...

1 files changed, 8 insertions, 5 deletions

diff --git a/hosts/surtr/vpn/default.nix b/hosts/surtr/vpn/default.nix
index 9d003f23..ba45e486 100644
--- a/hosts/surtr/vpn/default.nix
+++ b/hosts/surtr/vpn/default.nix
@@ -43,10 +43,13 @@ in {
           "2620:fe::fe:10#dns10.quad9.net"
         ];
 
-        systemd.tmpfiles.rules = [
-          "d /etc/wireguard 0755 root systemd-network - -"
-          "C /etc/wireguard/surtr.priv 0640 root systemd-network - /run/host/credentials/surtr.priv"
-        ];
+        systemd.services."systemd-networkd" = {
+          serviceConfig = {
+            LoadCredential = [
+              "surtr.priv"
+            ];
+          };
+        };
 
         systemd.network = {
           netdevs = {
@@ -56,7 +59,7 @@ in {
                 Kind = "wireguard";
               };
               wireguardConfig = {
-                PrivateKeyFile = "/etc/wireguard/surtr.priv";
+                PrivateKeyFile = "/run/credentials/systemd-networkd.service/surtr.priv";
                 ListenPort = 51820;
               };
               wireguardPeers = imap1 (i: { name, ip ? i }: {