added secureHost flag

2025-09-28 10:52:27 -06:00
parent d704e0ee13
commit a376428118
24 changed files with 100 additions and 87 deletions
--- a/modules/services/wireguard.nix
+++ b/modules/services/wireguard.nix
@@ -10,7 +10,7 @@ let
 in
 {
  options.my.services.wireguard.enable = lib.mkEnableOption "enable";
-  config = lib.mkIf config.my.services.wireguard.enable {
+  config = lib.mkIf (config.my.services.wireguard.enable && config.my.secureHost) {
    sops.secrets."wireguard/private".sopsFile = ../../secrets/wireguard.yaml;
    networking = {
      firewall.allowedUDPPorts = [ port ];