From 722c3d110d48ee143241296d65861f47a21058b4 Mon Sep 17 00:00:00 2001 From: Florian Sesser <florian@privatestorage.io> Date: Wed, 19 May 2021 20:41:02 +0000 Subject: [PATCH] VPN: Pull peer list creating code into named function ... and make path an option. --- nixos/modules/monitoring/vpn/server.nix | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/nixos/modules/monitoring/vpn/server.nix b/nixos/modules/monitoring/vpn/server.nix index 8a1f560e..29430ca0 100644 --- a/nixos/modules/monitoring/vpn/server.nix +++ b/nixos/modules/monitoring/vpn/server.nix @@ -2,6 +2,11 @@ { lib, config, ... }: let cfg = config.services.private-storage.monitoring.vpn; + makePeers = peerIPs: pubKeysPath: map (x: { + allowedIPs = [ "${x}/32" ]; + publicKey = builtins.readFile(pubKeysPath + "/${x}.pub"); + presharedKeyFile = toString cfg.server.presharedKeyFile; + }) peerIPs; in { options.services.private-storage.monitoring.vpn.server = { @@ -52,6 +57,14 @@ in { The IP addresses to allow connections from. ''; }; + pubKeysPath = lib.mkOption { + type = lib.types.path; + example = lib.literalExample ../../../../morph/PrivateStorageSecrets/monitoringvpn; + default = ../../../../morph/PrivateStorageSecrets/monitoringvpn; + description = '' + The path to the directory that holds the public keys. + ''; + }; }; config = lib.mkIf cfg.server.enable { @@ -61,7 +74,7 @@ in { ips = [ "${cfg.server.ip}/24" ]; listenPort = cfg.server.port; privateKeyFile = toString cfg.server.privateKeyFile; - peers = map (x: {allowedIPs = [ "${x}/32" ]; publicKey = builtins.readFile(../../../../morph/PrivateStorageSecrets/monitoringvpn + "/${x}.pub"); presharedKeyFile = toString cfg.server.presharedKeyFile;}) cfg.server.vpnClientIPs; + peers = makePeers cfg.server.vpnClientIPs cfg.server.pubKeysPath; }; }; } -- GitLab