From 530a9907ae425a95b59df83f2f85b0591c62999d Mon Sep 17 00:00:00 2001
From: Frantisek Bohacek <rutherther@proton.me>
Date: Sat, 23 Sep 2023 21:49:18 +0200
Subject: [PATCH] fix: move wireguard private key somewhere out of user config,
 to make sure config won't be created by root

---
 modules/services/wireguard.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/services/wireguard.nix b/modules/services/wireguard.nix
index 14937b7..8d0d911 100644
--- a/modules/services/wireguard.nix
+++ b/modules/services/wireguard.nix
@@ -20,7 +20,7 @@
       listenPort = 51820;
 
       generatePrivateKeyFile = true;
-      privateKeyFile = "/home/${user}/.config/wireguard/pk.pem";
+      privateKeyFile = "/etc/wireguard/pk.pem";
 
       peers = [
         {
-- 
2.48.1