From 67068ec9d4bc6e16688d861d31ff7ff9185d4cf9 Mon Sep 17 00:00:00 2001
From: TheWanderingCrow <contact@wanderingcrow.net>
Date: Thu, 7 Aug 2025 11:32:24 -0400
Subject: [PATCH] nebula

---
 hosts/common/core/nebula.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/hosts/common/core/nebula.nix b/hosts/common/core/nebula.nix
index a82fa64..3ba47b8 100644
--- a/hosts/common/core/nebula.nix
+++ b/hosts/common/core/nebula.nix
@@ -11,9 +11,11 @@ in {
     then [''Hey you don't have a nebula config for this host, you should fix this ASAP so you can be connected to the mesh. If you don't know how to do this then contact your admin'']
     else [];
 
+  sops.secrets."keys/nebula" = lib.mkIf (builtins.hasAttr "${config.hostSpec.hostName}" s.hosts) {};
   services.nebula.networks.wce = lib.mkIf (builtins.hasAttr "${config.hostSpec.hostName}" s.hosts) {
     inherit (s) ca lighthouses staticHostMap;
-    inherit (s.hosts.${config.hostSpec.hostName}) key cert isLighthouse firewall;
+    inherit (s.hosts.${config.hostSpec.hostName}) cert isLighthouse firewall;
+    key = config.sops.secrets."keys/nebula".path;
     enable = true;
   };
 }