move wg keys in /srv dir

2023-06-27 04:06:05 +03:00 · 2023-06-27 04:06:05 +03:00 · 1a8bc0a566
commit 1a8bc0a566
parent 6164b0d879
2 changed files with 18 additions and 13 deletions
--- a/machines/NixOS-VPS/default.nix
+++ b/machines/NixOS-VPS/default.nix
@ -141,5 +141,10 @@
    }];
  }];

+  # Directory for some state files (like wireguard keys)
+  systemd.tmpfiles.rules = [
+    "d /srv 0755 root root -"
+  ];
+
  system.stateVersion = "23.05";
 }
--- a/machines/NixOS-VPS/services/wireguard.nix
+++ b/machines/NixOS-VPS/services/wireguard.nix
@ -34,91 +34,91 @@ in {
        Kind = "wireguard";
      };
      wireguardConfig = {
-        PrivateKeyFile = "/var/lib/wireguard/private";
+        PrivateKeyFile = "/srv/wireguard/private";
        ListenPort = wireguardPort;
      };
      wireguardPeers = [
        {
          wireguardPeerConfig = with wireguardPeers.ataraxia; {
            PublicKey = "qjkV4V0on7H3hXG7udKOv4Qu/IUBrsDcXNZt3MupP3o=";
-            PresharedKeyFile = "/var/lib/wireguard/ataraxia/preshared";
+            PresharedKeyFile = "/srv/wireguard/ataraxia/preshared";
            AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
          };
        }
        {
          wireguardPeerConfig = with wireguardPeers.hypervisor; {
            PublicKey = "oKQ3HXZ1wwWyVgmA4RoCXscImohqB8hdMzP1FRArw0o=";
-            PresharedKeyFile = "/var/lib/wireguard/hypervisor/preshared";
+            PresharedKeyFile = "/srv/wireguard/hypervisor/preshared";
            AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
          };
        }
        {
          wireguardPeerConfig = with wireguardPeers.mikrotik; {
            PublicKey = "amReLTZgu6pwtKCnk1q8EG5uZSgUNxRoh5m3w1D3rQo=";
-            PresharedKeyFile = "/var/lib/wireguard/mikrotik/preshared";
+            PresharedKeyFile = "/srv/wireguard/mikrotik/preshared";
            AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
          };
        }
        {
          wireguardPeerConfig = with wireguardPeers.poco; {
            PublicKey = "ZbBJziuMjyHJNcgrLYIQtio7l3fEOJ4GXW4ST+N9V34=";
-            PresharedKeyFile = "/var/lib/wireguard/poco/preshared";
+            PresharedKeyFile = "/srv/wireguard/poco/preshared";
            AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
          };
        }
        {
          wireguardPeerConfig = with wireguardPeers.kpoxa; {
            PublicKey = "U1wtbS8/yQGkBnBQUZs7KxxmvAajKb9jh83dDd2LdgE=";
-            PresharedKeyFile = "/var/lib/wireguard/kpoxa/preshared";
+            PresharedKeyFile = "/srv/wireguard/kpoxa/preshared";
            AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
          };
        }
        {
          wireguardPeerConfig = with wireguardPeers.kpoxa2; {
            PublicKey = "ghU3Puwz5PeXmnDlxyh+IeuwFK44V3rXlMiFGs5YnwI=";
-            PresharedKeyFile = "/var/lib/wireguard/kpoxa2/preshared";
+            PresharedKeyFile = "/srv/wireguard/kpoxa2/preshared";
            AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
          };
        }
        {
          wireguardPeerConfig = with wireguardPeers.faysss; {
            PublicKey = "JLvKyFwI7b9MsiZsnNAt3qs5ob18b3mrOZKR5HZCORY=";
-            PresharedKeyFile = "/var/lib/wireguard/faysss/preshared";
+            PresharedKeyFile = "/srv/wireguard/faysss/preshared";
            AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
          };
        }
        {
          wireguardPeerConfig = with wireguardPeers.faysss2; {
            PublicKey = "S6k9l0K5/YmO5BPETQludC1CBHsKLsk9+n6kwSjx4n8=";
-            PresharedKeyFile = "/var/lib/wireguard/faysss2/preshared";
+            PresharedKeyFile = "/srv/wireguard/faysss2/preshared";
            AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
          };
        }
        {
          wireguardPeerConfig = with wireguardPeers.faysss3; {
            PublicKey = "ka42gE67gShu88Ko7iQ/pK8zusod6bNIrIN8fkxVkC4=";
-            PresharedKeyFile = "/var/lib/wireguard/faysss3/preshared";
+            PresharedKeyFile = "/srv/wireguard/faysss3/preshared";
            AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
          };
        }
        {
          wireguardPeerConfig = with wireguardPeers.doste; {
            PublicKey = "KVbEaO4DSpTb941zxOPQLWq2Glm9CDgK/9MwW95WuC0=";
-            PresharedKeyFile = "/var/lib/wireguard/doste/preshared";
+            PresharedKeyFile = "/srv/wireguard/doste/preshared";
            AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
          };
        }
        {
          wireguardPeerConfig = with wireguardPeers.dell; {
            PublicKey = "//ss9UEHRFEZL4LbZaA1HiRUrMrn97kc7CmblUORXTc=";
-            PresharedKeyFile = "/var/lib/wireguard/dell/preshared";
+            PresharedKeyFile = "/srv/wireguard/dell/preshared";
            AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
          };
        }
        {
          wireguardPeerConfig = with wireguardPeers.hypervisor-dns; {
            PublicKey = "x4uavQEEfhdqNC4FCOPfKlEDRJiwOz4dy2W1KhJtnwc=";
-            PresharedKeyFile = "/var/lib/wireguard/hypervisor-dns/preshared";
+            PresharedKeyFile = "/srv/wireguard/hypervisor-dns/preshared";
            AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
          };
        }