Select Git revision
PaymentServer.cabal
-
Jean-Paul Calderone authored
We can't control whether Stripe puts the voucher we supply in its metadata. We can control whether we put the Stripe ChargeId Stripe supplies in our database, though.
Jean-Paul Calderone authoredWe can't control whether Stripe puts the voucher we supply in its metadata. We can control whether we put the Stripe ChargeId Stripe supplies in our database, though.
server.nix 2.40 KiB
# Server section of our Monitoring VPN config
{ lib, config, ... }: let
cfg = config.services.private-storage.monitoring.vpn;
makePeers = map (x: {
allowedIPs = [ "${x}/32" ];
publicKey = lib.fileContents(cfg.server.pubKeysPath + "/${x}.pub");
presharedKeyFile = toString cfg.server.presharedKeyFile;
}) cfg.server.vpnClientIPs;
in {
options.services.private-storage.monitoring.vpn.server = {
enable = lib.mkEnableOption "PrivateStorageio Monitoring VPN server service";
privateKeyFile = lib.mkOption {
type = lib.types.path;
example = lib.literalExample /run/keys/monitoringvpn/server.key;
default = /run/keys/monitoringvpn/server.key;
description = ''
File with base64 private key generated by <command>wg genkey</command>.
'';
};
presharedKeyFile = lib.mkOption {
type = lib.types.path;
example = lib.literalExample /run/keys/monitoringvpn/preshared.key;
default = /run/keys/monitoringvpn/preshared.key;
description = ''
File with base64 preshared key generated by <command>wg genpsk</command>.
'';
};
ip = lib.mkOption {
type = lib.types.str;
example = lib.literalExample [ "172.23.23.23" ];
description = ''
The IP address of the interface.
'';
};
port = lib.mkOption {
type = lib.types.port;
example = lib.literalExample 54321;
default = 54321;
description = ''
The UDP port to listen on.
'';
};
vpnClientIPs = lib.mkOption {
type = lib.types.listOf lib.types.str;
example = lib.literalExample [ "172.23.23.23" "172.23.23.42" ];
description = ''
The IP addresses to allow connections from.
'';
};
pubKeysPath = lib.mkOption {
type = lib.types.path;
example = lib.literalExample ../../../../morph/PrivateStorageSecrets/monitoringvpn;
default = ../../../../morph/PrivateStorageSecrets/monitoringvpn;
description = ''
The path to the directory that holds the public keys.
'';
};
};
config = lib.mkIf cfg.server.enable {
networking.firewall.allowedUDPPorts = [ cfg.server.port ];
networking.wireguard.interfaces.monitoringvpn = {
ips = [ "${cfg.server.ip}/24" ];
listenPort = cfg.server.port;
privateKeyFile = toString cfg.server.privateKeyFile;
peers = makePeers;
};