Update the production grid to separate public and private keys

302397c0 · Jean-Paul Calderone · 7711660e · 302397c0 · 302397c0
Commit 302397c0 authored 3 years ago by Jean-Paul Calderone
--- a/morph/grid/production/config.json
+++ b/morph/grid/production/config.json
 { "domain": "private.storage"
 , "publicStoragePort": 8898
-, "ristrettoSigningKeyPath": "./secrets/ristretto.signing-key"
-, "stripeSecretKeyPath": "./secrets/stripe.secret"
-, "monitoringvpnKeyDir": "./secrets/monitoringvpn"
+, "privateKeyPath": "./private-keys"
+, "publicKeyPath": "./public-keys"
 , "monitoringvpnEndpoint": "monitoring.private.storage:51820"
 , "passValue": 1000000
 , "issuerDomains": [

--- a/morph/grid/production/grid.nix
+++ b/morph/grid/production/grid.nix
@@ -5,10 +5,12 @@ let
  gridlib = import ../../lib;
  rawConfig = pkgs.lib.trivial.importJSON ./config.json;
  config = rawConfig // {
-    sshUsers = import ./secrets/users.nix;
+    sshUsers = import ./public-keys/users.nix;

-    # Get absolute vpn key directory path, as a string:
-    monitoringvpnKeyDir = toString ./. + "/${rawConfig.monitoringvpnKeyDir}";
+    # Convert relative paths to absolute so library code can resolve names
+    # correctly.
+    publicKeyPath = toString ./. + "/${rawConfig.publicKeyPath}";
+    privateKeyPath = toString ./. + "/${rawConfig.privateKeyPath}";
  };

  payments = {
@@ -27,7 +29,7 @@ let
      gridlib.hardware-aws
      (gridlib.customize-monitoring {
        inherit hostsMap vpnClientIPs nodeExporterTargets;
-        inherit (config) domain monitoringvpnKeyDir;
+        inherit (config) domain publicKeyPath privateKeyPath;
        monitoringvpnIPv4 = "172.23.23.1";
        stateVersion = "19.09";
      })