = [ gnupg.secrets."wireguard/${iface}/privateKey".service ];
24 requires = [ gnupg.secrets."wireguard/${iface}/privateKey".service ];