clerie/nixfiles
1
0
Fork 0
Code

modules/wg-clerie: migrate to age secrets

Browse Source
This commit is contained in:
clerie 2023-06-20 18:36:28 +02:00
parent f07dbd3c53
commit 11a5a520d8
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
hosts/astatine/secrets/wg-clerie.age Normal file
View File

Binary file not shown.

6
modules/wg-clerie/default.nix
View File

@ -11,8 +11,8 @@ in
services.wg-clerie = { services.wg-clerie = {
enable = mkEnableOption "VPN for public static IP"; enable = mkEnableOption "VPN for public static IP";
privateKeyFile = mkOption { privateKeyFile = mkOption {
type = types.str; type = with types; nullOr str;
default = "/var/src/secrets/wireguard/wg-clerie"; default = null;
description = "Path to file containing private key for wireguard interface"; description = "Path to file containing private key for wireguard interface";
}; };
ipv6s = mkOption { ipv6s = mkOption {
@ -49,7 +49,7 @@ in
networking.wireguard.enable = true; networking.wireguard.enable = true;
networking.wireguard.interfaces = { networking.wireguard.interfaces = {
wg-clerie = { wg-clerie = {
inherit (cfg) privateKeyFile; privateKeyFile = if cfg.privateKeyFile == null then config.age.secrets.wg-clerie.path else cfg.privateKeyFile;
ips = cfg.ipv6s ++ cfg.ipv4s; ips = cfg.ipv6s ++ cfg.ipv4s;
table = "wg-clerie"; table = "wg-clerie";
peers = [ peers = [