From bddc465bf484ddf78cf3576c77b10eff4e753ef8 Mon Sep 17 00:00:00 2001
From: Timo Wilken
Date: Mon, 20 Nov 2023 20:59:04 +0100
Subject: Make WireGuard service install its own secrets automatically

---
 tw/system/lap.scm | 20 ++------------------
 1 file changed, 2 insertions(+), 18 deletions(-)

(limited to 'tw/system/lap.scm')

diff --git a/tw/system/lap.scm b/tw/system/lap.scm
index b6049ad3..f6e56116 100644
--- a/tw/system/lap.scm
+++ b/tw/system/lap.scm
@@ -447,26 +447,10 @@ EndSection
                     (list vin)
                     (list lud))))))
 
+      ;; Set up a secrets config for WireGuard to extend.
       (service secrets-service-type
         (secrets-configuration
-         (host-key "/etc/secrets.key")  ; we have no SSH host keys, so use a custom key
-         (secrets
-          (list
-           (secret
-            (encrypted-file (local-file "files/wireguard/lap.key.enc"))
-            (destination "/etc/wireguard/private.key"))
-           (secret
-            (encrypted-file (local-file "files/wireguard/lap-fp4.psk.enc"))
-            (destination "/etc/wireguard/fp4.psk"))
-           (secret
-            (encrypted-file (local-file "files/wireguard/lap-lud.psk.enc"))
-            (destination "/etc/wireguard/lud.psk"))
-           (secret
-            (encrypted-file (local-file "files/wireguard/lap-pi3.psk.enc"))
-            (destination "/etc/wireguard/pi3.psk"))
-           (secret
-            (encrypted-file (local-file "files/wireguard/lap-vin.psk.enc"))
-            (destination "/etc/wireguard/vin.psk"))))))
+         (host-key "/etc/secrets.key")))  ; we have no SSH host keys, so use a custom key
 
       (modify-services (append %system-channel-services %desktop-services)
         ;; Let sane find the airscan backend. ipp-usb needs to be running separately.
-- 
cgit v1.2.3