nixfiles/profiles/chaosInternalWireGuard/secrets.nix

{config, ...}: let
  #wireguardData = import "${self}/data/chaosInternalWireGuard.nix";
  #wireguardHosts = wireguardData.hosts;
  currentHostName = config.networking.hostName;
in {
  services.secrets = {
    enable = true;

    requiredVaultPaths = [
      "private-public-keys/data/wireguard/chaos-internal/${currentHostName}"
    ];

    secrets = {
      wg_priv = {
        fetchScript = ''
          simple_get "/private-public-keys/wireguard/chaos-internal/${currentHostName}" .private > "$secretFile"
        '';
      };
    };
  };
}