From c1f62e9827efe7c8e303e3cfa70dac8f544312b1 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Tue, 9 Aug 2022 11:23:00 +0300
Subject: ...

---
 hosts/surtr/bifrost/default.nix | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'hosts/surtr/bifrost')

diff --git a/hosts/surtr/bifrost/default.nix b/hosts/surtr/bifrost/default.nix
index 790af94a..bdedf5b6 100644
--- a/hosts/surtr/bifrost/default.nix
+++ b/hosts/surtr/bifrost/default.nix
@@ -14,7 +14,7 @@ in {
             Kind = "wireguard";
           };
           wireguardConfig = {
-            PrivateKeyFile = config.sops.secrets.bifrost.path;
+            PrivateKeyFile = "/run/credentials/systemd-networkd.service/bifrost.priv";
             ListenPort = 51822;
           };
           wireguardPeers = [
@@ -49,12 +49,12 @@ in {
         };
       };
     };
+    systemd.services."systemd-networkd".serviceConfig.LoadCredential = [
+      "bifrost.priv:${config.sops.secrets.bifrost.path}"
+    ];
     sops.secrets.bifrost = {
       format = "binary";
       sopsFile = ./surtr.priv;
-      mode = "0640";
-      owner = "root";
-      group = "systemd-network";
     };
   };
 }
-- 
cgit v1.2.3