From 6a344d9b007397086f3d1bab62db6c99f01ef65d Mon Sep 17 00:00:00 2001
From: Florian Sesser <florian@privatestorage.io>
Date: Fri, 14 May 2021 14:43:20 +0000
Subject: [PATCH] VPN WIP

---
 morph/grid/local/grid.nix               |  7 +++++++
 morph/lib/make-issuer.nix               | 14 +++++++++++---
 nixos/modules/monitoring/vpn/client.nix |  1 +
 3 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/morph/grid/local/grid.nix b/morph/grid/local/grid.nix
index fdda12e4..1be6bffc 100644
--- a/morph/grid/local/grid.nix
+++ b/morph/grid/local/grid.nix
@@ -28,5 +28,12 @@ import ../../lib/make-grid.nix {
       hardware = import ./virtual-hardware.nix ({ inherit publicIPv4; });
       stateVersion = "19.09";
     } // cfg);
+
+    "monitoring1" = import ../../lib/make-monitoring.nix (rec {
+      publicIPv4 = "192.168.67.24";
+      inherit sshUsers;
+      hardware = import ./virtual-hardware.nix ({ inherit publicIPv4; });
+      stateVersion = "19.09";
+    } // cfg);
   };
 }
diff --git a/morph/lib/make-issuer.nix b/morph/lib/make-issuer.nix
index 52f0f82b..271980cf 100644
--- a/morph/lib/make-issuer.nix
+++ b/morph/lib/make-issuer.nix
@@ -29,6 +29,14 @@
         permissions = "0400";
         action = ["sudo" "systemctl" "restart" "zkapissuer.service"];
       };
+      "monitoringvpn-secret-key" = {
+        source = "../PrivateStorageSecrets/monitoringvpn/storage1.key";
+        destination = "/var/secrets/monitoringvpn/client.key";
+        owner.user = "root";
+        owner.group = "root";
+        permissions = "0400";
+        action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
+      };
     };
   };
 
@@ -55,9 +63,9 @@
 
   services.private-storage.monitoring.vpn.client = {
     enable = true;
-    privateKeyFile = "/var/secrets/vpn/host.key";
-    ips = ["172.23.23.21/24"];
+    privateKeyFile = "/var/secrets/monitoringvpn/client.key";
+    ips = ["172.23.23.11/24"];
     allowedIPs = ["172.23.23.1/32"];
-    endpointPublicKeyFile = "/var/secrets/vpn/server.pub";
+    endpointPublicKeyFile = "/home/flo/Repositories/PrivateStorageio/morph/PrivateStorageSecrets/monitoringvpn/server.pub";
   };
 }
diff --git a/nixos/modules/monitoring/vpn/client.nix b/nixos/modules/monitoring/vpn/client.nix
index 434165c2..06aa2553 100644
--- a/nixos/modules/monitoring/vpn/client.nix
+++ b/nixos/modules/monitoring/vpn/client.nix
@@ -9,6 +9,7 @@ in {
     privateKeyFile = lib.mkOption {
       type = lib.types.str;
       example = lib.literalExample "/var/secrets/monitoring-vpn/host.key";
+      default = "/var/secrets/monitoring-vpn/client.key";
       description = ''
         File with base64 private key generated by <command>wg genkey</command>.
       '';
-- 
GitLab