From 21964fbe7ffb9f94397a9a73176260898a54d6c7 Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Mon, 28 Jun 2021 13:32:52 -0400
Subject: [PATCH] Update the production grid to separate public and private
 keys

---
 morph/grid/production/config.json |  5 ++---
 morph/grid/production/grid.nix    | 10 ++++++----
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/morph/grid/production/config.json b/morph/grid/production/config.json
index 21e080d5..092e4dff 100644
--- a/morph/grid/production/config.json
+++ b/morph/grid/production/config.json
@@ -1,8 +1,7 @@
 { "domain": "private.storage"
 , "publicStoragePort": 8898
-, "ristrettoSigningKeyPath": "./secrets/ristretto.signing-key"
-, "stripeSecretKeyPath": "./secrets/stripe.secret"
-, "monitoringvpnKeyDir": "./secrets/monitoringvpn"
+, "privateKeyPath": "./private-keys"
+, "publicKeyPath": "./public-keys"
 , "monitoringvpnEndpoint": "monitoring.private.storage:51820"
 , "passValue": 1000000
 , "issuerDomains": [
diff --git a/morph/grid/production/grid.nix b/morph/grid/production/grid.nix
index ae51174b..fb680338 100644
--- a/morph/grid/production/grid.nix
+++ b/morph/grid/production/grid.nix
@@ -5,10 +5,12 @@ let
   gridlib = import ../../lib;
   rawConfig = pkgs.lib.trivial.importJSON ./config.json;
   config = rawConfig // {
-    sshUsers = import ./secrets/users.nix;
+    sshUsers = import ./public-keys/users.nix;
 
-    # Get absolute vpn key directory path, as a string:
-    monitoringvpnKeyDir = toString ./. + "/${rawConfig.monitoringvpnKeyDir}";
+    # Convert relative paths to absolute so library code can resolve names
+    # correctly.
+    publicKeyPath = toString ./. + "/${rawConfig.publicKeyPath}";
+    privateKeyPath = toString ./. + "/${rawConfig.privateKeyPath}";
   };
 
   payments = {
@@ -27,7 +29,7 @@ let
       gridlib.hardware-aws
       (gridlib.customize-monitoring {
         inherit hostsMap vpnClientIPs nodeExporterTargets;
-        inherit (config) domain monitoringvpnKeyDir;
+        inherit (config) domain publicKeyPath privateKeyPath;
         monitoringvpnIPv4 = "172.23.23.1";
         stateVersion = "19.09";
       })
-- 
GitLab