# Define a function which returns a value which fills in all the holes left by
# ``storage.nix``.
{
  # See ``customize-issuer.nix``
  monitoringvpnEndpoint
, monitoringvpnIPv4

  # An integer giving the value of a single pass in byte×months.
, passValue

  # An integer giving the port number to include in Tahoe storage service
  # advertisements and on which to listen for storage connections.
, publicStoragePort

  # A string giving the NixOS state version for the system.
, stateVersion
, ...
}:
{ config, ... }:
let
  inherit (config.grid) publicKeyPath privateKeyPath;
in {
  deployment.secrets = {
    "monitoringvpn-secret-key".source = "${privateKeyPath}/monitoringvpn/${monitoringvpnIPv4}.key";
    "monitoringvpn-preshared-key".source = "${privateKeyPath}/monitoringvpn/preshared.key";
  };

  services.private-storage = {
    inherit passValue publicStoragePort;
  };

  services.private-storage.monitoring.vpn.client = {
    enable = true;
    ip = monitoringvpnIPv4;
    endpoint = monitoringvpnEndpoint;
    endpointPublicKeyFile = "${publicKeyPath}/monitoringvpn/server.pub";
  };

  system.stateVersion = stateVersion;
}