grid.nix

# See morph/grid/local/grid.nix for additional commentary.
let
  pkgs = import <nixpkgs> { };

  gridlib = import ../../lib;
  grid-config = pkgs.lib.trivial.importJSON ./config.json;

  # Module with per-grid configuration
  grid-module = {config, ...}: {
    imports = [
      gridlib.base
      # Allow us to remotely trigger updates to this system.
      ../../../nixos/modules/deployment.nix
      # Give it a good SSH configuration.
      ../../../nixos/modules/ssh.nix
    ];
    services.private-storage.sshUsers = import ./public-keys/users.nix;
    networking.domain = grid-config.domain;
    # Convert relative paths to absolute so library code can resolve names
    # correctly.
    grid = {
      publicKeyPath = toString ./. + "/${grid-config.publicKeyPath}";
      privateKeyPath = toString ./. + "/${grid-config.privateKeyPath}";
      inherit (grid-config) monitoringvpnEndpoint;
    };
    # Configure deployment management authorization for all systems in the grid.
    services.private-storage.deployment = {
      authorizedKey = builtins.readFile "${config.grid.publicKeyPath}/deploy_key.pub";
      gridName = "production";
    };
  };

  payments = {
    imports = [
      gridlib.issuer
      gridlib.hardware-aws
      grid-module
    ];
    config = {
      grid.monitoringvpnIPv4 = "172.23.23.11";
      grid.issuer = {
        inherit (grid-config) letsEncryptAdminEmail issuerDomains allowedChargeOrigins;
      };
    };
  };

  monitoring = {
    imports = [
      gridlib.monitoring
      gridlib.hardware-aws
      (gridlib.customize-monitoring {
        inherit hostsMap vpnClientIPs
                nodeExporterTargets
                paymentExporterTargets
                blackboxExporterHttpsTargets;
        inherit (grid-config) letsEncryptAdminEmail monitoringDomains;
        googleOAuthClientID = grid-config.monitoringGoogleOAuthClientID;
        enableSlackAlert = true;
        stateVersion = "19.09";
      })
      grid-module
    ];
    config = {
      grid.monitoringvpnIPv4 = "172.23.23.1";
    };
  };

  defineStorageNode = name: { vpnIP, stateVersion }:
  let
    nodecfg = import "${./.}/${name}-config.nix";
    hardware ="${./.}/${name}-hardware.nix";
  in {
    imports = [
      # Get some of the very lowest-level system configuration for this
      # node.  This isn't all *completely* hardware related.  Maybe some
      # more factoring is in order, someday.
      hardware

      # Slightly awkwardly, enable some of our hardware / network / bootloader options.
      ../../../nixos/modules/100tb.nix

      # At least some of our storage nodes utilize MegaRAID storage controllers.
      # Monitor their array status.
      ../../../nixos/modules/monitoring/exporters/megacli2prom.nix

      # Get all of the configuration that is common across all storage nodes.
      gridlib.storage
      # Also configure deployment management authorization
      grid-module
    ];

    config = {
      grid.monitoringvpnIPv4 = vpnIP;
      grid.storage = {
        inherit (grid-config) passValue publicStoragePort;
      };
      system.stateVersion = stateVersion;

      # And supply configuration for those hardware / network / bootloader
      # options.  See the 100tb module for handling of this value.  The module
      # name is quoted because `1` makes `100tb` look an awful lot like a
      # number.
      "100tb".config = nodecfg;

      # Enable statistics gathering for MegaRAID cards.
      # TODO would be nice to enable only on machines that have such a device.
      services.private-storage.monitoring.megacli2prom.enable = true;
    };
  };

  # Define all of the storage nodes for this grid.
  storageNodes = builtins.mapAttrs defineStorageNode {
    storage001 = { vpnIP = "172.23.23.21"; stateVersion = "19.09"; };
    storage002 = { vpnIP = "172.23.23.22"; stateVersion = "19.09"; };
    storage003 = { vpnIP = "172.23.23.23"; stateVersion = "19.09"; };
    storage004 = { vpnIP = "172.23.23.24"; stateVersion = "19.09"; };
    storage005 = { vpnIP = "172.23.23.25"; stateVersion = "19.03"; };
  };

  # TBD: derive these automatically:
  hostsMap = {
    "172.23.23.1"  = [ "monitoring" "monitoring.monitoringvpn" ];
    "172.23.23.11" = [   "payments"   "payments.monitoringvpn" ];
    "172.23.23.21" = [ "storage001" "storage001.monitoringvpn" ];
    "172.23.23.22" = [ "storage002" "storage002.monitoringvpn" ];
    "172.23.23.23" = [ "storage003" "storage003.monitoringvpn" ];
    "172.23.23.24" = [ "storage004" "storage004.monitoringvpn" ];
    "172.23.23.25" = [ "storage005" "storage005.monitoringvpn" ];
  };
  vpnClientIPs = [
    "172.23.23.11"
    "172.23.23.21"
    "172.23.23.22"
    "172.23.23.23"
    "172.23.23.24"
    "172.23.23.25"
  ];
  nodeExporterTargets = [
    "monitoring"
    "payments"
    "storage001"
    "storage002"
    "storage003"
    "storage004"
    "storage005"
  ];
  paymentExporterTargets = [ "payments" ];
  blackboxExporterHttpsTargets = [
    "https://private.storage/"
    "https://www.private.storage/"
    "https://privatestorage.io/"
    "https://www.privatestorage.io/"
    "https://payments.private.storage/"
    "https://payments.privatestorage.io/"
    "https://monitoring.private.storage/"
    "https://monitoring.privatestorage.io/"
  ];

in {
  network = {
    description = "PrivateStorage.io Production Grid";
    inherit (gridlib) pkgs;
  };
  inherit payments;
  inherit monitoring;
} // storageNodes