diff options
| author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-08-09 11:23:00 +0300 |
|---|---|---|
| committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-08-09 11:23:00 +0300 |
| commit | c1f62e9827efe7c8e303e3cfa70dac8f544312b1 (patch) | |
| tree | d20ff0f367804bc87996c6312cebe2fa57b5bd4c /hosts/sif | |
| parent | de66ba821b2851cb23bcc7b064e84de3dd848e26 (diff) | |
| download | nixos-c1f62e9827efe7c8e303e3cfa70dac8f544312b1.tar nixos-c1f62e9827efe7c8e303e3cfa70dac8f544312b1.tar.gz nixos-c1f62e9827efe7c8e303e3cfa70dac8f544312b1.tar.bz2 nixos-c1f62e9827efe7c8e303e3cfa70dac8f544312b1.tar.xz nixos-c1f62e9827efe7c8e303e3cfa70dac8f544312b1.zip | |
...
Diffstat (limited to 'hosts/sif')
| -rw-r--r-- | hosts/sif/default.nix | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix index f51535ea..8c64551a 100644 --- a/hosts/sif/default.nix +++ b/hosts/sif/default.nix | |||
| @@ -26,6 +26,8 @@ in { | |||
| 26 | }; | 26 | }; |
| 27 | }; | 27 | }; |
| 28 | 28 | ||
| 29 | time.timeZone = null; | ||
| 30 | |||
| 29 | boot = { | 31 | boot = { |
| 30 | initrd = { | 32 | initrd = { |
| 31 | luks.devices = { | 33 | luks.devices = { |
| @@ -148,7 +150,7 @@ in { | |||
| 148 | Kind = "wireguard"; | 150 | Kind = "wireguard"; |
| 149 | }; | 151 | }; |
| 150 | wireguardConfig = { | 152 | wireguardConfig = { |
| 151 | PrivateKeyFile = config.sops.secrets.wgrz.path; | 153 | PrivateKeyFile = "/run/credentials/systemd-networkd.service/wgrz.priv"; |
| 152 | ListenPort = 51822; | 154 | ListenPort = 51822; |
| 153 | # FirewallMark = 1; | 155 | # FirewallMark = 1; |
| 154 | }; | 156 | }; |
| @@ -233,11 +235,11 @@ in { | |||
| 233 | sops.secrets.wgrz = { | 235 | sops.secrets.wgrz = { |
| 234 | format = "binary"; | 236 | format = "binary"; |
| 235 | sopsFile = ./wgrz/privkey; | 237 | sopsFile = ./wgrz/privkey; |
| 236 | mode = "0640"; | ||
| 237 | owner = "root"; | ||
| 238 | group = "systemd-network"; | ||
| 239 | }; | 238 | }; |
| 240 | networking.networkmanager.unmanaged = ["wgrz" "virbr0"]; | 239 | networking.networkmanager.unmanaged = ["wgrz" "virbr0"]; |
| 240 | systemd.services."systemd-networkd".serviceConfig.LoadCredential = [ | ||
| 241 | "wgrz.priv:${config.sops.secrets.wgrz.path}" | ||
| 242 | ]; | ||
| 241 | 243 | ||
| 242 | services.dnsmasq = { | 244 | services.dnsmasq = { |
| 243 | enable = true; | 245 | enable = true; |