From 2ebdcc094a6543e36dc51598780e4dbafa2a98e2 Mon Sep 17 00:00:00 2001
From: spl3g <spleefer6@yandex.ru>
Date: Sun, 24 Aug 2025 00:33:34 +0500
Subject: feat: add secrets via sops-nix

---
 nixos/server/configuration.nix | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'nixos/server/configuration.nix')

diff --git a/nixos/server/configuration.nix b/nixos/server/configuration.nix
index 97b06c2..75dcec7 100644
--- a/nixos/server/configuration.nix
+++ b/nixos/server/configuration.nix
@@ -16,6 +16,12 @@
   ];
 
   nixpkgs.config.allowUnfree = true;
+  
+  sops = {
+    defaultSopsFile = ../../secrets/ltrr-server/secrets.yaml;
+    defaultSopsFormat = "yaml";
+    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+  };
 
   boot.loader.grub = {
     efiSupport = true;
@@ -87,17 +93,19 @@
     };
   };
 
+  
+  sops.secrets.wg_private_key = {};
   networking.wg-quick = {
     interfaces.wg0 = {
       address = [ "10.1.1.2/32" ];
       listenPort = 51820;
 
-      privateKeyFile = "/root/wireguard-keys/private";
+      privateKeyFile = config.sops.secrets.wg_private_key.path;
 
       peers = [
         {
           endpoint = "147.45.40.6:51820";
-          publicKey = "12UX8icwCjIfADoX1zhv6QvKrSjMcuoSsKbn51Mr/D8=";
+          publicKey = "1RwEOL8br97Mujhz3fkfYKcxUFNHYAmt5JbWTbR3ihE=";
           allowedIPs = ["10.1.1.1/32"];
           persistentKeepalive = 25;
         }
-- 
cgit v1.2.3