specify systemd-network as owner+group for wg secrets

2025-08-18 00:09:08 +05:30 · 2025-08-18 00:09:08 +05:30 · 61dbfd2da6
commit 61dbfd2da6
parent f0f0229345
1 changed files with 8 additions and 3 deletions
--- a/modules/wireguard.nix
+++ b/modules/wireguard.nix
@ -73,9 +73,14 @@ in {
  };

  config = {
-    sops.secrets = lib.mkMerge (map (cfg: {
-      "${cfg.serverPrivateKeyFile}" = { };
-      "${cfg.clientPublicKeyFile}" = { };
+    sops.secrets = let
+      def = {
+        owner = "systemd-network";
+        group = "systemd-network";
+      };
+    in lib.mkMerge (map (cfg: {
+      "${cfg.serverPrivateKeyFile}" = def;
+      "${cfg.clientPublicKeyFile}" = def;
    }) interfaces);

    assertions = lib.mkAfter (secretAssertions ++ uniquenessAssertions);