diff options
Diffstat (limited to 'hosts/vidhar/network/bifrost')
| -rw-r--r-- | hosts/vidhar/network/bifrost/default.nix | 8 | 
1 files changed, 4 insertions, 4 deletions
| diff --git a/hosts/vidhar/network/bifrost/default.nix b/hosts/vidhar/network/bifrost/default.nix index 752e3e3c..8c2cc1de 100644 --- a/hosts/vidhar/network/bifrost/default.nix +++ b/hosts/vidhar/network/bifrost/default.nix | |||
| @@ -14,7 +14,7 @@ in { | |||
| 14 | Kind = "wireguard"; | 14 | Kind = "wireguard"; | 
| 15 | }; | 15 | }; | 
| 16 | wireguardConfig = { | 16 | wireguardConfig = { | 
| 17 | PrivateKeyFile = config.sops.secrets.bifrost.path; | 17 | PrivateKeyFile = "/run/credentials/systemd-networkd.service/bifrost.priv"; | 
| 18 | ListenPort = 51822; | 18 | ListenPort = 51822; | 
| 19 | }; | 19 | }; | 
| 20 | wireguardPeers = [ | 20 | wireguardPeers = [ | 
| @@ -65,12 +65,12 @@ in { | |||
| 65 | }; | 65 | }; | 
| 66 | }; | 66 | }; | 
| 67 | }; | 67 | }; | 
| 68 | systemd.services."systemd-networkd".serviceConfig.LoadCredential = [ | ||
| 69 | "bifrost.priv:${config.sops.secrets.bifrost.path}" | ||
| 70 | ]; | ||
| 68 | sops.secrets.bifrost = { | 71 | sops.secrets.bifrost = { | 
| 69 | format = "binary"; | 72 | format = "binary"; | 
| 70 | sopsFile = ./vidhar.priv; | 73 | sopsFile = ./vidhar.priv; | 
| 71 | mode = "0640"; | ||
| 72 | owner = "root"; | ||
| 73 | group = "systemd-network"; | ||
| 74 | }; | 74 | }; | 
| 75 | }; | 75 | }; | 
| 76 | } | 76 | } | 
