-{ pkgs, lib, config, hostName, inputs, ... }:
+{ config, inputs, ... }:
let
inherit (config.security) gnupg;
iface = "wg-intra";
in
{
-imports = [
- (inputs.julm-nix + "/nixos/profiles/wireguard/wg-intra.nix")
-];
-networking.wireguard.interfaces.${iface} = {
- privateKeyFile = gnupg.secrets."wireguard/${iface}/privateKey".path;
-};
-security.gnupg.secrets."wireguard/${iface}/privateKey" = {
-/*
- systemdConfig.serviceConfig = {
- before = [ "wireguard-${iface}.service" ];
- wantedBy = [ "wireguard-${iface}.service" ];
- requiredBy = [ "wireguard-${iface}.service" ];
+ imports = [
+ (inputs.julm-nix + "/nixos/profiles/wireguard/wg-intra.nix")
+ ];
+ networking.wireguard.${iface}.peers = {
+ losurdo.enable = true;
+ oignon.enable = true;
+ };
+ networking.wireguard.interfaces.${iface} = {
+ privateKeyFile = gnupg.secrets."wireguard/${iface}/privateKey".path;
+ };
+ security.gnupg.secrets."wireguard/${iface}/privateKey" = {
+ /*
+ systemdConfig.serviceConfig = {
+ before = [ "wireguard-${iface}.service" ];
+ wantedBy = [ "wireguard-${iface}.service" ];
+ requiredBy = [ "wireguard-${iface}.service" ];
+ };
+ */
+ };
+ systemd.services."wireguard-${iface}" = {
+ after = [ gnupg.secrets."wireguard/${iface}/privateKey".service ];
+ requires = [ gnupg.secrets."wireguard/${iface}/privateKey".service ];
};
-*/
-};
-systemd.services."wireguard-${iface}" = {
- after = [ gnupg.secrets."wireguard/${iface}/privateKey".service ];
- requires = [ gnupg.secrets."wireguard/${iface}/privateKey".service ];
-};
}
sourcephile / git / sourcephile-nix.git / blobdiff