Using sops-nix in virtualisation.oci-containers

ilovethensa · May 17, 2024, 11:10am

Ive been trying to setup wg-easy

{config, ...}: {
  sops.secrets.vpn_pass = {};
  virtualisation.oci-containers.containers."wireguard" = {
    image = "ghcr.io/wg-easy/wg-easy";
    autoStart = true;
    ports = [
      "51820:51820/udp"
      "51821:51821/tcp"
    ];
    volumes = [
      "/srv/data/wireguard:/etc/wireguard"
    ];
    environment = {
      LANG = "en";
      WG_HOST = "1.1.1.1";
      PASSWORD = config.sops.secrets.vpn_pass;
      PORT = "51821";
      WG_PORT = "51820";
    };
    extraOptions = [
      "--cap-add=NET_ADMIN"
      "--cap-add=SYS_MODULE"
      "--cap-add=NET_RAW"
      "--sysctl=\"net.ipv4.conf.all.src_valid_mark=1\""
      "--sysctl=\"net.ipv4.ip_forward=1\""
    ];
  };
}

but i get
definition for option virtualisation.oci-containers.containers.wireguard.environment.PASSWORD' is not of type string’

Mic92 · May 17, 2024, 11:17am

You can only use options that read from files. The environment option seems to require a string, which means that it wouldn’t work with encrypted files.
However from a quick look in the documentation it seems that you can use the environmentFiles option:
virtualisation.oci-containers.containers..environmentFiles

ilovethensa · May 17, 2024, 1:02pm

Ty i was trying for a few hours now