From fa3bb7f2b0ebeabf518b4baa32ebf2c20a56a2d7 Mon Sep 17 00:00:00 2001 From: Florian Sesser <florian@privatestorage.io> Date: Sun, 30 May 2021 21:41:40 +0000 Subject: [PATCH] VPN: make endpoint setting mandatory --- morph/grid/local/config.json | 1 + morph/lib/make-issuer.nix | 5 ++++- morph/lib/make-testing.nix | 5 ++++- nixos/modules/monitoring/vpn/client.nix | 1 - 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/morph/grid/local/config.json b/morph/grid/local/config.json index 09074b3a..c08955eb 100644 --- a/morph/grid/local/config.json +++ b/morph/grid/local/config.json @@ -2,6 +2,7 @@ , "ristrettoSigningKeyPath": "../../PrivateStorageSecrets/ristretto.signing-key" , "stripeSecretKeyPath": "../../PrivateStorageSecrets/privatestorageio-testing-stripe.secret" , "monitoringvpnKeyDir": "../../PrivateStorageSecrets/monitoringvpn" +, "monitoringvpnEndpoint": "192.168.67.24:51820" , "passValue": 1000000 , "issuerDomain": "payments.localdev" , "letsEncryptAdminEmail": "florian@privatestorage.io" diff --git a/morph/lib/make-issuer.nix b/morph/lib/make-issuer.nix index 9d60db41..fc6b0abd 100644 --- a/morph/lib/make-issuer.nix +++ b/morph/lib/make-issuer.nix @@ -9,11 +9,13 @@ , publicIPv4 , monitoringvpnKeyDir ? null , monitoringvpnIPv4 ? null +, monitoringvpnEndpoint ? null , ... }: let enableVpn = monitoringvpnKeyDir != null && - monitoringvpnIPv4 != null; + monitoringvpnIPv4 != null && + monitoringvpnEndpoint != null; vpnSecrets = if !enableVpn then {} else { "monitoringvpn-secret-key" = { @@ -82,5 +84,6 @@ in rec { services.private-storage.monitoring.vpn.client = if !enableVpn then {} else { enable = true; ip = monitoringvpnIPv4; + endpoint = monitoringvpnEndpoint; }; } diff --git a/morph/lib/make-testing.nix b/morph/lib/make-testing.nix index 14765fdc..fa2ccd44 100644 --- a/morph/lib/make-testing.nix +++ b/morph/lib/make-testing.nix @@ -7,10 +7,12 @@ , stateVersion , monitoringvpnKeyDir ? null , monitoringvpnIPv4 ? null +, monitoringvpnEndpoint ? null , ... }: let enableVpn = monitoringvpnKeyDir != null && - monitoringvpnIPv4 != null; + monitoringvpnIPv4 != null && + monitoringvpnEndpoint != null; vpnSecrets = if !enableVpn then {} else { "monitoringvpn-secret-key" = { @@ -71,5 +73,6 @@ in rec { services.private-storage.monitoring.vpn.client = if !enableVpn then {} else { enable = true; ip = monitoringvpnIPv4; + endpoint = monitoringvpnEndpoint; }; } diff --git a/nixos/modules/monitoring/vpn/client.nix b/nixos/modules/monitoring/vpn/client.nix index 58991d05..4c651f61 100644 --- a/nixos/modules/monitoring/vpn/client.nix +++ b/nixos/modules/monitoring/vpn/client.nix @@ -42,7 +42,6 @@ in { endpoint = lib.mkOption { type = lib.types.str; example = lib.literalExample "vpn.monitoring.private.storage:54321"; - default = "192.168.67.24:51820"; description = '' The address and port number of the server to establish the VPN with. ''; -- GitLab