Skip to content
Snippets Groups Projects
Commit ccf607f1 authored by Florian Sesser's avatar Florian Sesser
Browse files

Add optionality and customizable vpnEndpoint to make-storage.nix

parent bc3ce5bb
No related branches found
No related tags found
3 merge requests!108Merge staging into production,!107Merge develop into staging,!91Integrate monitoring into production
Pipeline #602 failed
......@@ -11,11 +11,36 @@
# to avoid breaking some software such as
# database servers. You should change this only
# after NixOS release notes say you should.
, monitoringvpnKeyDir # The directory that holds the VPN keys.
, monitoringvpnIPv4 # This node's IP in the monitoring VPN.
, monitoringvpnEndpoint # The VPN server and port.
, monitoringvpnKeyDir ? null # The directory that holds the VPN keys.
, monitoringvpnIPv4 ? null # This node's IP in the monitoring VPN.
, monitoringvpnEndpoint ? null # The VPN server and port.
, ...
}: rec {
}: let
enableVpn = monitoringvpnKeyDir != null &&
monitoringvpnIPv4 != null &&
monitoringvpnEndpoint != null;
vpnSecrets = if !enableVpn then {} else {
"monitoringvpn-secret-key" = {
source = monitoringvpnKeyDir + "/${monitoringvpnIPv4}.key";
destination = "/run/keys/monitoringvpn/client.key";
owner.user = "root";
owner.group = "root";
permissions = "0400";
action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
};
"monitoringvpn-preshared-key" = {
source = monitoringvpnKeyDir + "/preshared.key";
destination = "/run/keys/monitoringvpn/preshared.key";
owner.user = "root";
owner.group = "root";
permissions = "0400";
action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
};
};
in rec {
deployment = {
targetHost = cfg.publicIPv4;
......@@ -31,7 +56,7 @@
# extract it from the tahoe-lafs nixos module somehow?
action = ["sudo" "systemctl" "restart" "tahoe.storage.service"];
};
};
} // vpnSecrets;
};
# Any extra NixOS modules to load on this server.
......@@ -75,7 +100,7 @@
system.stateVersion = stateVersion;
services.private-storage.monitoring.vpn.client = {
services.private-storage.monitoring.vpn.client = if !enableVpn then {} else {
enable = true;
ip = monitoringvpnIPv4;
endpoint = monitoringvpnEndpoint;
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment