From f079457636f634f91571d6f7c252a874fc42d23e Mon Sep 17 00:00:00 2001 From: Florian Sesser <florian@privatestorage.io> Date: Wed, 19 May 2021 22:05:03 +0000 Subject: [PATCH] clean up server public key config leftovers --- morph/lib/make-monitoring.nix | 8 -------- nixos/modules/monitoring/vpn/client.nix | 16 ++-------------- nixos/modules/monitoring/vpn/server.nix | 8 -------- 3 files changed, 2 insertions(+), 30 deletions(-) diff --git a/morph/lib/make-monitoring.nix b/morph/lib/make-monitoring.nix index 464b0218..19e1dcbe 100644 --- a/morph/lib/make-monitoring.nix +++ b/morph/lib/make-monitoring.nix @@ -23,14 +23,6 @@ permissions = "0400"; action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"]; }; - "monitoringvpn-public-key" = { - source = "../../PrivateStorageSecrets/monitoringvpn/server.pub"; - destination = "/run/keys/monitoringvpn/server.pub"; - owner.user = "root"; - owner.group = "root"; - permissions = "0444"; - action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"]; - }; "monitoringvpn-preshared-key" = { source = monitoringvpnPresharedKeyPath; destination = "/run/keys/monitoringvpn/preshared.key"; diff --git a/nixos/modules/monitoring/vpn/client.nix b/nixos/modules/monitoring/vpn/client.nix index 1756221e..5ea27cd9 100644 --- a/nixos/modules/monitoring/vpn/client.nix +++ b/nixos/modules/monitoring/vpn/client.nix @@ -14,18 +14,6 @@ in { File with base64 private key generated by <command>wg genkey</command>. ''; }; - publicKeyFile = lib.mkOption { - type = lib.types.path; - example = lib.literalExample /run/keys/monitoringvpn/host.pub; - description = '' - File with base64 public key generated by <command>cat private.key | wg pubkey > pubkey.pub</command>. - Cannot have white space or new lines. - Shorthand for public and private key: - <command>wg genkey | tee peer_A.key | wg pubkey > peer_A.pub</command> - TBD the pub files must not have white space or new lines, remove with - them, for example <command>perl -pe 's/\s+//g'</command> - ''; - }; presharedKeyFile = lib.mkOption { type = lib.types.path; example = lib.literalExample /run/keys/monitoringvpn/preshared.key; @@ -59,7 +47,7 @@ in { }; endpointPublicKeyFile = lib.mkOption { type = lib.types.path; - example = lib.literalExample /run/keys/monitoringvpn/server.pub; + example = lib.literalExample ../../PrivateStorageSecrets/monitoringvpn/server.pub; default = ../../../../morph/PrivateStorageSecrets/monitoringvpn/server.pub; description = '' File with base64 public key generated by <command>cat private.key | wg pubkey > pubkey.pub</command>. @@ -75,7 +63,7 @@ in { { allowedIPs = cfg.client.allowedIPs; endpoint = cfg.client.endpoint; # meaning: the server. - publicKey = builtins.readFile(cfg.client.endpointPublicKeyFile); + publicKey = lib.fileContents(cfg.client.endpointPublicKeyFile); presharedKeyFile = toString cfg.client.presharedKeyFile; persistentKeepalive = 25; } diff --git a/nixos/modules/monitoring/vpn/server.nix b/nixos/modules/monitoring/vpn/server.nix index 13a25175..0cc7be1e 100644 --- a/nixos/modules/monitoring/vpn/server.nix +++ b/nixos/modules/monitoring/vpn/server.nix @@ -19,14 +19,6 @@ in { File with base64 private key generated by <command>wg genkey</command>. ''; }; - publicKeyFile = lib.mkOption { - type = lib.types.path; - example = lib.literalExample /run/keys/monitoringvpn/server.pub; - default = /run/keys/monitoringvpn/server.pub; - description = '' - File with base64 public key generated by <command>cat private.key | wg pubkey > pubkey.pub</command>. - ''; - }; presharedKeyFile = lib.mkOption { type = lib.types.path; example = lib.literalExample /run/keys/monitoringvpn/preshared.key; -- GitLab