diff --git a/morph/grid/local/grid.nix b/morph/grid/local/grid.nix index fdda12e4537cd281a8d0768f0a95aa0608eca36b..1be6bffc5d24d5e7522b0970e30c67eb7b957790 100644 --- a/morph/grid/local/grid.nix +++ b/morph/grid/local/grid.nix @@ -28,5 +28,12 @@ import ../../lib/make-grid.nix { hardware = import ./virtual-hardware.nix ({ inherit publicIPv4; }); stateVersion = "19.09"; } // cfg); + + "monitoring1" = import ../../lib/make-monitoring.nix (rec { + publicIPv4 = "192.168.67.24"; + inherit sshUsers; + hardware = import ./virtual-hardware.nix ({ inherit publicIPv4; }); + stateVersion = "19.09"; + } // cfg); }; } diff --git a/morph/lib/make-issuer.nix b/morph/lib/make-issuer.nix index 52f0f82be914fed91192127b833f351e5a3d4be3..271980cfd87e214312112d300642cfc8996f261c 100644 --- a/morph/lib/make-issuer.nix +++ b/morph/lib/make-issuer.nix @@ -29,6 +29,14 @@ permissions = "0400"; action = ["sudo" "systemctl" "restart" "zkapissuer.service"]; }; + "monitoringvpn-secret-key" = { + source = "../PrivateStorageSecrets/monitoringvpn/storage1.key"; + destination = "/var/secrets/monitoringvpn/client.key"; + owner.user = "root"; + owner.group = "root"; + permissions = "0400"; + action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"]; + }; }; }; @@ -55,9 +63,9 @@ services.private-storage.monitoring.vpn.client = { enable = true; - privateKeyFile = "/var/secrets/vpn/host.key"; - ips = ["172.23.23.21/24"]; + privateKeyFile = "/var/secrets/monitoringvpn/client.key"; + ips = ["172.23.23.11/24"]; allowedIPs = ["172.23.23.1/32"]; - endpointPublicKeyFile = "/var/secrets/vpn/server.pub"; + endpointPublicKeyFile = "/home/flo/Repositories/PrivateStorageio/morph/PrivateStorageSecrets/monitoringvpn/server.pub"; }; } diff --git a/nixos/modules/monitoring/vpn/client.nix b/nixos/modules/monitoring/vpn/client.nix index 434165c227a9bcb832456e3f31fd8923c786d4ca..06aa255396a18ee45b3c1a12ae27645dd26080eb 100644 --- a/nixos/modules/monitoring/vpn/client.nix +++ b/nixos/modules/monitoring/vpn/client.nix @@ -9,6 +9,7 @@ in { privateKeyFile = lib.mkOption { type = lib.types.str; example = lib.literalExample "/var/secrets/monitoring-vpn/host.key"; + default = "/var/secrets/monitoring-vpn/client.key"; description = '' File with base64 private key generated by <command>wg genkey</command>. '';