From c1f62e9827efe7c8e303e3cfa70dac8f544312b1 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Tue, 9 Aug 2022 11:23:00 +0300
Subject: ...

---
 hosts/sif/default.nix | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'hosts/sif')

diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix
index f51535ea..8c64551a 100644
--- a/hosts/sif/default.nix
+++ b/hosts/sif/default.nix
@@ -26,6 +26,8 @@ in {
       };
     };
 
+    time.timeZone = null;
+
     boot = {
       initrd = {
         luks.devices = {
@@ -148,7 +150,7 @@ in {
             Kind = "wireguard";
           };
           wireguardConfig = {
-            PrivateKeyFile = config.sops.secrets.wgrz.path;
+            PrivateKeyFile = "/run/credentials/systemd-networkd.service/wgrz.priv";
             ListenPort = 51822;
             # FirewallMark = 1;
           };
@@ -233,11 +235,11 @@ in {
     sops.secrets.wgrz = {
       format = "binary";
       sopsFile = ./wgrz/privkey;
-      mode = "0640";
-      owner = "root";
-      group = "systemd-network";
     };
     networking.networkmanager.unmanaged = ["wgrz" "virbr0"];
+    systemd.services."systemd-networkd".serviceConfig.LoadCredential = [
+      "wgrz.priv:${config.sops.secrets.wgrz.path}"
+    ];
 
     services.dnsmasq = {
       enable = true;
-- 
cgit v1.2.3