From f079457636f634f91571d6f7c252a874fc42d23e Mon Sep 17 00:00:00 2001
From: Florian Sesser <florian@privatestorage.io>
Date: Wed, 19 May 2021 22:05:03 +0000
Subject: [PATCH] clean up server public key config leftovers

---
 morph/lib/make-monitoring.nix           |  8 --------
 nixos/modules/monitoring/vpn/client.nix | 16 ++--------------
 nixos/modules/monitoring/vpn/server.nix |  8 --------
 3 files changed, 2 insertions(+), 30 deletions(-)

diff --git a/morph/lib/make-monitoring.nix b/morph/lib/make-monitoring.nix
index 464b0218..19e1dcbe 100644
--- a/morph/lib/make-monitoring.nix
+++ b/morph/lib/make-monitoring.nix
@@ -23,14 +23,6 @@
         permissions = "0400";
         action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
       };
-      "monitoringvpn-public-key" = {
-        source = "../../PrivateStorageSecrets/monitoringvpn/server.pub";
-        destination = "/run/keys/monitoringvpn/server.pub";
-        owner.user = "root";
-        owner.group = "root";
-        permissions = "0444";
-        action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
-      };
       "monitoringvpn-preshared-key" = {
         source = monitoringvpnPresharedKeyPath;
         destination = "/run/keys/monitoringvpn/preshared.key";
diff --git a/nixos/modules/monitoring/vpn/client.nix b/nixos/modules/monitoring/vpn/client.nix
index 1756221e..5ea27cd9 100644
--- a/nixos/modules/monitoring/vpn/client.nix
+++ b/nixos/modules/monitoring/vpn/client.nix
@@ -14,18 +14,6 @@ in {
         File with base64 private key generated by <command>wg genkey</command>.
       '';
     };
-    publicKeyFile = lib.mkOption {
-      type = lib.types.path;
-      example = lib.literalExample /run/keys/monitoringvpn/host.pub;
-      description = ''
-        File with base64 public key generated by <command>cat private.key | wg pubkey > pubkey.pub</command>.
-        Cannot have white space or new lines.
-        Shorthand for public and private key:
-        <command>wg genkey | tee peer_A.key | wg pubkey > peer_A.pub</command>
-        TBD the pub files must not have white space or new lines, remove with
-        them, for example <command>perl -pe 's/\s+//g'</command>
-      '';
-    };
     presharedKeyFile = lib.mkOption {
       type = lib.types.path;
       example = lib.literalExample /run/keys/monitoringvpn/preshared.key;
@@ -59,7 +47,7 @@ in {
     };
     endpointPublicKeyFile = lib.mkOption {
       type = lib.types.path;
-      example = lib.literalExample /run/keys/monitoringvpn/server.pub;
+      example = lib.literalExample ../../PrivateStorageSecrets/monitoringvpn/server.pub;
       default = ../../../../morph/PrivateStorageSecrets/monitoringvpn/server.pub;
       description = ''
         File with base64 public key generated by <command>cat private.key | wg pubkey > pubkey.pub</command>.
@@ -75,7 +63,7 @@ in {
         {
           allowedIPs = cfg.client.allowedIPs;
           endpoint = cfg.client.endpoint;  # meaning: the server.
-          publicKey = builtins.readFile(cfg.client.endpointPublicKeyFile);
+          publicKey = lib.fileContents(cfg.client.endpointPublicKeyFile);
           presharedKeyFile = toString cfg.client.presharedKeyFile;
           persistentKeepalive = 25;
         }
diff --git a/nixos/modules/monitoring/vpn/server.nix b/nixos/modules/monitoring/vpn/server.nix
index 13a25175..0cc7be1e 100644
--- a/nixos/modules/monitoring/vpn/server.nix
+++ b/nixos/modules/monitoring/vpn/server.nix
@@ -19,14 +19,6 @@ in {
         File with base64 private key generated by <command>wg genkey</command>.
       '';
     };
-    publicKeyFile = lib.mkOption {
-      type = lib.types.path;
-      example = lib.literalExample /run/keys/monitoringvpn/server.pub;
-      default = /run/keys/monitoringvpn/server.pub;
-      description = ''
-        File with base64 public key generated by <command>cat private.key | wg pubkey > pubkey.pub</command>.
-      '';
-    };
     presharedKeyFile = lib.mkOption {
       type = lib.types.path;
       example = lib.literalExample /run/keys/monitoringvpn/preshared.key;
-- 
GitLab