Newer
Older
cfg: sshUsers: monitoringvpnKeyDir: monitoringvpnIPv4: stateVersion: {
deployment.secrets = {
"ristretto-signing-key".source = cfg.ristrettoSigningKeyPath;
"stripe-secret-key".source = cfg.stripeSecretKeyPath;
"monitoringvpn-secret-key".source = "${monitoringvpnKeyDir}/${monitoringvpnIPv4}.key";
"monitoringvpn-preshared-key".source = "${monitoringvpnKeyDir}/preshared.key";
};
services.private-storage.sshUsers = sshUsers;
services.private-storage.monitoring.vpn.client = {
enable = true;
ip = monitoringvpnIPv4;
endpoint = cfg.monitoringvpnEndpoint;
endpointPublicKeyFile = "${monitoringvpnKeyDir}/server.pub";
};
services.private-storage-issuer = {
letsEncryptAdminEmail = cfg.letsEncryptAdminEmail;
domains = cfg.issuerDomains;
allowedChargeOrigins = cfg.allowedChargeOrigins;
};
system.stateVersion = "19.03";
}