Skip to content
Snippets Groups Projects
Commit 722c3d11 authored by Florian Sesser's avatar Florian Sesser
Browse files

VPN: Pull peer list creating code into named function

... and make path an option.
parent 96e6e291
No related branches found
No related tags found
3 merge requests!101Merge staging into production,!100Merge develop into staging,!87Add monitoring VPN modules and config
......@@ -2,6 +2,11 @@
{ lib, config, ... }: let
cfg = config.services.private-storage.monitoring.vpn;
makePeers = peerIPs: pubKeysPath: map (x: {
allowedIPs = [ "${x}/32" ];
publicKey = builtins.readFile(pubKeysPath + "/${x}.pub");
presharedKeyFile = toString cfg.server.presharedKeyFile;
}) peerIPs;
in {
options.services.private-storage.monitoring.vpn.server = {
......@@ -52,6 +57,14 @@ in {
The IP addresses to allow connections from.
'';
};
pubKeysPath = lib.mkOption {
type = lib.types.path;
example = lib.literalExample ../../../../morph/PrivateStorageSecrets/monitoringvpn;
default = ../../../../morph/PrivateStorageSecrets/monitoringvpn;
description = ''
The path to the directory that holds the public keys.
'';
};
};
config = lib.mkIf cfg.server.enable {
......@@ -61,7 +74,7 @@ in {
ips = [ "${cfg.server.ip}/24" ];
listenPort = cfg.server.port;
privateKeyFile = toString cfg.server.privateKeyFile;
peers = map (x: {allowedIPs = [ "${x}/32" ]; publicKey = builtins.readFile(../../../../morph/PrivateStorageSecrets/monitoringvpn + "/${x}.pub"); presharedKeyFile = toString cfg.server.presharedKeyFile;}) cfg.server.vpnClientIPs;
peers = makePeers cfg.server.vpnClientIPs cfg.server.pubKeysPath;
};
};
}
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment