Skip to content
Snippets Groups Projects
Normal view Permalink
monitored-node.nix 1.14 KiB
Newer Older
  • Learn to ignore specific revisions
    • Tom Prince's avatar
    Rebase: Factor out the configuration necessary for a monitored node into its own module.
    Tom Prince committed
    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 
    { lib, config, ...}:
let
  inherit (config.grid) publicKeyPath privateKeyPath monitoringvpnEndpoint monitoringvpnIPv4;
in {
  config = {
    deployment = {
      secrets = {
        "monitoringvpn-secret-key" = {
          destination = "/run/keys/monitoringvpn/client.key";
          source = "${privateKeyPath}/monitoringvpn/${monitoringvpnIPv4}.key";
          owner.user = "root";
          owner.group = "root";
          permissions = "0400";
          action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
        };
        "monitoringvpn-preshared-key" = {
          destination = "/run/keys/monitoringvpn/preshared.key";
          source = "${privateKeyPath}/monitoringvpn/preshared.key";
          owner.user = "root";
          owner.group = "root";
          permissions = "0400";
          action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
        };
      };
    };

    services.private-storage.monitoring.vpn.client = {
      enable = true;
      ip = monitoringvpnIPv4;
      endpoint = monitoringvpnEndpoint;
      endpointPublicKeyFile = "${publicKeyPath}/monitoringvpn/server.pub";
    };
  };
}