Newer
Older
# Define a function which returns a value which fills in all the holes left by
# ``storage.nix``.
{
# See ``customize-issuer.nix``
privateKeyPath
, publicKeyPath
, monitoringvpnEndpoint
, monitoringvpnIPv4
Jean-Paul Calderone
committed
, domain
# An integer giving the value of a single pass in byte×months.
, passValue
# An integer giving the port number to include in Tahoe storage service
# advertisements and on which to listen for storage connections.
, publicStoragePort
# A string giving the NixOS state version for the system.
, stateVersion
, ...
}:
{ config, ... }: {
# See customize-issuer.nix for an explanatoin of targetHost value.
deployment.targetHost = "${config.networking.hostName}.${config.networking.domain}";
"ristretto-signing-key".source = "${privateKeyPath}/ristretto.signing-key";
"monitoringvpn-secret-key".source = "${privateKeyPath}/monitoringvpn/${monitoringvpnIPv4}.key";
"monitoringvpn-preshared-key".source = "${privateKeyPath}/monitoringvpn/preshared.key";
networking.domain = domain;
services.private-storage = {
inherit sshUsers passValue publicStoragePort;
};
services.private-storage.monitoring.vpn.client = {
enable = true;
ip = monitoringvpnIPv4;
endpoint = monitoringvpnEndpoint;
endpointPublicKeyFile = "${publicKeyPath}/monitoringvpn/server.pub";
};
system.stateVersion = stateVersion;
}