From 8125e977066773a83cb3dfe10310ce7ac995efd1 Mon Sep 17 00:00:00 2001
From: Florian Sesser <florian@privatestorage.io>
Date: Sun, 30 May 2021 19:05:15 +0000
Subject: [PATCH] Also make VPN optional for monitoring host

---
 morph/lib/make-monitoring.nix | 54 ++++++++++++++++++++---------------
 1 file changed, 31 insertions(+), 23 deletions(-)

diff --git a/morph/lib/make-monitoring.nix b/morph/lib/make-monitoring.nix
index 1ee2db34..370f177e 100644
--- a/morph/lib/make-monitoring.nix
+++ b/morph/lib/make-monitoring.nix
@@ -2,35 +2,43 @@
 , hardware
 , publicStoragePort
 , ristrettoSigningKeyPath
-, monitoringvpnKeyDir
 , passValue
 , sshUsers
 , stateVersion
-, monitoringvpnIPv4
-, vpnClientIPs
-, ... }: rec {
+, monitoringvpnIPv4 ? null
+, monitoringvpnKeyDir ? null
+, vpnClientIPs ? null
+, ... }: let
+
+  enableVpn = if (monitoringvpnKeyDir != null &&
+                  monitoringvpnIPv4 != null &&
+                  vpnClientIPs != null)
+              then true else false;
+
+  vpnSecrets = if !enableVpn then {} else {
+    "monitoringvpn-private-key" = {
+      source = monitoringvpnKeyDir + "/server.key";
+      destination = "/run/keys/monitoringvpn/server.key";
+      owner.user = "root";
+      owner.group = "root";
+      permissions = "0400";
+      action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
+    };
+    "monitoringvpn-preshared-key" = {
+      source = monitoringvpnKeyDir + "/preshared.key";
+      destination = "/run/keys/monitoringvpn/preshared.key";
+      owner.user = "root";
+      owner.group = "root";
+      permissions = "0400";
+      action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
+    };
+  };
+in rec {
 
   deployment = {
     targetHost = publicIPv4;
 
-    secrets = {
-      "monitoringvpn-private-key" = {
-        source = monitoringvpnKeyDir + "/server.key";
-        destination = "/run/keys/monitoringvpn/server.key";
-        owner.user = "root";
-        owner.group = "root";
-        permissions = "0400";
-        action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
-      };
-      "monitoringvpn-preshared-key" = {
-        source = monitoringvpnKeyDir + "/preshared.key";
-        destination = "/run/keys/monitoringvpn/preshared.key";
-        owner.user = "root";
-        owner.group = "root";
-        permissions = "0400";
-        action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
-      };
-    };
+    secrets = { } // vpnSecrets;
   };
 
   imports = [
@@ -38,7 +46,7 @@
     ../../nixos/modules/monitoring/vpn/server.nix
   ];
 
-  services.private-storage.monitoring.vpn.server = {
+  services.private-storage.monitoring.vpn.server = if !enableVpn then {} else {
     enable = true;
     ip = monitoringvpnIPv4;
     inherit vpnClientIPs;
-- 
GitLab