From 86ce5141baa4f0cecc162b9673f4e3c65f8ee56b Mon Sep 17 00:00:00 2001
From: Florian Sesser <florian@privatestorage.io>
Date: Thu, 13 May 2021 13:52:42 +0000
Subject: [PATCH] VPN WIP

---
 morph/grid/local/vagrant-guest.nix      |  3 ++
 morph/lib/make-issuer.nix               |  1 +
 morph/lib/make-testing.nix              |  1 +
 nixos/modules/monitoring/vpn/client.nix | 68 ++++++-------------------
 4 files changed, 21 insertions(+), 52 deletions(-)

diff --git a/morph/grid/local/vagrant-guest.nix b/morph/grid/local/vagrant-guest.nix
index 8505b2f3..9e8e6d8c 100644
--- a/morph/grid/local/vagrant-guest.nix
+++ b/morph/grid/local/vagrant-guest.nix
@@ -22,6 +22,9 @@ in
   # Enable the OpenSSH daemon.
   services.openssh.enable = true;
 
+  # Wireguard kernel module
+  boot.extraModulePackages = [ config.boot.kernelPackages.wireguard ];
+
   # Enable DBus
   services.dbus.enable    = true;
 
diff --git a/morph/lib/make-issuer.nix b/morph/lib/make-issuer.nix
index 7510b6b8..8556343d 100644
--- a/morph/lib/make-issuer.nix
+++ b/morph/lib/make-issuer.nix
@@ -35,6 +35,7 @@
   imports = [
     hardware
     ../../nixos/modules/issuer.nix
+    ../../nixos/modules/monitoring/vpn/server.nix
   ];
 
   services.private-storage.sshUsers = sshUsers;
diff --git a/morph/lib/make-testing.nix b/morph/lib/make-testing.nix
index ee1e2db4..d25856a7 100644
--- a/morph/lib/make-testing.nix
+++ b/morph/lib/make-testing.nix
@@ -21,6 +21,7 @@
   imports = [
     hardware
     ../../nixos/modules/private-storage.nix
+    ../../nixos/modules/monitoring/vpn/client.nix
   ];
 
   services.private-storage =
diff --git a/nixos/modules/monitoring/vpn/client.nix b/nixos/modules/monitoring/vpn/client.nix
index 24c8a0ec..7a2ba177 100644
--- a/nixos/modules/monitoring/vpn/client.nix
+++ b/nixos/modules/monitoring/vpn/client.nix
@@ -1,59 +1,23 @@
 # Client section of our Monitoring VPN config
 
-{ lib, config, ... }: let
-  cfg = config.services.monitoring.vpn;
-  # cfg.server = "loki";
-  # cfg.port = 54321;
-  #ip = "192.168.42.11";
+#{ config, ip, privateKeyPath }:
 
-in {
-
-  options = {
-    services.monitoring.vpn.client.enable = lib.mkEnableOption "PrivateStorageio Monitoring VPN client service";
-    services.monitoring.vpn.client.privateKeyFile = lib.mkOption {
-      type = lib.types.str;
-      example = lib.literalExample "/var/secrets/monitoring-vpn/host.key";
-      description = ''
-        Base64 private key generated by <command>wg genkey</command>.
-      '';
-    };
-    services.monitoring.vpn.client.publicKeyFile = lib.mkOption {
-      type = lib.types.str;
-      example = lib.literalExample "/var/secrets/monitoring-vpn/host.pub";
-      description = ''
-        Base64 public key generated by <command>cat private.key | wg pubkey > pubkey.pub</command>.
-      '';
-    };
-    services.monitoring.vpn.client.allowedIPs = {
-      type = lib.types.listOf lib.types.str;
-      example = lib.literalExample [ "172.23.23.1/32" ];
-      description = ''
-        Limits which IPs this client receives data from.
-      '';
-    };
-    services.monitoring.vpn.client.ips = {
-      type = lib.types.listOf lib.types.str;
-      example = lib.literalExample [ "172.23.23.1/24" ];
-      default = [ "172.23.23.1/24" ];
-      description = ''
-        The IP addresses of the interface.
-        See https://github.com/NixOS/nixpkgs/blob/nixos-20.09/nixos/modules/services/networking/wireguard.nix .
-      '';
-    };
-  };
+let
+  cfg.server = "192.168.67.21";
+  cfg.port = 54321;
+  ip = "192.168.42.11";
 
-  config = lib.mkIf cfg.client.enable {
-    networking.wireguard.interfaces.monitoringvpn = {
-      ips = cfg.client.ips;
-      privateKeyFile = cfg.client.privateKeyFile;
-      peers = [
-        {
-          allowedIPs = cfg.client.allowedIPs;
-          endpoint = "loki:54321"; # cfg.server + ":" + toString cfg.port;
-          publicKey = "0fS5azg7bBhCSUocI/r9pNkDMVpnlXmJfu9NV3YfEkU=";
-        }
-      ];
-    };
+in {
+  networking.wireguard.interfaces.monitoringvpn = {
+    ips = [ "${ip}/24" ];
+    privateKey = "oFCEeXlRI+iU3UOgNsAOUCaLZFTEKAq4OrVAvusZYGo=";
+    peers = [
+      {
+        allowedIPs = [ "192.168.42.1/32" ];
+        endpoint = cfg.server + ":" + toString cfg.port;
+        publicKey = "0fS5azg7bBhCSUocI/r9pNkDMVpnlXmJfu9NV3YfEkU=";
+      }
+    ];
   };
 }
 
-- 
GitLab