From c1f62e9827efe7c8e303e3cfa70dac8f544312b1 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Tue, 9 Aug 2022 11:23:00 +0300
Subject: ...

---
 hosts/surtr/vpn/default.nix | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

(limited to 'hosts/surtr/vpn')

diff --git a/hosts/surtr/vpn/default.nix b/hosts/surtr/vpn/default.nix
index 9d003f23..ba45e486 100644
--- a/hosts/surtr/vpn/default.nix
+++ b/hosts/surtr/vpn/default.nix
@@ -43,10 +43,13 @@ in {
           "2620:fe::fe:10#dns10.quad9.net"
         ];
 
-        systemd.tmpfiles.rules = [
-          "d /etc/wireguard 0755 root systemd-network - -"
-          "C /etc/wireguard/surtr.priv 0640 root systemd-network - /run/host/credentials/surtr.priv"
-        ];
+        systemd.services."systemd-networkd" = {
+          serviceConfig = {
+            LoadCredential = [
+              "surtr.priv"
+            ];
+          };
+        };
 
         systemd.network = {
           netdevs = {
@@ -56,7 +59,7 @@ in {
                 Kind = "wireguard";
               };
               wireguardConfig = {
-                PrivateKeyFile = "/etc/wireguard/surtr.priv";
+                PrivateKeyFile = "/run/credentials/systemd-networkd.service/surtr.priv";
                 ListenPort = 51820;
               };
               wireguardPeers = imap1 (i: { name, ip ? i }: {
-- 
cgit v1.2.3