jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Refactor WireGuard secret paths for Linode configuration

Browse Source 
- Updated secret paths in wireguard-linode.nix and configuration.nix to use 'linode' instead of 'wireguard' for clarity and consistency.
- Adjusted private key file references in wireguard.nix to align with the new secret path structure.
This commit is contained in:
Danilo Reyes
2025-10-28 13:53:18 -06:00
parent 01284154f7
commit 667b4c7a46
3 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
hosts/linode/wireguard-linode.nix
View File

@@ -6,7 +6,7 @@
}:
{
config = lib.mkIf config.my.services.wireguard.enable {
sops.secrets."wireguard/linode/private" = lib.mkIf config.my.secureHost {
sops.secrets."linode/linode/private" = lib.mkIf config.my.secureHost {
sopsFile = ../../secrets/wireguard.yaml;
};
networking = {
@@ -46,7 +46,7 @@
listenPort = 51820;
privateKeyFile =
if config.my.secureHost then
config.sops.secrets."wireguard/linode/private".path
config.sops.secrets."linode/linode/private".path
else
"/var/lib/wireguard/private.key";
postSetup = "${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s ${config.my.ips.wg-friends}/24 -o ${

4
hosts/server/configuration.nix
View File

@@ -37,7 +37,7 @@
supportedFeatures = config.my.nix.features;
}
];
sops.secrets."wireguard/server/private" = lib.mkIf config.my.secureHost {
sops.secrets."linode/server/private" = lib.mkIf config.my.secureHost {
sopsFile = ../../secrets/wireguard.yaml;
};
networking = {
@@ -48,7 +48,7 @@
};
wireguard.interfaces.wg0 = lib.mkIf config.my.secureHost {
ips = [ "${config.my.ips.wg-server}/32" ];
privateKeyFile = config.sops.secrets."wireguard/server/private".path;
privateKeyFile = config.sops.secrets."linode/server/private".path;
peers = [
{
publicKey = "dFbiSekBwnZomarcS31o5+w6imHjMPNCipkfc2fZ3GY=";