cfg: sshUsers: publicIPv4: monitoringvpnKeyDir: monitoringvpnIPv4: stateVersion: { deployment.secrets = { "ristretto-signing-key".source = cfg.ristrettoSigningKeyPath; "monitoringvpn-secret-key".source = "${monitoringvpnKeyDir}/${monitoringvpnIPv4}.key"; "monitoringvpn-preshared-key".source = "${monitoringvpnKeyDir}/preshared.key"; }; services.private-storage = { sshUsers = sshUsers; inherit publicIPv4; inherit (cfg) passValue; inherit (cfg) publicStoragePort; }; services.private-storage.monitoring.vpn.client = { enable = true; ip = monitoringvpnIPv4; endpoint = cfg.monitoringvpnEndpoint; endpointPublicKeyFile = "${monitoringvpnKeyDir}/server.pub"; }; system.stateVersion = stateVersion; }