diff options
| author | Timo Wilken | 2023-11-20 20:59:04 +0100 |
|---|---|---|
| committer | Timo Wilken | 2023-11-20 21:01:15 +0100 |
| commit | bddc465bf484ddf78cf3576c77b10eff4e753ef8 (patch) | |
| tree | dd7f287ebc9c0e1c5e4ac5bd877b8b68e86d1946 /tw/system/lap.scm | |
| parent | 23675c58437ebf337fd0bdddfd32910cb5c60f89 (diff) | |
Make WireGuard service install its own secrets automatically
Diffstat (limited to 'tw/system/lap.scm')
| -rw-r--r-- | tw/system/lap.scm | 20 |
1 files changed, 2 insertions, 18 deletions
diff --git a/tw/system/lap.scm b/tw/system/lap.scm index b6049ad3..f6e56116 100644 --- a/tw/system/lap.scm +++ b/tw/system/lap.scm @@ -447,26 +447,10 @@ EndSection (list vin) (list lud)))))) + ;; Set up a secrets config for WireGuard to extend. (service secrets-service-type (secrets-configuration - (host-key "/etc/secrets.key") ; we have no SSH host keys, so use a custom key - (secrets - (list - (secret - (encrypted-file (local-file "files/wireguard/lap.key.enc")) - (destination "/etc/wireguard/private.key")) - (secret - (encrypted-file (local-file "files/wireguard/lap-fp4.psk.enc")) - (destination "/etc/wireguard/fp4.psk")) - (secret - (encrypted-file (local-file "files/wireguard/lap-lud.psk.enc")) - (destination "/etc/wireguard/lud.psk")) - (secret - (encrypted-file (local-file "files/wireguard/lap-pi3.psk.enc")) - (destination "/etc/wireguard/pi3.psk")) - (secret - (encrypted-file (local-file "files/wireguard/lap-vin.psk.enc")) - (destination "/etc/wireguard/vin.psk")))))) + (host-key "/etc/secrets.key"))) ; we have no SSH host keys, so use a custom key (modify-services (append %system-channel-services %desktop-services) ;; Let sane find the airscan backend. ipp-usb needs to be running separately. |