VPN: Pull peer list creating code into named function

... and make path an option.

VPN: Pull peer list creating code into named function
722c3d11 · Florian Sesser · 96e6e291 · 722c3d11
Commit 722c3d11 authored 3 years ago by Florian Sesser
--- a/nixos/modules/monitoring/vpn/server.nix
+++ b/nixos/modules/monitoring/vpn/server.nix
@@ -2,6 +2,11 @@

 { lib, config, ... }: let
  cfg = config.services.private-storage.monitoring.vpn;
+  makePeers = peerIPs: pubKeysPath: map (x: {
+                  allowedIPs = [ "${x}/32" ];
+                  publicKey = builtins.readFile(pubKeysPath + "/${x}.pub");
+                  presharedKeyFile = toString cfg.server.presharedKeyFile;
+                }) peerIPs;

 in {
  options.services.private-storage.monitoring.vpn.server = {
@@ -52,6 +57,14 @@ in {
        The IP addresses to allow connections from.
      '';
    };
+    pubKeysPath = lib.mkOption {
+      type = lib.types.path;
+      example = lib.literalExample ../../../../morph/PrivateStorageSecrets/monitoringvpn;
+      default = ../../../../morph/PrivateStorageSecrets/monitoringvpn;
+      description = ''
+        The path to the directory that holds the public keys.
+      '';
+    };
  };

  config = lib.mkIf cfg.server.enable {
@@ -61,7 +74,7 @@ in {
      ips = [ "${cfg.server.ip}/24" ];
      listenPort = cfg.server.port;
      privateKeyFile = toString cfg.server.privateKeyFile;
-      peers = map (x: {allowedIPs = [ "${x}/32" ]; publicKey = builtins.readFile(../../../../morph/PrivateStorageSecrets/monitoringvpn + "/${x}.pub"); presharedKeyFile = toString cfg.server.presharedKeyFile;}) cfg.server.vpnClientIPs;
+      peers = makePeers cfg.server.vpnClientIPs cfg.server.pubKeysPath;
    };
  };
 }