diff --git a/morph/grid/local/config.json b/morph/grid/local/config.json index 56184fbcd854ba8120fd5a2062d4656fd0448db3..f4273dc5710d5a5bcff78acd219c850d55a17cd5 100644 --- a/morph/grid/local/config.json +++ b/morph/grid/local/config.json @@ -1,6 +1,8 @@ { "publicStoragePort": 8898 , "ristrettoSigningKeyPath": "../../PrivateStorageSecrets/ristretto.signing-key" , "stripeSecretKeyPath": "../../PrivateStorageSecrets/privatestorageio-testing-stripe.secret" +, "monitoringvpnSecretKeyPath": "../../PrivateStorageSecrets/monitoringvpn/${monitoringvpnIPv4}.key" +, "monitoringvpnPresharedKeyPath" : "../../PrivateStorageSecrets/monitoringvpn/preshared.key" , "passValue": 1000000 , "issuerDomain": "payments.localdev" , "letsEncryptAdminEmail": "florian@privatestorage.io" diff --git a/morph/lib/make-issuer.nix b/morph/lib/make-issuer.nix index e241b917367bb04a8c10830b6d946410994de547..82b194840db0d2387b10d435dfbc0e1dd8066b26 100644 --- a/morph/lib/make-issuer.nix +++ b/morph/lib/make-issuer.nix @@ -1,6 +1,8 @@ { hardware , ristrettoSigningKeyPath , stripeSecretKeyPath +, monitoringvpnSecretKeyPath +, monitoringvpnPresharedKeyPath , issuerDomain , letsEncryptAdminEmail , allowedChargeOrigins @@ -31,7 +33,7 @@ action = ["sudo" "systemctl" "restart" "zkapissuer.service"]; }; "monitoringvpn-secret-key" = { - source = "../../PrivateStorageSecrets/monitoringvpn/${monitoringvpnIPv4}.key"; + source = monitoringvpnSecretKeyPath; destination = "/run/keys/monitoringvpn/client.key"; owner.user = "root"; owner.group = "root"; @@ -39,7 +41,7 @@ action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"]; }; "monitoringvpn-preshared-key" = { - source = "../../PrivateStorageSecrets/monitoringvpn/preshared.key"; + source = monitoringvpnPresharedKeyPath; destination = "/run/keys/monitoringvpn/preshared.key"; owner.user = "root"; owner.group = "root"; diff --git a/morph/lib/make-monitoring.nix b/morph/lib/make-monitoring.nix index 2a2cde3d19326c8e90c6f3896c827bca0be76a74..464b021821b25838065aeda3b05ccba62d11eb5f 100644 --- a/morph/lib/make-monitoring.nix +++ b/morph/lib/make-monitoring.nix @@ -1,11 +1,22 @@ -{ publicIPv4, hardware, publicStoragePort, ristrettoSigningKeyPath, passValue, sshUsers, stateVersion, monitoringvpnIPv4, vpnClientIPs, ... }: rec { +{ publicIPv4 +, hardware +, publicStoragePort +, ristrettoSigningKeyPath +, monitoringvpnSecretKeyPath +, monitoringvpnPresharedKeyPath +, passValue +, sshUsers +, stateVersion +, monitoringvpnIPv4 +, vpnClientIPs +, ... }: rec { deployment = { targetHost = publicIPv4; secrets = { "monitoringvpn-private-key" = { - source = "../../PrivateStorageSecrets/monitoringvpn/server.key"; + source = monitoringvpnSecretKeyPath; destination = "/run/keys/monitoringvpn/server.key"; owner.user = "root"; owner.group = "root"; @@ -21,7 +32,7 @@ action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"]; }; "monitoringvpn-preshared-key" = { - source = "../../PrivateStorageSecrets/monitoringvpn/preshared.key"; + source = monitoringvpnPresharedKeyPath; destination = "/run/keys/monitoringvpn/preshared.key"; owner.user = "root"; owner.group = "root"; diff --git a/morph/lib/make-testing.nix b/morph/lib/make-testing.nix index c96a51c2aed555797366dc0a39040bce04d80b25..7cd3c80aa0e237d003f07e9f95ee5eac211a5ca5 100644 --- a/morph/lib/make-testing.nix +++ b/morph/lib/make-testing.nix @@ -1,4 +1,14 @@ -{ publicIPv4, hardware, publicStoragePort, ristrettoSigningKeyPath, passValue, sshUsers, stateVersion, monitoringvpnIPv4, ... }: rec { +{ publicIPv4 +, hardware +, publicStoragePort +, ristrettoSigningKeyPath +, monitoringvpnSecretKeyPath +, monitoringvpnPresharedKeyPath +, passValue +, sshUsers +, stateVersion +, monitoringvpnIPv4 +, ... }: rec { deployment = { targetHost = publicIPv4; @@ -16,7 +26,7 @@ action = ["sudo" "systemctl" "restart" "tahoe.storage.service"]; }; "monitoringvpn-secret-key" = { - source = "../../PrivateStorageSecrets/monitoringvpn/${monitoringvpnIPv4}.key"; + source = monitoringvpnSecretKeyPath; destination = "/run/keys/monitoringvpn/client.key"; owner.user = "root"; owner.group = "root"; @@ -24,7 +34,7 @@ action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"]; }; "monitoringvpn-preshared-key" = { - source = "../../PrivateStorageSecrets/monitoringvpn/preshared.key"; + source = monitoringvpnPresharedKeyPath; destination = "/run/keys/monitoringvpn/preshared.key"; owner.user = "root"; owner.group = "root";