modules/monitoring: specify custom privateKeyFile path for wg-monitoring

2023-05-06 16:11:49 +02:00 · 2023-05-06 16:11:49 +02:00 · 2feb1b2b4c
commit 2feb1b2b4c
parent f8328936b9
3 changed files with 8 additions and 1 deletions
--- a/hosts/aluminium/configuration.nix
+++ b/hosts/aluminium/configuration.nix
@ -59,6 +59,7 @@
    id = "212";
    pubkey = "P1ONelxezvkcLJFyvuCVeIUd3uewPIlONfKk9y6h9QE=";
    serviceLevel = "event";
+    privateKeyFile = "/var/src/secrets/wireguard/wg-monitoring";
  };

  system.stateVersion = "22.11";
--- a/hosts/beryllium/configuration.nix
+++ b/hosts/beryllium/configuration.nix
@ -61,6 +61,7 @@
    id = "213";
    pubkey = "hMIr7fgfZwSjNufRaMtq+7MDxfwN3XLJ4ZlmSOoFrz4=";
    serviceLevel ="event";
+    privateKeyFile = "/var/src/secrets/wireguard/wg-monitoring";
  };

  system.stateVersion = "22.11";
--- a/modules/monitoring/default.nix
+++ b/modules/monitoring/default.nix
@ -21,6 +21,11 @@ in
        type = types.str;
        description = "Public Key of the monitoring wireguard interface of this host";
      };
+      privateKeyFile = mkOption {
+        type = with types; nullOr str;
+        default = null;
+        description = "Path to private key file, pulls secret from secret store when null";
+      };
      serviceLevel = mkOption {
        type = types.str;
        default = "infra";
@ -49,7 +54,7 @@ in
            publicKey = "eyhJKV41E1F0gZHBNqyzUnj72xg5f3bdDduVtpPN4AY=";
          }
        ];
-        privateKeyFile = config.age.secrets.wg-monitoring.path;
+        privateKeyFile = if cfg.privateKeyFile == null then config.age.secrets.wg-monitoring.path else cfg.privateKeyFile;
      };
    };