From 2feb1b2b4c0838b76aa961e30613dabfa899e3fa Mon Sep 17 00:00:00 2001 From: clerie Date: Sat, 6 May 2023 16:11:49 +0200 Subject: [PATCH] modules/monitoring: specify custom privateKeyFile path for wg-monitoring --- hosts/aluminium/configuration.nix | 1 + hosts/beryllium/configuration.nix | 1 + modules/monitoring/default.nix | 7 ++++++- 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/hosts/aluminium/configuration.nix b/hosts/aluminium/configuration.nix index f15c1c3..55cd5b0 100644 --- a/hosts/aluminium/configuration.nix +++ b/hosts/aluminium/configuration.nix @@ -59,6 +59,7 @@ id = "212"; pubkey = "P1ONelxezvkcLJFyvuCVeIUd3uewPIlONfKk9y6h9QE="; serviceLevel = "event"; + privateKeyFile = "/var/src/secrets/wireguard/wg-monitoring"; }; system.stateVersion = "22.11"; diff --git a/hosts/beryllium/configuration.nix b/hosts/beryllium/configuration.nix index feb907c..09490c6 100644 --- a/hosts/beryllium/configuration.nix +++ b/hosts/beryllium/configuration.nix @@ -61,6 +61,7 @@ id = "213"; pubkey = "hMIr7fgfZwSjNufRaMtq+7MDxfwN3XLJ4ZlmSOoFrz4="; serviceLevel ="event"; + privateKeyFile = "/var/src/secrets/wireguard/wg-monitoring"; }; system.stateVersion = "22.11"; diff --git a/modules/monitoring/default.nix b/modules/monitoring/default.nix index c15f898..3083b00 100644 --- a/modules/monitoring/default.nix +++ b/modules/monitoring/default.nix @@ -21,6 +21,11 @@ in type = types.str; description = "Public Key of the monitoring wireguard interface of this host"; }; + privateKeyFile = mkOption { + type = with types; nullOr str; + default = null; + description = "Path to private key file, pulls secret from secret store when null"; + }; serviceLevel = mkOption { type = types.str; default = "infra"; @@ -49,7 +54,7 @@ in publicKey = "eyhJKV41E1F0gZHBNqyzUnj72xg5f3bdDduVtpPN4AY="; } ]; - privateKeyFile = config.age.secrets.wg-monitoring.path; + privateKeyFile = if cfg.privateKeyFile == null then config.age.secrets.wg-monitoring.path else cfg.privateKeyFile; }; };