Skip to content
Snippets Groups Projects
Normal view Permalink
storage.nix 2.38 KiB
Newer Older
Tom Prince's avatar
Remove remaining configuration from `customize-storage.nix` to `storage.nix`  
Tom Prince committed
1 2 3 
# This contains all of the NixOS system configuration necessary to specify an
# "storage"-type system.
{ lib, config, ...} :
Tom Prince's avatar
Make `publicKeyPath`/`privateKeyPath` into settings.  
Tom Prince committed
4 
let
Tom Prince's avatar
Rebase: Factor out the configuration necessary for a monitored node into its own module.  
Tom Prince committed
5 
  inherit (config.grid) privateKeyPath;
Tom Prince's avatar
Make `publicKeyPath`/`privateKeyPath` into settings.  
Tom Prince committed
6 
in {
Jean-Paul Calderone's avatar
Adapt storage nodes to value-based approach
Jean-Paul Calderone committed
7 8 
  # Any extra NixOS modules to load on this server.
  imports = [
Florian Sesser's avatar
Rename monitored-node.nix to monitoringvpn-client.nix  
Florian Sesser committed
9 
    ./monitoringvpn-client.nix
Florian Sesser's avatar
Borgbackup: Make folders configurable  
Florian Sesser committed
10 
    ./borgbackup.nix
Jean-Paul Calderone's avatar
Adapt storage nodes to value-based approach
Jean-Paul Calderone committed
11 12 
  ];
Tom Prince's avatar
Remove remaining configuration from `customize-storage.nix` to `storage.nix`  
Tom Prince committed
13 14 15 16 17 18 19 
  options.grid.storage = {
    passValue = lib.mkOption {
      type = lib.types.int;
      description = ''
        An integer giving the value of a single pass in byte×months.
      '';
    };
Florian Sesser's avatar
Monitoring: Add regular scraping for Tahoe OpenMetrics statistics  
Florian Sesser committed
20
Tom Prince's avatar
Remove remaining configuration from `customize-storage.nix` to `storage.nix`  
Tom Prince committed
21 22 23 24 25 26 27 
    publicStoragePort = lib.mkOption {
      type = lib.types.port;
      description = ''
        An integer giving the port number to include in Tahoe storage service
        advertisements and on which to listen for storage connections.
      '';
    };
Jean-Paul Calderone's avatar
Adapt storage nodes to value-based approach
Jean-Paul Calderone committed
28 
  };
Tom Prince's avatar
Move monitoring VPN configuration from `customize-*.nix` to the base gridlib file.  
Tom Prince committed
29
Tom Prince's avatar
Remove remaining configuration from `customize-storage.nix` to `storage.nix`  
Tom Prince committed
30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 
  config = {
    deployment = {
      secrets = {
        "ristretto-signing-key" = {
          destination = "/run/keys/ristretto.signing-key";
          source = "${privateKeyPath}/ristretto.signing-key";
          owner.user = "root";
          owner.group = "root";
          permissions = "0400";
          # Service name here matches the name defined by our tahoe-lafs nixos
          # module.  It would be nice to not have to hard-code it here.  Can we
          # extract it from the tahoe-lafs nixos module somehow?
          action = ["sudo" "systemctl" "restart" "tahoe.storage.service"];
        };
      };
    };
Florian Sesser's avatar
Cleanups, ordering, cleaner diff  
Florian Sesser committed
47 
    services.private-storage.monitoring.exporters.node.enable = true;
Florian Sesser's avatar
Consistently "exporters" namespace in private-storage monitoring config namespace  
Florian Sesser committed
48 
    services.private-storage.monitoring.exporters.tahoe.enable = true;
Florian Sesser's avatar
Promtail on storage nodes: Scrape tahoe corruption advisories folder  
Florian Sesser committed
49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 
    services.private-storage.monitoring.exporters.promtail.enable = true;
    services.private-storage.monitoring.exporters.promtail.extraScrapeConfigs = [
      {
        job_name = "tahoe-corruption-advisories";
        static_configs = [
          {
            targets = [ "localhost" ];
            labels = {
              job = "tahoe-corruption-advisories";
              __path__ = "/storage/corruption-advisories/*";
            };
          }
        ];
      }
    ];
Tom Prince's avatar
Remove remaining configuration from `customize-storage.nix` to `storage.nix`  
Tom Prince committed
64
Florian Sesser's avatar
Borgbackup: Make folders configurable  
Florian Sesser committed
65 66 
    services.private-storage.borgbackup.enable = true;
Tom Prince's avatar
Remove remaining configuration from `customize-storage.nix` to `storage.nix`  
Tom Prince committed
67 68 69 70 71 72 73 74 
    # Turn on the Private Storage (Tahoe-LAFS) service.
    services.private-storage = {
      # Yep.  Turn it on.
      enable = true;
      # Give it the Ristretto signing key to support authorization.
      ristrettoSigningKeyPath = config.deployment.secrets.ristretto-signing-key.destination;
      inherit (config.grid.storage) passValue publicStoragePort;
    };
Tom Prince's avatar
Move monitoring VPN configuration from `customize-*.nix` to the base gridlib file.  
Tom Prince committed
75 
  };
Jean-Paul Calderone's avatar
Adapt storage nodes to value-based approach
Jean-Paul Calderone committed
76 
}