From f27ce9f69ed625674e3798b2ebbaa434c952cd40 Mon Sep 17 00:00:00 2001
From: blake <me@blakedheld.xyz>
Date: Wed, 8 Oct 2025 12:51:40 -0500
Subject: [PATCH] 85 current  2025-10-08 12:05:30  25.05.20251001.5b5be50 
 6.12.49                          *

---
 modules/system/vpns.nix | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/modules/system/vpns.nix b/modules/system/vpns.nix
index ce49bc5..3b11dff 100644
--- a/modules/system/vpns.nix
+++ b/modules/system/vpns.nix
@@ -32,10 +32,6 @@ in
         '';
       };
     };
-    sops.secrets = lib.optionalAttrs cfg.openvpn_pia_mexico {
-      "pia_auth" = { owner = "root"; group = "root"; };
-      "openvpn_pia_mexico_config" = {owner = "root"; group = "root"; };
-    };
 
     # enable pia mexico w/ wireguard
     networking.wireguard.interfaces = lib.mkIf cfg.wg_pia_mexico {
@@ -56,8 +52,11 @@ in
     };
 
     # secrets only if VPN is enabled
-    sops.secrets = lib.optionalAttrs cfg.wireguard_pia_mexico {
+    sops.secrets = lib.mkIf cfg.vpns.enabled {
       "wg_pia_mexico_key" = { owner = "root"; group = "root"; };
+      "pia_auth" = { owner = "root"; group = "root"; };
+      "openvpn_pia_mexico_config" = {owner = "root"; group = "root"; };
+ 
     };
   };
 }