diff --git a/nixos/hosts/nixos-rpi4-01/default.nix b/nixos/hosts/nixos-rpi4-01/default.nix index 408ced23..1b99de5f 100644 --- a/nixos/hosts/nixos-rpi4-01/default.nix +++ b/nixos/hosts/nixos-rpi4-01/default.nix @@ -56,6 +56,10 @@ owner = "root"; sopsFile = ../../../secrets/wireguard.yaml; }; + sops.secrets."wireguard_keys/preshared_key" = { + owner = "root"; + sopsFile = ../../../secrets/wireguard.yaml; + }; # Wireguard Forwarder networking.wireguard = { @@ -70,6 +74,7 @@ persistentKeepalive = 5; allowedIPs = [ "0.0.0.0/0" ]; endpoint = "64.176.54.57:51820"; + presharedKeyFile = "/run/secrets/wireguard_keys/preshared_key"; } ] }; diff --git a/nixos/hosts/osaka-vultr-01/default.nix b/nixos/hosts/osaka-vultr-01/default.nix index 515947ee..4c277ab7 100644 --- a/nixos/hosts/osaka-vultr-01/default.nix +++ b/nixos/hosts/osaka-vultr-01/default.nix @@ -23,6 +23,10 @@ owner = "root"; sopsFile = ../../../secrets/wireguard.yaml; }; + sops.secrets."wireguard_keys/preshared_key" = { + owner = "root"; + sopsFile = ../../../secrets/wireguard.yaml; + }; # Wireguard Forwarder boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; }; @@ -41,6 +45,7 @@ publicKey = ""; allowedIPs = [ "10.100.0.2/32" ]; persistentKeepalive = 5; + presharedKeyFile = "/run/secrets/wireguard_keys/preshared_key"; } ]; };