From 722c3d110d48ee143241296d65861f47a21058b4 Mon Sep 17 00:00:00 2001
From: Florian Sesser <florian@privatestorage.io>
Date: Wed, 19 May 2021 20:41:02 +0000
Subject: [PATCH] VPN: Pull peer list creating code into named function

... and make path an option.
---
 nixos/modules/monitoring/vpn/server.nix | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/monitoring/vpn/server.nix b/nixos/modules/monitoring/vpn/server.nix
index 8a1f560e..29430ca0 100644
--- a/nixos/modules/monitoring/vpn/server.nix
+++ b/nixos/modules/monitoring/vpn/server.nix
@@ -2,6 +2,11 @@
 
 { lib, config, ... }: let
   cfg = config.services.private-storage.monitoring.vpn;
+  makePeers = peerIPs: pubKeysPath: map (x: {
+                  allowedIPs = [ "${x}/32" ];
+                  publicKey = builtins.readFile(pubKeysPath + "/${x}.pub");
+                  presharedKeyFile = toString cfg.server.presharedKeyFile;
+                }) peerIPs;
 
 in {
   options.services.private-storage.monitoring.vpn.server = {
@@ -52,6 +57,14 @@ in {
         The IP addresses to allow connections from.
       '';
     };
+    pubKeysPath = lib.mkOption {
+      type = lib.types.path;
+      example = lib.literalExample ../../../../morph/PrivateStorageSecrets/monitoringvpn;
+      default = ../../../../morph/PrivateStorageSecrets/monitoringvpn;
+      description = ''
+        The path to the directory that holds the public keys.
+      '';
+    };
   };
 
   config = lib.mkIf cfg.server.enable {
@@ -61,7 +74,7 @@ in {
       ips = [ "${cfg.server.ip}/24" ];
       listenPort = cfg.server.port;
       privateKeyFile = toString cfg.server.privateKeyFile;
-      peers = map (x: {allowedIPs = [ "${x}/32" ]; publicKey = builtins.readFile(../../../../morph/PrivateStorageSecrets/monitoringvpn + "/${x}.pub"); presharedKeyFile = toString cfg.server.presharedKeyFile;}) cfg.server.vpnClientIPs;
+      peers = makePeers cfg.server.vpnClientIPs cfg.server.pubKeysPath;
     };
   };
 }
-- 
GitLab