Skip to content
Snippets Groups Projects
Normal view Permalink
grid.nix 4.29 KiB
Newer Older
Jehad's avatar
working update without configurable token count
Jehad committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 
# See morph/grid/local/grid.nix for additional commentary.
let
  gridlib = import ../../lib;
  grid-config = builtins.fromJSON (builtins.readFile ./config.json);

  # Module with per-grid configuration
  grid-module = {config, ...}: {
    imports = [
      gridlib.base
      # Allow us to remotely trigger updates to this system.
      ../../../nixos/modules/deployment.nix
      # Give it a good SSH configuration.
      ../../../nixos/modules/ssh.nix
    ];
    services.private-storage.sshUsers = import ./public-keys/users.nix;
    networking.domain = grid-config.domain;
    # Convert relative paths to absolute so library code can resolve names
    # correctly.
    grid = {
      publicKeyPath = toString ./. + "/${grid-config.publicKeyPath}";
      privateKeyPath = toString ./. + "/${grid-config.privateKeyPath}";
      inherit (grid-config) monitoringvpnEndpoint letsEncryptAdminEmail;
    };
    # Configure deployment management authorization for all systems in the grid.
    services.private-storage.deployment = {
      authorizedKey = builtins.readFile "${config.grid.publicKeyPath}/deploy_key.pub";
      gridName = "production";
    };
  };
  payments = {
    imports = [
      gridlib.issuer
      gridlib.hardware-payments-ovh
      grid-module
    ];
    config = {
      grid.monitoringvpnIPv4 = "172.23.23.11";
      grid.issuer = {
Benoit Donneaux's avatar
Propagate missing token count which differs on HRO  
Benoit Donneaux committed
39 
        inherit (grid-config) issuerDomains allowedChargeOrigins tokensPerVoucher;
Jehad's avatar
working update without configurable token count
Jehad committed
40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 
      };
    };
  };

  monitoring = {
    imports = [
      gridlib.monitoring
      gridlib.hardware-monitoring-ovh
      grid-module
    ];
    config = {
      grid.monitoringvpnIPv4 = "172.23.23.1";
      grid.monitoring = {
        inherit paymentExporterTargets blackboxExporterHttpsTargets;
        inherit (grid-config) monitoringDomains;
        googleOAuthClientID = grid-config.monitoringGoogleOAuthClientID;
        enableSlackAlert = false;
      };
      system.stateVersion = "19.09";
    };
  };

  defineStorageNode = name: { vpnIP, stateVersion }:
  let
Benoit Donneaux's avatar
Fix path weirdness in HRO as previously done for PS  
Benoit Donneaux committed
64 65 
    nodecfg = import (./. + "/${name}-config.nix");
    hardware = (./. + "/${name}-hardware.nix");
Jehad's avatar
working update without configurable token count
Jehad committed
66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 
  in {
    imports = [
      # Get some of the very lowest-level system configuration for this
      # node.  This isn't all *completely* hardware related.  Maybe some
      # more factoring is in order, someday.
      hardware

      # Slightly awkwardly, enable some of our hardware / network / bootloader options.
      ../../../nixos/modules/100tb.nix

      # At least some of our storage nodes utilize MegaRAID storage controllers.
      # Monitor their array status.
      ../../../nixos/modules/monitoring/exporters/megacli2prom.nix

      # Get all of the configuration that is common across all storage nodes.
      gridlib.storage
      # Also configure deployment management authorization
      grid-module
    ];

    config = {
      grid.monitoringvpnIPv4 = vpnIP;
      grid.storage = {
        inherit (grid-config) passValue publicStoragePort;
      };
      system.stateVersion = stateVersion;

      # And supply configuration for those hardware / network / bootloader
      # options.  See the 100tb module for handling of this value.  The module
      # name is quoted because `1` makes `100tb` look an awful lot like a
      # number.
      "100tb".config = nodecfg;

      # Enable statistics gathering for MegaRAID cards.
      # TODO would be nice to enable only on machines that have such a device.
      services.private-storage.monitoring.exporters.megacli2prom.enable = true;

      # Disable Borg Backup for this grid!
      services.private-storage.borgbackup.enable = false;
    };
  };

  # Define all of the storage nodes for this grid.
  storageNodes = builtins.mapAttrs defineStorageNode {
    storage001 = { vpnIP = "172.23.23.21"; stateVersion = "19.09"; };
    storage002 = { vpnIP = "172.23.23.22"; stateVersion = "19.09"; };
    storage003 = { vpnIP = "172.23.23.23"; stateVersion = "19.09"; };
  };

  paymentExporterTargets = [ "payments.monitoringvpn" ];
  blackboxExporterHttpsTargets = [
    "https://deerfield.leastauthority.com/"
    "https://www.deerfield.leastauthority.com/"
    "https://payments.deerfield.leastauthority.com/"
    "https://monitoring.deerfield.leastauthority.com/"
  ];

in {
  network = {
    description = "HRO Grid";
    inherit (gridlib) pkgs;
  };
  inherit payments;
  inherit monitoring;
} // storageNodes