customize-storage.nix

{ ristrettoSigningKeyPath
, passValue
, publicStoragePort
, sshUsers
, publicIPv4
, monitoringvpnKeyDir
, monitoringvpnEndpoint
, monitoringvpnIPv4
, stateVersion
, ...
}: {
  deployment.secrets = {
    "ristretto-signing-key".source = ristrettoSigningKeyPath;
    "monitoringvpn-secret-key".source = "${monitoringvpnKeyDir}/${monitoringvpnIPv4}.key";
    "monitoringvpn-preshared-key".source = "${monitoringvpnKeyDir}/preshared.key";
  };

  services.private-storage = {
    inherit sshUsers publicIPv4 passValue publicStoragePort;
  };

  services.private-storage.monitoring.vpn.client = {
    enable = true;
    ip = monitoringvpnIPv4;
    endpoint = monitoringvpnEndpoint;
    endpointPublicKeyFile = "${monitoringvpnKeyDir}/server.pub";
  };

  system.stateVersion = stateVersion;
}