From fa3bb7f2b0ebeabf518b4baa32ebf2c20a56a2d7 Mon Sep 17 00:00:00 2001
From: Florian Sesser <florian@privatestorage.io>
Date: Sun, 30 May 2021 21:41:40 +0000
Subject: [PATCH] VPN: make endpoint setting mandatory

---
 morph/grid/local/config.json            | 1 +
 morph/lib/make-issuer.nix               | 5 ++++-
 morph/lib/make-testing.nix              | 5 ++++-
 nixos/modules/monitoring/vpn/client.nix | 1 -
 4 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/morph/grid/local/config.json b/morph/grid/local/config.json
index 09074b3a..c08955eb 100644
--- a/morph/grid/local/config.json
+++ b/morph/grid/local/config.json
@@ -2,6 +2,7 @@
 , "ristrettoSigningKeyPath": "../../PrivateStorageSecrets/ristretto.signing-key"
 , "stripeSecretKeyPath": "../../PrivateStorageSecrets/privatestorageio-testing-stripe.secret"
 , "monitoringvpnKeyDir": "../../PrivateStorageSecrets/monitoringvpn"
+, "monitoringvpnEndpoint": "192.168.67.24:51820"
 , "passValue": 1000000
 , "issuerDomain": "payments.localdev"
 , "letsEncryptAdminEmail": "florian@privatestorage.io"
diff --git a/morph/lib/make-issuer.nix b/morph/lib/make-issuer.nix
index 9d60db41..fc6b0abd 100644
--- a/morph/lib/make-issuer.nix
+++ b/morph/lib/make-issuer.nix
@@ -9,11 +9,13 @@
 , publicIPv4
 , monitoringvpnKeyDir ? null
 , monitoringvpnIPv4 ? null
+, monitoringvpnEndpoint ? null
 , ...
 }: let
 
   enableVpn = monitoringvpnKeyDir != null &&
-              monitoringvpnIPv4 != null;
+              monitoringvpnIPv4 != null &&
+              monitoringvpnEndpoint != null;
 
   vpnSecrets = if !enableVpn then {} else {
     "monitoringvpn-secret-key" = {
@@ -82,5 +84,6 @@ in rec {
   services.private-storage.monitoring.vpn.client = if !enableVpn then {} else {
     enable = true;
     ip = monitoringvpnIPv4;
+    endpoint = monitoringvpnEndpoint;
   };
 }
diff --git a/morph/lib/make-testing.nix b/morph/lib/make-testing.nix
index 14765fdc..fa2ccd44 100644
--- a/morph/lib/make-testing.nix
+++ b/morph/lib/make-testing.nix
@@ -7,10 +7,12 @@
 , stateVersion
 , monitoringvpnKeyDir ? null
 , monitoringvpnIPv4 ? null
+, monitoringvpnEndpoint ? null
 , ... }: let
 
   enableVpn = monitoringvpnKeyDir != null &&
-              monitoringvpnIPv4 != null;
+              monitoringvpnIPv4 != null &&
+              monitoringvpnEndpoint != null;
 
   vpnSecrets = if !enableVpn then {} else {
     "monitoringvpn-secret-key" = {
@@ -71,5 +73,6 @@ in rec {
   services.private-storage.monitoring.vpn.client = if !enableVpn then {} else {
     enable = true;
     ip = monitoringvpnIPv4;
+    endpoint = monitoringvpnEndpoint;
   };
 }
diff --git a/nixos/modules/monitoring/vpn/client.nix b/nixos/modules/monitoring/vpn/client.nix
index 58991d05..4c651f61 100644
--- a/nixos/modules/monitoring/vpn/client.nix
+++ b/nixos/modules/monitoring/vpn/client.nix
@@ -42,7 +42,6 @@ in {
     endpoint = lib.mkOption {
       type = lib.types.str;
       example = lib.literalExample "vpn.monitoring.private.storage:54321";
-      default = "192.168.67.24:51820";
       description = ''
         The address and port number of the server to establish the VPN with.
       '';
-- 
GitLab