konarak/sixnix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

specify systemd-network as owner+group for wg secrets

Browse Source
This commit is contained in:
Konarak 2025-08-18 00:09:08 +05:30
parent f0f0229345
commit 61dbfd2da6
Signed by: konarak
GPG Key ID: DE5E99432B548849
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
modules/wireguard.nix
View File

@ -73,9 +73,14 @@ in {
}; };
config = { config = {
sops.secrets = lib.mkMerge (map (cfg: { sops.secrets = let
"${cfg.serverPrivateKeyFile}" = { }; def = {
"${cfg.clientPublicKeyFile}" = { }; owner = "systemd-network";
group = "systemd-network";
};
in lib.mkMerge (map (cfg: {
"${cfg.serverPrivateKeyFile}" = def;
"${cfg.clientPublicKeyFile}" = def;
}) interfaces); }) interfaces);
assertions = lib.mkAfter (secretAssertions ++ uniquenessAssertions); assertions = lib.mkAfter (secretAssertions ++ uniquenessAssertions);