]> Git — Sourcephile - sourcephile-nix.git/blob - hosts/carotte/networking/wireguard/intranet.nix
mermet: creds: reencrypt
[sourcephile-nix.git] / hosts / carotte / networking / wireguard / intranet.nix
1 { config, inputs, ... }:
2 let
3 inherit (config.security) gnupg;
4 iface = "wg-intra";
5 in
6 {
7 imports = [
8 (inputs.julm-nix + "/nixos/profiles/wireguard/wg-intra.nix")
9 ];
10 networking.wireguard.${iface}.peers = {
11 losurdo.enable = true;
12 oignon.enable = true;
13 };
14 networking.wireguard.interfaces.${iface} = {
15 privateKeyFile = gnupg.secrets."wireguard/${iface}/privateKey".path;
16 };
17 security.gnupg.secrets."wireguard/${iface}/privateKey" = {
18 /*
19 systemdConfig.serviceConfig = {
20 before = [ "wireguard-${iface}.service" ];
21 wantedBy = [ "wireguard-${iface}.service" ];
22 requiredBy = [ "wireguard-${iface}.service" ];
23 };
24 */
25 };
26 systemd.services."wireguard-${iface}" = {
27 after = [ gnupg.secrets."wireguard/${iface}/privateKey".service ];
28 requires = [ gnupg.secrets."wireguard/${iface}/privateKey".service ];
29 };
30 }