Instantiate key path in grid.nix

c1755221 · Florian Sesser · 337f8c72 · c1755221 · c1755221 · c1755221
Commit c1755221 authored 3 years ago by Florian Sesser
--- a/morph/grid/local/config.json
+++ b/morph/grid/local/config.json
 { "publicStoragePort": 8898
 , "ristrettoSigningKeyPath": "./secrets/ristretto.signing-key"
 , "stripeSecretKeyPath": "./secrets/stripe.secret"
-, "monitoringvpnKeyDir": "./secrets/monitoringvpn"
+, "monitoringvpnKeyFolder": "./secrets/monitoringvpn"
 , "monitoringvpnEndpoint": "192.168.67.24:51820"
 , "passValue": 1000000
 , "issuerDomain": "payments.localdev"

--- a/morph/grid/local/grid.nix
+++ b/morph/grid/local/grid.nix
@@ -8,10 +8,13 @@ import ../../lib/make-grid.nix {
  let
    sshUsers = import ./users.nix;
    vpnClientIPs = [ "172.23.23.11" "172.23.23.12" "172.23.23.13" ]; # TBD: derive automatically
+    # Get vpn key folder relative to current dir, as a string:
+    monitoringvpnKeyDir = toString ./. + "/${cfg.monitoringvpnKeyFolder}";
  in {
    "payments1" = import ../../lib/make-issuer.nix (rec {
      publicIPv4 = "192.168.67.21";
      monitoringvpnIPv4 = "172.23.23.11";
+      inherit monitoringvpnKeyDir;
      inherit sshUsers;
      hardware = import ./virtual-hardware.nix ({ inherit publicIPv4; });
      stateVersion = "19.03";
@@ -20,6 +23,7 @@ import ../../lib/make-grid.nix {
    "storage1" = import ../../lib/make-testing.nix (rec {
      publicIPv4 = "192.168.67.22";
      monitoringvpnIPv4 = "172.23.23.12";
+      inherit monitoringvpnKeyDir;
      inherit sshUsers;
      hardware = import ./virtual-hardware.nix ({ inherit publicIPv4; });
      stateVersion = "19.09";
@@ -28,6 +32,7 @@ import ../../lib/make-grid.nix {
    "storage2" = import ../../lib/make-testing.nix (rec {
      publicIPv4 = "192.168.67.23";
      monitoringvpnIPv4 = "172.23.23.13";
+      inherit monitoringvpnKeyDir;
      inherit sshUsers;
      hardware = import ./virtual-hardware.nix ({ inherit publicIPv4; });
      stateVersion = "19.09";
@@ -38,6 +43,7 @@ import ../../lib/make-grid.nix {
      monitoringvpnIPv4 = "172.23.23.1";
      inherit vpnClientIPs;
      inherit sshUsers;
+      inherit monitoringvpnKeyDir;
      hardware = import ./virtual-hardware.nix ({ inherit publicIPv4; });
      stateVersion = "19.09";
    } // cfg);

--- a/morph/lib/make-issuer.nix
+++ b/morph/lib/make-issuer.nix
@@ -86,5 +86,6 @@ in rec {
    enable = true;
    ip = monitoringvpnIPv4;
    endpoint = monitoringvpnEndpoint;
+    endpointPublicKeyFile = monitoringvpnKeyDir + "/server.pub";
  };
 }
--- a/morph/lib/make-monitoring.nix
+++ b/morph/lib/make-monitoring.nix
@@ -49,6 +49,7 @@ in rec {
    enable = true;
    ip = monitoringvpnIPv4;
    inherit vpnClientIPs;
+    pubKeysPath = monitoringvpnKeyDir;
  };

  system.stateVersion = stateVersion;

--- a/morph/lib/make-testing.nix
+++ b/morph/lib/make-testing.nix
@@ -75,5 +75,6 @@ in rec {
    enable = true;
    ip = monitoringvpnIPv4;
    endpoint = monitoringvpnEndpoint;
+    endpointPublicKeyFile = monitoringvpnKeyDir + "/server.pub";
  };
 }
--- a/nixos/modules/monitoring/vpn/client.nix
+++ b/nixos/modules/monitoring/vpn/client.nix
@@ -49,7 +49,6 @@ in {
    endpointPublicKeyFile = lib.mkOption {
      type = lib.types.path;
      example = lib.literalExample ../PrivateStorageSecrets/monitoringvpn/server.pub;
-      default = ../../../../../PrivateStorageSecrets/monitoringvpn/server.pub;
      description = ''
        File with base64 public key generated by <command>cat private.key | wg pubkey > pubkey.pub</command>.
      '';

--- a/nixos/modules/monitoring/vpn/server.nix
+++ b/nixos/modules/monitoring/vpn/server.nix
@@ -52,7 +52,6 @@ in {
    pubKeysPath = lib.mkOption {
      type = lib.types.path;
      example = lib.literalExample ../PrivateStorageSecrets/monitoringvpn;
-      default = ../../../../../PrivateStorageSecrets/monitoringvpn;
      description = ''
        The path to the directory that holds the public keys.
      '';