Skip to content
Snippets Groups Projects
Commit 634a96fb authored by Florian Sesser's avatar Florian Sesser
Browse files

Merge branch 'develop' into 341.monitoring-vpn

parents 4441cb90 266b129f
Branches
No related tags found
No related merge requests found
......@@ -74,32 +74,36 @@ Move the three .pem files into the payment's server ``/var/lib/letsencrypt/live/
Use the local development environment
`````````````````````````````````````
Build and start the VMs::
1. Build and start the VMs::
VAGRANT_DEFAULT_PROVIDER=virtualbox vagrant up
VAGRANT_DEFAULT_PROVIDER=virtualbox vagrant up
Then, once::
2. Then, once::
vagrant ssh-config > ./vagrant-ssh-config
vagrant ssh-config > ./vagrant-ssh-config
Add the IPs from ``grid.nix`` to the vagrant-ssh-config Host match blocks so the config reads like::
3. Edit the output: Add the IPs from ``grid.nix`` to the ``vagrant-ssh-config`` **Host match blocks** so the config reads like::
Host payments1 192.168.67.21
HostName 192.168.67.21
User vagrant
[...]
Host payments1 192.168.67.21
HostName 192.168.67.21
User vagrant
Port 22
[...]
Then, make morph use this ssh config either - with newer morph [#]_ - by pointing it to it::
4. Then, make morph use this ssh config either - with newer morph [#]_ - by pointing it to it::
export SSH_CONFIG_FILE=./vagrant-ssh-config
export SSH_CONFIG_FILE=./vagrant-ssh-config
Or, with older morph, adding the config to your user's ``~/.ssh/config`` file.
Or, with older morph, adding the config to your user's ``~/.ssh/config`` file.
Then, build and deploy our software to the Vagrant VMs::
.. [#] Morph honors the ``SSH_CONFIG_FILE`` environment variable `since 3f90aa88 (March 2020, v 1.5.0) <https://github.com/DBCDK/morph/commit/3f90aa885fac1c29fce9242452fa7c0c505744ef#diff-d155ad793bd62e6ea4c44ba985049ecb13a4f4f32f799791b2bce695a16c0101>`_.
morph build grid.nix
morph push grid.nix
morph upload-secrets grid.nix
morph deploy grid.nix switch
5. Then, build and deploy our software to the Vagrant VMs::
morph build grid.nix
morph push grid.nix
morph upload-secrets grid.nix
morph deploy grid.nix switch
You will now be able to log in with the users and keys you set in your ``localdev-users.nix`` file.
.. [#] Morph honors the ``SSH_CONFIG_FILE`` environment variable `since 3f90aa88 (March 2020, v 1.5.0) <https://github.com/DBCDK/morph/commit/3f90aa885fac1c29fce9242452fa7c0c505744ef#diff-d155ad793bd62e6ea4c44ba985049ecb13a4f4f32f799791b2bce695a16c0101>`_.
......@@ -9,14 +9,14 @@
, publicIPv4
, monitoringvpnIPv4
, ...
}: {
}: rec {
deployment = {
targetHost = publicIPv4;
secrets = {
"ristretto-signing-key" = {
source = ristrettoSigningKeyPath;
destination = "/var/secrets/ristretto.signing-key";
destination = "/run/keys/ristretto.signing-key";
owner.user = "root";
owner.group = "root";
permissions = "0400";
......@@ -24,7 +24,7 @@
};
"stripe-secret-key" = {
source = stripeSecretKeyPath;
destination = "/var/secrets/stripe.secret-key";
destination = "/run/keys/stripe.secret-key";
owner.user = "root";
owner.group = "root";
permissions = "0400";
......@@ -59,8 +59,8 @@
services.private-storage-issuer = {
enable = true;
tls = true;
ristrettoSigningKeyPath = "/var/secrets/ristretto.signing-key";
stripeSecretKeyPath = "/var/secrets/stripe.secret-key";
ristrettoSigningKeyPath = deployment.secrets.ristretto-signing-key.destination;
stripeSecretKeyPath = deployment.secrets.stripe-secret-key.destination;
database = "SQLite3";
databasePath = "/var/db/vouchers.sqlite3";
inherit letsEncryptAdminEmail;
......
......@@ -19,7 +19,7 @@
secrets = {
"ristretto-signing-key" = {
source = ristrettoSigningKeyPath;
destination = "/var/secrets/ristretto.signing-key";
destination = "/run/keys/ristretto.signing-key";
owner.user = "root";
owner.group = "root";
permissions = "0400";
......
......@@ -6,7 +6,7 @@
secrets = {
"ristretto-signing-key" = {
source = ristrettoSigningKeyPath;
destination = "/var/secrets/ristretto.signing-key";
destination = "/run/keys/ristretto.signing-key";
owner.user = "root";
owner.group = "root";
permissions = "0400";
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment