From 6a344d9b007397086f3d1bab62db6c99f01ef65d Mon Sep 17 00:00:00 2001 From: Florian Sesser <florian@privatestorage.io> Date: Fri, 14 May 2021 14:43:20 +0000 Subject: [PATCH] VPN WIP --- morph/grid/local/grid.nix | 7 +++++++ morph/lib/make-issuer.nix | 14 +++++++++++--- nixos/modules/monitoring/vpn/client.nix | 1 + 3 files changed, 19 insertions(+), 3 deletions(-) diff --git a/morph/grid/local/grid.nix b/morph/grid/local/grid.nix index fdda12e4..1be6bffc 100644 --- a/morph/grid/local/grid.nix +++ b/morph/grid/local/grid.nix @@ -28,5 +28,12 @@ import ../../lib/make-grid.nix { hardware = import ./virtual-hardware.nix ({ inherit publicIPv4; }); stateVersion = "19.09"; } // cfg); + + "monitoring1" = import ../../lib/make-monitoring.nix (rec { + publicIPv4 = "192.168.67.24"; + inherit sshUsers; + hardware = import ./virtual-hardware.nix ({ inherit publicIPv4; }); + stateVersion = "19.09"; + } // cfg); }; } diff --git a/morph/lib/make-issuer.nix b/morph/lib/make-issuer.nix index 52f0f82b..271980cf 100644 --- a/morph/lib/make-issuer.nix +++ b/morph/lib/make-issuer.nix @@ -29,6 +29,14 @@ permissions = "0400"; action = ["sudo" "systemctl" "restart" "zkapissuer.service"]; }; + "monitoringvpn-secret-key" = { + source = "../PrivateStorageSecrets/monitoringvpn/storage1.key"; + destination = "/var/secrets/monitoringvpn/client.key"; + owner.user = "root"; + owner.group = "root"; + permissions = "0400"; + action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"]; + }; }; }; @@ -55,9 +63,9 @@ services.private-storage.monitoring.vpn.client = { enable = true; - privateKeyFile = "/var/secrets/vpn/host.key"; - ips = ["172.23.23.21/24"]; + privateKeyFile = "/var/secrets/monitoringvpn/client.key"; + ips = ["172.23.23.11/24"]; allowedIPs = ["172.23.23.1/32"]; - endpointPublicKeyFile = "/var/secrets/vpn/server.pub"; + endpointPublicKeyFile = "/home/flo/Repositories/PrivateStorageio/morph/PrivateStorageSecrets/monitoringvpn/server.pub"; }; } diff --git a/nixos/modules/monitoring/vpn/client.nix b/nixos/modules/monitoring/vpn/client.nix index 434165c2..06aa2553 100644 --- a/nixos/modules/monitoring/vpn/client.nix +++ b/nixos/modules/monitoring/vpn/client.nix @@ -9,6 +9,7 @@ in { privateKeyFile = lib.mkOption { type = lib.types.str; example = lib.literalExample "/var/secrets/monitoring-vpn/host.key"; + default = "/var/secrets/monitoring-vpn/client.key"; description = '' File with base64 private key generated by <command>wg genkey</command>. ''; -- GitLab