From c17552212195bd4a668292ddabc32fd8f0ae6181 Mon Sep 17 00:00:00 2001
From: Florian Sesser <florian@privatestorage.io>
Date: Tue, 1 Jun 2021 20:11:49 +0000
Subject: [PATCH] Instantiate key path in grid.nix
---
morph/grid/local/config.json | 2 +-
morph/grid/local/grid.nix | 6 ++++++
morph/lib/make-issuer.nix | 1 +
morph/lib/make-monitoring.nix | 1 +
morph/lib/make-testing.nix | 1 +
nixos/modules/monitoring/vpn/client.nix | 1 -
nixos/modules/monitoring/vpn/server.nix | 1 -
7 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/morph/grid/local/config.json b/morph/grid/local/config.json
index 93779117..457343ae 100644
--- a/morph/grid/local/config.json
+++ b/morph/grid/local/config.json
@@ -1,7 +1,7 @@
{ "publicStoragePort": 8898
, "ristrettoSigningKeyPath": "./secrets/ristretto.signing-key"
, "stripeSecretKeyPath": "./secrets/stripe.secret"
-, "monitoringvpnKeyDir": "./secrets/monitoringvpn"
+, "monitoringvpnKeyFolder": "./secrets/monitoringvpn"
, "monitoringvpnEndpoint": "192.168.67.24:51820"
, "passValue": 1000000
, "issuerDomain": "payments.localdev"
diff --git a/morph/grid/local/grid.nix b/morph/grid/local/grid.nix
index ee4a2c15..da606417 100644
--- a/morph/grid/local/grid.nix
+++ b/morph/grid/local/grid.nix
@@ -8,10 +8,13 @@ import ../../lib/make-grid.nix {
let
sshUsers = import ./users.nix;
vpnClientIPs = [ "172.23.23.11" "172.23.23.12" "172.23.23.13" ]; # TBD: derive automatically
+ # Get vpn key folder relative to current dir, as a string:
+ monitoringvpnKeyDir = toString ./. + "/${cfg.monitoringvpnKeyFolder}";
in {
"payments1" = import ../../lib/make-issuer.nix (rec {
publicIPv4 = "192.168.67.21";
monitoringvpnIPv4 = "172.23.23.11";
+ inherit monitoringvpnKeyDir;
inherit sshUsers;
hardware = import ./virtual-hardware.nix ({ inherit publicIPv4; });
stateVersion = "19.03";
@@ -20,6 +23,7 @@ import ../../lib/make-grid.nix {
"storage1" = import ../../lib/make-testing.nix (rec {
publicIPv4 = "192.168.67.22";
monitoringvpnIPv4 = "172.23.23.12";
+ inherit monitoringvpnKeyDir;
inherit sshUsers;
hardware = import ./virtual-hardware.nix ({ inherit publicIPv4; });
stateVersion = "19.09";
@@ -28,6 +32,7 @@ import ../../lib/make-grid.nix {
"storage2" = import ../../lib/make-testing.nix (rec {
publicIPv4 = "192.168.67.23";
monitoringvpnIPv4 = "172.23.23.13";
+ inherit monitoringvpnKeyDir;
inherit sshUsers;
hardware = import ./virtual-hardware.nix ({ inherit publicIPv4; });
stateVersion = "19.09";
@@ -38,6 +43,7 @@ import ../../lib/make-grid.nix {
monitoringvpnIPv4 = "172.23.23.1";
inherit vpnClientIPs;
inherit sshUsers;
+ inherit monitoringvpnKeyDir;
hardware = import ./virtual-hardware.nix ({ inherit publicIPv4; });
stateVersion = "19.09";
} // cfg);
diff --git a/morph/lib/make-issuer.nix b/morph/lib/make-issuer.nix
index 6570b631..4302b406 100644
--- a/morph/lib/make-issuer.nix
+++ b/morph/lib/make-issuer.nix
@@ -86,5 +86,6 @@ in rec {
enable = true;
ip = monitoringvpnIPv4;
endpoint = monitoringvpnEndpoint;
+ endpointPublicKeyFile = monitoringvpnKeyDir + "/server.pub";
};
}
diff --git a/morph/lib/make-monitoring.nix b/morph/lib/make-monitoring.nix
index b65f7249..ebc98625 100644
--- a/morph/lib/make-monitoring.nix
+++ b/morph/lib/make-monitoring.nix
@@ -49,6 +49,7 @@ in rec {
enable = true;
ip = monitoringvpnIPv4;
inherit vpnClientIPs;
+ pubKeysPath = monitoringvpnKeyDir;
};
system.stateVersion = stateVersion;
diff --git a/morph/lib/make-testing.nix b/morph/lib/make-testing.nix
index 158e7ea1..050ffd1e 100644
--- a/morph/lib/make-testing.nix
+++ b/morph/lib/make-testing.nix
@@ -75,5 +75,6 @@ in rec {
enable = true;
ip = monitoringvpnIPv4;
endpoint = monitoringvpnEndpoint;
+ endpointPublicKeyFile = monitoringvpnKeyDir + "/server.pub";
};
}
diff --git a/nixos/modules/monitoring/vpn/client.nix b/nixos/modules/monitoring/vpn/client.nix
index 4c651f61..dbd50b82 100644
--- a/nixos/modules/monitoring/vpn/client.nix
+++ b/nixos/modules/monitoring/vpn/client.nix
@@ -49,7 +49,6 @@ in {
endpointPublicKeyFile = lib.mkOption {
type = lib.types.path;
example = lib.literalExample ../PrivateStorageSecrets/monitoringvpn/server.pub;
- default = ../../../../../PrivateStorageSecrets/monitoringvpn/server.pub;
description = ''
File with base64 public key generated by <command>cat private.key | wg pubkey > pubkey.pub</command>.
'';
diff --git a/nixos/modules/monitoring/vpn/server.nix b/nixos/modules/monitoring/vpn/server.nix
index b7f8c00c..2374ddc8 100644
--- a/nixos/modules/monitoring/vpn/server.nix
+++ b/nixos/modules/monitoring/vpn/server.nix
@@ -52,7 +52,6 @@ in {
pubKeysPath = lib.mkOption {
type = lib.types.path;
example = lib.literalExample ../PrivateStorageSecrets/monitoringvpn;
- default = ../../../../../PrivateStorageSecrets/monitoringvpn;
description = ''
The path to the directory that holds the public keys.
'';
--
GitLab