summaryrefslogtreecommitdiffstats
path: root/2configs/wireguard/wiregrill.nix
diff options
context:
space:
mode:
Diffstat (limited to '2configs/wireguard/wiregrill.nix')
-rw-r--r--2configs/wireguard/wiregrill.nix5
1 files changed, 4 insertions, 1 deletions
diff --git a/2configs/wireguard/wiregrill.nix b/2configs/wireguard/wiregrill.nix
index 27984d41b..ec7c6f9c5 100644
--- a/2configs/wireguard/wiregrill.nix
+++ b/2configs/wireguard/wiregrill.nix
@@ -31,6 +31,9 @@ in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) {
};
};
+ # host secret
+ sops.secrets."wiregrill.key" = {};
+
services.dnsmasq = mkIf isRouter {
enable = true;
resolveLocalQueries = false;
@@ -87,7 +90,7 @@ in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) {
(optional (!isNull self.ip4) self.ip4.addr) ++
(optional (!isNull self.ip6) self.ip6.addr);
listenPort = self.wireguard.port;
- privateKeyFile = (toString <secrets>) + "/wiregrill.key";
+ privateKeyFile = config.sops.secrets."wiregrill.key".path;
allowedIPsAsRoutes = true;
peers = mapAttrsToList
(_: host: {
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-30 05:39:31 +0000
[cgit] Unable to lock slot /tmp/cgit/c4000000.lock: No such file or directory (2)