From 667b4c7a4614ea70c1b020df41bcc25437f51ded Mon Sep 17 00:00:00 2001 From: Danilo Reyes Date: Tue, 28 Oct 2025 13:53:18 -0600 Subject: [PATCH] Refactor WireGuard secret paths for Linode configuration - Updated secret paths in wireguard-linode.nix and configuration.nix to use 'linode' instead of 'wireguard' for clarity and consistency. - Adjusted private key file references in wireguard.nix to align with the new secret path structure. --- hosts/linode/wireguard-linode.nix | 4 ++-- hosts/server/configuration.nix | 4 ++-- modules/services/wireguard.nix | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/hosts/linode/wireguard-linode.nix b/hosts/linode/wireguard-linode.nix index 9ee2647..8897b72 100644 --- a/hosts/linode/wireguard-linode.nix +++ b/hosts/linode/wireguard-linode.nix @@ -6,7 +6,7 @@ }: { config = lib.mkIf config.my.services.wireguard.enable { - sops.secrets."wireguard/linode/private" = lib.mkIf config.my.secureHost { + sops.secrets."linode/linode/private" = lib.mkIf config.my.secureHost { sopsFile = ../../secrets/wireguard.yaml; }; networking = { @@ -46,7 +46,7 @@ listenPort = 51820; privateKeyFile = if config.my.secureHost then - config.sops.secrets."wireguard/linode/private".path + config.sops.secrets."linode/linode/private".path else "/var/lib/wireguard/private.key"; postSetup = "${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s ${config.my.ips.wg-friends}/24 -o ${ diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix index c8b3422..4ebbaa1 100644 --- a/hosts/server/configuration.nix +++ b/hosts/server/configuration.nix @@ -37,7 +37,7 @@ supportedFeatures = config.my.nix.features; } ]; - sops.secrets."wireguard/server/private" = lib.mkIf config.my.secureHost { + sops.secrets."linode/server/private" = lib.mkIf config.my.secureHost { sopsFile = ../../secrets/wireguard.yaml; }; networking = { @@ -48,7 +48,7 @@ }; wireguard.interfaces.wg0 = lib.mkIf config.my.secureHost { ips = [ "${config.my.ips.wg-server}/32" ]; - privateKeyFile = config.sops.secrets."wireguard/server/private".path; + privateKeyFile = config.sops.secrets."linode/server/private".path; peers = [ { publicKey = "dFbiSekBwnZomarcS31o5+w6imHjMPNCipkfc2fZ3GY="; diff --git a/modules/services/wireguard.nix b/modules/services/wireguard.nix index d05254d..500218e 100644 --- a/modules/services/wireguard.nix +++ b/modules/services/wireguard.nix @@ -11,7 +11,7 @@ in { options.my.services.wireguard.enable = lib.mkEnableOption "WireGuard VPN configuration"; config = lib.mkIf (config.my.services.wireguard.enable && config.my.secureHost) { - sops.secrets."wireguard/server/private".sopsFile = ../../secrets/wireguard.yaml; + sops.secrets."server/private".sopsFile = ../../secrets/wireguard.yaml; networking = { firewall.allowedUDPPorts = [ port ]; nat = { @@ -24,7 +24,7 @@ in listenPort = port; postSetup = "${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ${interface} -j MASQUERADE"; postShutdown = "${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ${interface} -j MASQUERADE"; - privateKeyFile = config.sops.secrets."wireguard/server/private".path; + privateKeyFile = config.sops.secrets."server/private".path; peers = [ { publicKey = "ciupBjCcIpd3K5vlzNMJC8iiyNqB9xXwkSC6UXPKP3g=";