From f079457636f634f91571d6f7c252a874fc42d23e Mon Sep 17 00:00:00 2001
From: Florian Sesser <florian@privatestorage.io>
Date: Wed, 19 May 2021 22:05:03 +0000
Subject: [PATCH] clean up server public key config leftovers
---
morph/lib/make-monitoring.nix | 8 --------
nixos/modules/monitoring/vpn/client.nix | 16 ++--------------
nixos/modules/monitoring/vpn/server.nix | 8 --------
3 files changed, 2 insertions(+), 30 deletions(-)
diff --git a/morph/lib/make-monitoring.nix b/morph/lib/make-monitoring.nix
index 464b0218..19e1dcbe 100644
--- a/morph/lib/make-monitoring.nix
+++ b/morph/lib/make-monitoring.nix
@@ -23,14 +23,6 @@
permissions = "0400";
action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
};
- "monitoringvpn-public-key" = {
- source = "../../PrivateStorageSecrets/monitoringvpn/server.pub";
- destination = "/run/keys/monitoringvpn/server.pub";
- owner.user = "root";
- owner.group = "root";
- permissions = "0444";
- action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
- };
"monitoringvpn-preshared-key" = {
source = monitoringvpnPresharedKeyPath;
destination = "/run/keys/monitoringvpn/preshared.key";
diff --git a/nixos/modules/monitoring/vpn/client.nix b/nixos/modules/monitoring/vpn/client.nix
index 1756221e..5ea27cd9 100644
--- a/nixos/modules/monitoring/vpn/client.nix
+++ b/nixos/modules/monitoring/vpn/client.nix
@@ -14,18 +14,6 @@ in {
File with base64 private key generated by <command>wg genkey</command>.
'';
};
- publicKeyFile = lib.mkOption {
- type = lib.types.path;
- example = lib.literalExample /run/keys/monitoringvpn/host.pub;
- description = ''
- File with base64 public key generated by <command>cat private.key | wg pubkey > pubkey.pub</command>.
- Cannot have white space or new lines.
- Shorthand for public and private key:
- <command>wg genkey | tee peer_A.key | wg pubkey > peer_A.pub</command>
- TBD the pub files must not have white space or new lines, remove with
- them, for example <command>perl -pe 's/\s+//g'</command>
- '';
- };
presharedKeyFile = lib.mkOption {
type = lib.types.path;
example = lib.literalExample /run/keys/monitoringvpn/preshared.key;
@@ -59,7 +47,7 @@ in {
};
endpointPublicKeyFile = lib.mkOption {
type = lib.types.path;
- example = lib.literalExample /run/keys/monitoringvpn/server.pub;
+ example = lib.literalExample ../../PrivateStorageSecrets/monitoringvpn/server.pub;
default = ../../../../morph/PrivateStorageSecrets/monitoringvpn/server.pub;
description = ''
File with base64 public key generated by <command>cat private.key | wg pubkey > pubkey.pub</command>.
@@ -75,7 +63,7 @@ in {
{
allowedIPs = cfg.client.allowedIPs;
endpoint = cfg.client.endpoint; # meaning: the server.
- publicKey = builtins.readFile(cfg.client.endpointPublicKeyFile);
+ publicKey = lib.fileContents(cfg.client.endpointPublicKeyFile);
presharedKeyFile = toString cfg.client.presharedKeyFile;
persistentKeepalive = 25;
}
diff --git a/nixos/modules/monitoring/vpn/server.nix b/nixos/modules/monitoring/vpn/server.nix
index 13a25175..0cc7be1e 100644
--- a/nixos/modules/monitoring/vpn/server.nix
+++ b/nixos/modules/monitoring/vpn/server.nix
@@ -19,14 +19,6 @@ in {
File with base64 private key generated by <command>wg genkey</command>.
'';
};
- publicKeyFile = lib.mkOption {
- type = lib.types.path;
- example = lib.literalExample /run/keys/monitoringvpn/server.pub;
- default = /run/keys/monitoringvpn/server.pub;
- description = ''
- File with base64 public key generated by <command>cat private.key | wg pubkey > pubkey.pub</command>.
- '';
- };
presharedKeyFile = lib.mkOption {
type = lib.types.path;
example = lib.literalExample /run/keys/monitoringvpn/preshared.key;
--
GitLab