diff options
Diffstat (limited to 'hosts/surtr/vpn/default.nix')
-rw-r--r-- | hosts/surtr/vpn/default.nix | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/hosts/surtr/vpn/default.nix b/hosts/surtr/vpn/default.nix index 9d003f23..ba45e486 100644 --- a/hosts/surtr/vpn/default.nix +++ b/hosts/surtr/vpn/default.nix | |||
@@ -43,10 +43,13 @@ in { | |||
43 | "2620:fe::fe:10#dns10.quad9.net" | 43 | "2620:fe::fe:10#dns10.quad9.net" |
44 | ]; | 44 | ]; |
45 | 45 | ||
46 | systemd.tmpfiles.rules = [ | 46 | systemd.services."systemd-networkd" = { |
47 | "d /etc/wireguard 0755 root systemd-network - -" | 47 | serviceConfig = { |
48 | "C /etc/wireguard/surtr.priv 0640 root systemd-network - /run/host/credentials/surtr.priv" | 48 | LoadCredential = [ |
49 | ]; | 49 | "surtr.priv" |
50 | ]; | ||
51 | }; | ||
52 | }; | ||
50 | 53 | ||
51 | systemd.network = { | 54 | systemd.network = { |
52 | netdevs = { | 55 | netdevs = { |
@@ -56,7 +59,7 @@ in { | |||
56 | Kind = "wireguard"; | 59 | Kind = "wireguard"; |
57 | }; | 60 | }; |
58 | wireguardConfig = { | 61 | wireguardConfig = { |
59 | PrivateKeyFile = "/etc/wireguard/surtr.priv"; | 62 | PrivateKeyFile = "/run/credentials/systemd-networkd.service/surtr.priv"; |
60 | ListenPort = 51820; | 63 | ListenPort = 51820; |
61 | }; | 64 | }; |
62 | wireguardPeers = imap1 (i: { name, ip ? i }: { | 65 | wireguardPeers = imap1 (i: { name, ip ? i }: { |