From 1e50e395b51c3c3d943db0754efa9b589da9330b Mon Sep 17 00:00:00 2001
From: Florian Sesser <florian@private.storage>
Date: Wed, 28 Jul 2021 14:54:17 +0000
Subject: [PATCH] Add ssh.nix to monitoring as well

---
 morph/grid/local/grid.nix          | 2 +-
 morph/grid/production/grid.nix     | 2 +-
 morph/grid/testing/grid.nix        | 2 +-
 morph/lib/customize-monitoring.nix | 3 +++
 morph/lib/monitoring.nix           | 2 ++
 5 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/morph/grid/local/grid.nix b/morph/grid/local/grid.nix
index 3def2d77..51f41832 100644
--- a/morph/grid/local/grid.nix
+++ b/morph/grid/local/grid.nix
@@ -61,7 +61,7 @@ let
       (gridlib.hardware-virtual ({ publicIPv4 = "192.168.67.24"; }))
       (gridlib.customize-monitoring {
         inherit hostsMap vpnClientIPs nodeExporterTargets paymentExporterTargets;
-        inherit (config) domain publicKeyPath privateKeyPath letsEncryptAdminEmail;
+        inherit (config) domain publicKeyPath privateKeyPath sshUsers letsEncryptAdminEmail;
         googleOAuthClientID = config.monitoringGoogleOAuthClientID;
         monitoringvpnIPv4 = "172.23.23.1";
         stateVersion = "19.09";
diff --git a/morph/grid/production/grid.nix b/morph/grid/production/grid.nix
index e663d224..06eefdd2 100644
--- a/morph/grid/production/grid.nix
+++ b/morph/grid/production/grid.nix
@@ -38,7 +38,7 @@ let
       gridlib.hardware-aws
       (gridlib.customize-monitoring {
         inherit hostsMap vpnClientIPs nodeExporterTargets paymentExporterTargets;
-        inherit (config) domain publicKeyPath privateKeyPath letsEncryptAdminEmail;
+        inherit (config) domain publicKeyPath privateKeyPath sshUsers letsEncryptAdminEmail;
         googleOAuthClientID = config.monitoringGoogleOAuthClientID;
         monitoringvpnIPv4 = "172.23.23.1";
         stateVersion = "19.09";
diff --git a/morph/grid/testing/grid.nix b/morph/grid/testing/grid.nix
index fbbbd9f1..7b06c99e 100644
--- a/morph/grid/testing/grid.nix
+++ b/morph/grid/testing/grid.nix
@@ -51,7 +51,7 @@ let
       gridlib.hardware-aws
       (gridlib.customize-monitoring {
         inherit hostsMap vpnClientIPs nodeExporterTargets paymentExporterTargets;
-        inherit (config) domain publicKeyPath privateKeyPath letsEncryptAdminEmail;
+        inherit (config) domain publicKeyPath privateKeyPath sshUsers letsEncryptAdminEmail;
         googleOAuthClientID = config.monitoringGoogleOAuthClientID;
         monitoringvpnIPv4 = "172.23.23.1";
         stateVersion = "19.09";
diff --git a/morph/lib/customize-monitoring.nix b/morph/lib/customize-monitoring.nix
index f5b820a2..391aa560 100644
--- a/morph/lib/customize-monitoring.nix
+++ b/morph/lib/customize-monitoring.nix
@@ -13,6 +13,7 @@
 , privateKeyPath
 , monitoringvpnIPv4
 , domain
+, sshUsers
 , letsEncryptAdminEmail
 
   # A list of VPN IP addresses as strings indicating which clients will be
@@ -84,6 +85,8 @@
   networking.domain = domain;
   networking.hosts = hostsMap;
 
+  services.private-storage.sshUsers = sshUsers;
+
   services.private-storage.monitoring.vpn.server = {
     enable = true;
     ip = monitoringvpnIPv4;
diff --git a/morph/lib/monitoring.nix b/morph/lib/monitoring.nix
index d8af93b2..f8810be2 100644
--- a/morph/lib/monitoring.nix
+++ b/morph/lib/monitoring.nix
@@ -21,6 +21,8 @@ rec {
   };
 
   imports = [
+    # Give it a good SSH configuration.
+    ../../nixos/modules/ssh.nix
     # Allow us to remotely trigger updates to this system.
     ../../nixos/modules/deployment.nix
 
-- 
GitLab