WIP

morph/lib/make-issuer.nix

@@ -63,9 +63,8 @@
 
   services.private-storage.monitoring.vpn.client = {
     enable = true;
-    privateKeyFile = "/var/secrets/monitoringvpn/client.key";
+    privateKeyFile = /var/secrets/monitoringvpn/client.key;
     ips = ["172.23.23.11/24"];
-    allowedIPs = ["172.23.23.1/32"];
-    endpointPublicKeyFile = "/home/flo/Repositories/PrivateStorageio/morph/PrivateStorageSecrets/monitoringvpn/server.pub";
+    endpointPublicKeyFile = /home/flo/Repositories/PrivateStorageio/morph/PrivateStorageSecrets/monitoringvpn/server.pub;
   };
 }

nixos/modules/monitoring/vpn/client.nix

@@ -24,6 +24,7 @@ in {
     allowedIPs = lib.mkOption {
       type = lib.types.listOf lib.types.str;
       example = lib.literalExample [ "172.23.23.1/32" ];
+      default = [ "172.23.23.1/32" ];
       description = ''
         Limits which IPs this client receives data from.
       '';

nixos/modules/monitoring/vpn/server.nix

@@ -24,7 +24,7 @@ in {
     };
     ips = lib.mkOption {
       type = lib.types.listOf lib.types.str;
-      example = lib.literalExample [ "172.23.23.10/24" ];
+      example = lib.literalExample [ "172.23.23.1/24" ];
       description = ''
         The IP addresses of the interface.
         See https://github.com/NixOS/nixpkgs/blob/nixos-20.09/nixos/modules/services/networking/wireguard.nix .
@@ -49,11 +49,11 @@ in {
       privateKeyFile = toString cfg.server.privateKeyFile;
       peers = [
         { # node1
-          allowedIPs = [ "192.168.42.21/32" ];
+          allowedIPs = [ "172.23.23.11/32" ];
           publicKey = "tZ295cvD98ixt/VH4dwPKNgHf9MuhuzsossOWBOOoGU=";
         }
         { # node2
-          allowedIPs = [ "192.168.42.22/32" ];
+          allowedIPs = [ "172.23.23.12/32" ];
           publicKey = "zDxWTejJDXRRmUiMZPC7eVSCDdyFikN9VI6cqapQ6RY=";
         }
       ];