Skip to content
Snippets Groups Projects
Normal view Permalink
make-monitoring.nix 1.11 KiB
Newer Older
  • Learn to ignore specific revisions
    • Florian Sesser's avatar
    monitoring vpn wip
    Florian Sesser committed
    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 
    { publicIPv4, hardware, publicStoragePort, ristrettoSigningKeyPath, passValue, sshUsers, stateVersion, ... }: rec {

  deployment = {
    targetHost = publicIPv4;

    secrets = {
      "monitoringvpn-private-key" = {
        source = "../../PrivateStorageSecrets/monitoringvpn/server.key";
        destination = "/var/secrets/monitoringvpn/server.key";
        owner.user = "root";
        owner.group = "root";
        permissions = "0400";
        action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
      };
      "monitoringvpn-public-key" = {
        source = "../../PrivateStorageSecrets/monitoringvpn/server.pub";
        destination = "/var/secrets/monitoringvpn/server.pub";
        owner.user = "root";
        owner.group = "root";
        permissions = "0444";
        action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
      };
    };
  };

  imports = [
    hardware
    ../../nixos/modules/monitoring/vpn/server.nix
  ];

  services.private-storage.monitoring.vpn.server = {
    enable = true;
    ips = [ "172.23.23.10/24" ];
  };

  system.stateVersion = stateVersion;
}