From 86d41701789b89d9038f71288d423c56c954ef24 Mon Sep 17 00:00:00 2001
From: Tyler Starr <starrtyler88@gmail.com>
Date: Mon, 21 Oct 2024 10:51:21 -0700
Subject: [PATCH] fix wireguard setup

---
 provision/hosts/kestrel/configuration.nix     | 2 +-
 provision/hosts/osprey/configuration.nix      | 4 ++--
 provision/modules/system/wireguard-client.nix | 6 ++++--
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/provision/hosts/kestrel/configuration.nix b/provision/hosts/kestrel/configuration.nix
index fbe11f64..a8fbf237 100644
--- a/provision/hosts/kestrel/configuration.nix
+++ b/provision/hosts/kestrel/configuration.nix
@@ -64,7 +64,7 @@
       terminal.enable = true;
       wireguard-client = {
         enable = true;
-        privateKeyFile = "/run/agenix/wireguard/kestrel";
+        host = "kestrel";
         address = [ "192.168.3.3/24" ];
         publicKey = "bd7bbZOngl/FTdBlnbIhgCLNf6yx5X8WjiRB7E1NEQQ=";
         endpoint = "66.218.43.87";
diff --git a/provision/hosts/osprey/configuration.nix b/provision/hosts/osprey/configuration.nix
index afcce5b1..dbdf9f5a 100644
--- a/provision/hosts/osprey/configuration.nix
+++ b/provision/hosts/osprey/configuration.nix
@@ -51,8 +51,8 @@
       terminal.enable = true;
       wireguard-client = {
         enable = true;
-        privateKeyFile = "/run/agenix/wireguard/osprey";
-        address = [ "192.168.3.3/24" ];
+        host = "osprey";
+        address = [ "192.168.3.5/24" ];
         publicKey = "bd7bbZOngl/FTdBlnbIhgCLNf6yx5X8WjiRB7E1NEQQ=";
         endpoint = "66.218.43.87";
       };
diff --git a/provision/modules/system/wireguard-client.nix b/provision/modules/system/wireguard-client.nix
index 16e4042b..f6b0f28e 100644
--- a/provision/modules/system/wireguard-client.nix
+++ b/provision/modules/system/wireguard-client.nix
@@ -5,7 +5,7 @@ let cfg = config.modules.system.wireguard-client;
 in {
   options.modules.system.wireguard-client = with lib; {
     enable = lib.mkEnableOption "wireguard-client";
-    privateKeyFile = lib.mkOption { type = with types; str; };
+    host = lib.mkOption { type = with types; str; };
     address = lib.mkOption { type = with types; listOf str; };
     publicKey = lib.mkOption { type = with types; str; };
     endpoint = lib.mkOption { type = with types; str; };
@@ -24,11 +24,13 @@ in {
     networking.firewall = {
       allowedUDPPorts = [ 51820 ];
     };
+    # deploy needed secrets
+    age.secrets."wireguard/${cfg.host}".file = ../../secrets/wireguard/${cfg.host}.age;
     networking.wg-quick.interfaces = {
       wg0 = {
         address = cfg.address;
         listenPort = 51820; 
-        privateKeyFile = cfg.privateKeyFile;
+        privateKeyFile = "/run/agenix/wireguard/${cfg.host}";
         autostart = cfg.autostart;
         peers = [{
             publicKey = cfg.publicKey;