Skip to content
Snippets Groups Projects
Commit 6a344d9b authored by Florian Sesser's avatar Florian Sesser
Browse files

VPN WIP

parent 3419e92c
No related branches found
No related tags found
No related merge requests found
......@@ -28,5 +28,12 @@ import ../../lib/make-grid.nix {
hardware = import ./virtual-hardware.nix ({ inherit publicIPv4; });
stateVersion = "19.09";
} // cfg);
"monitoring1" = import ../../lib/make-monitoring.nix (rec {
publicIPv4 = "192.168.67.24";
inherit sshUsers;
hardware = import ./virtual-hardware.nix ({ inherit publicIPv4; });
stateVersion = "19.09";
} // cfg);
};
}
......@@ -29,6 +29,14 @@
permissions = "0400";
action = ["sudo" "systemctl" "restart" "zkapissuer.service"];
};
"monitoringvpn-secret-key" = {
source = "../PrivateStorageSecrets/monitoringvpn/storage1.key";
destination = "/var/secrets/monitoringvpn/client.key";
owner.user = "root";
owner.group = "root";
permissions = "0400";
action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
};
};
};
......@@ -55,9 +63,9 @@
services.private-storage.monitoring.vpn.client = {
enable = true;
privateKeyFile = "/var/secrets/vpn/host.key";
ips = ["172.23.23.21/24"];
privateKeyFile = "/var/secrets/monitoringvpn/client.key";
ips = ["172.23.23.11/24"];
allowedIPs = ["172.23.23.1/32"];
endpointPublicKeyFile = "/var/secrets/vpn/server.pub";
endpointPublicKeyFile = "/home/flo/Repositories/PrivateStorageio/morph/PrivateStorageSecrets/monitoringvpn/server.pub";
};
}
......@@ -9,6 +9,7 @@ in {
privateKeyFile = lib.mkOption {
type = lib.types.str;
example = lib.literalExample "/var/secrets/monitoring-vpn/host.key";
default = "/var/secrets/monitoring-vpn/client.key";
description = ''
File with base64 private key generated by <command>wg genkey</command>.
'';
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment