Skip to content
Snippets Groups Projects
Normal view Permalink
grid.nix 3.18 KiB
Newer Older
  • Learn to ignore specific revisions
    • Jean-Paul Calderone's avatar
    Turn morph/lib into a namespace in its own right  
    Jean-Paul Calderone committed
    1 2 3 
    # See morph/grid/local/grid.nix for additional commentary.
let lib = import ../../lib;
in lib.make-grid {
    Jean-Paul Calderone's avatar
    Split off the testing node into its own testing grid.  
    Jean-Paul Calderone committed
    4 
      name = "Production";
    Jean-Paul Calderone's avatar
    Move all of the grid files into new per-grid subdirectories  
    Jean-Paul Calderone committed
    5 
      config = ./config.json;
    Jean-Paul Calderone's avatar
    Have the storage functions (prod and testing) configure ssh users  
    Jean-Paul Calderone committed
    6 7 
      nodes = cfg:
    let
    Florian Sesser's avatar
    So focused on a funny commit message I forgot to add half of the changes  
    Florian Sesser committed
    8 
          sshUsers = import ./secrets/users.nix;
    Florian Sesser's avatar
    Merge branch '346.add-monitoring-to-staging' into 347.add-monitoring-to-production  
    Florian Sesser committed
    9
    Florian Sesser's avatar
    White space only  
    Florian Sesser committed
    10 11 
          # Get absolute vpn key directory path, as a string:
      monitoringvpnKeyDir = toString ./. + "/${cfg.monitoringvpnKeyDir}";
    Florian Sesser's avatar
    Add monitoring to production deployment (WIP)  
    Florian Sesser committed
    12 13 14 15 
    
      # TBD: derive these automatically:
      hostsMap = {
        "172.23.23.1"  = [ "monitoring" "monitoring.monitoringvpn" ];
    Florian Sesser's avatar
    Merge branch '346.add-monitoring-to-staging' into 347.add-monitoring-to-production  
    Florian Sesser committed
    16 
            "172.23.23.11" = [   "payments"   "payments.monitoringvpn" ];
    Florian Sesser's avatar
    Add monitoring to production deployment (WIP)  
    Florian Sesser committed
    17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 
            "172.23.23.21" = [ "storage001" "storage001.monitoringvpn" ];
        "172.23.23.22" = [ "storage002" "storage002.monitoringvpn" ];
        "172.23.23.23" = [ "storage003" "storage003.monitoringvpn" ];
        "172.23.23.24" = [ "storage004" "storage004.monitoringvpn" ];
        "172.23.23.25" = [ "storage005" "storage005.monitoringvpn" ];
      };
      vpnClientIPs = [
        "172.23.23.11"
        "172.23.23.21"
        "172.23.23.22"
        "172.23.23.23"
        "172.23.23.24"
        "172.23.23.25"
      ];
      nodeExporterTargets = [
        "monitoring"
        "payments"
        "storage001"
        "storage002"
        "storage003"
        "storage004"
        "storage005"
      ];
    Jean-Paul Calderone's avatar
    Production storage node definition is a bit more complex: DRY  
    Jean-Paul Calderone committed
    41 
        "payments.privatestorage.io" = {
    Jean-Paul Calderone's avatar
    Follow suit in testing and production grids  
    Jean-Paul Calderone committed
    42 43 44 45 46 47 
          imports = [
        lib.issuer
        lib.hardware-aws
        (lib.customize-issuer cfg sshUsers monitoringvpnKeyDir "172.23.23.11" "19.03")
      ];
    };
    Jean-Paul Calderone's avatar
    Add morph for the PaymentServer deployment  
    Jean-Paul Calderone committed
    48
    Jean-Paul Calderone's avatar
    Adapt monitoring nodes to value-based approach  
    Jean-Paul Calderone committed
    49 50 51 52 53 54 55 
        monitoring = let publicIPv4 = "monitoring.private.storage"; in {
      imports = [
        lib.monitoring
        lib.hardware-aws
        (lib.customize-monitoring hostsMap monitoringvpnKeyDir publicIPv4 "172.23.23.1" vpnClientIPs nodeExporterTargets [] "19.09")
      ];
    };
    Jean-Paul Calderone's avatar
    Adapt storage nodes to value-based approach  
    Jean-Paul Calderone committed
    56
    Jean-Paul Calderone's avatar
    Production storage node definition is a bit more complex: DRY  
    Jean-Paul Calderone committed
    57 
        defineStorageNode = name: { vpnIP, stateVersion }: let nodecfg = import "${./.}/${name}-config.nix"; in {
    Jean-Paul Calderone's avatar
    Adapt storage nodes to value-based approach  
    Jean-Paul Calderone committed
    58 
          imports = [
    Jean-Paul Calderone's avatar
    Production storage node definition is a bit more complex: DRY  
    Jean-Paul Calderone committed
    59 60 61 62 
            # Get some of the very lowest-level system configuration for this
        # node.  This isn't all *completely* hardware related.  Maybe some
        # more factoring is in order, someday.
        "${./.}/${name}-hardware.nix"
    Jean-Paul Calderone's avatar
    Adapt storage nodes to value-based approach  
    Jean-Paul Calderone committed
    63 64 65 66 
    
        # Slightly awkwardly, enable some of our hardware / network / bootloader options.
        ../../../nixos/modules/100tb.nix
    Jean-Paul Calderone's avatar
    Production storage node definition is a bit more complex: DRY  
    Jean-Paul Calderone committed
    67 
            # Get all of the configuration that is common across all storage nodes.
    Jean-Paul Calderone's avatar
    Adapt storage nodes to value-based approach  
    Jean-Paul Calderone committed
    68 
            lib.storage
    Jean-Paul Calderone's avatar
    Production storage node definition is a bit more complex: DRY  
    Jean-Paul Calderone committed
    69 70 71 
    
        # Then customize the storage system a little bit based on this node's particulars.
        (lib.customize-storage cfg sshUsers nodecfg.publicIPv4 monitoringvpnKeyDir vpnIP stateVersion)
    Jean-Paul Calderone's avatar
    Adapt storage nodes to value-based approach  
    Jean-Paul Calderone committed
    72 
          ];
    Jean-Paul Calderone's avatar
    Production storage node definition is a bit more complex: DRY  
    Jean-Paul Calderone committed
    73
    Jean-Paul Calderone's avatar
    Adapt storage nodes to value-based approach  
    Jean-Paul Calderone committed
    74 75 76 77 
          # And supply configuration for those hardware / network / bootloader options.
      "100tb".config = nodecfg;
    };
    Jean-Paul Calderone's avatar
    Production storage node definition is a bit more complex: DRY  
    Jean-Paul Calderone committed
    78 79 80 81 82 83 84 
        # Define all of the storage nodes for this grid.
    storageNodes = builtins.mapAttrs defineStorageNode {
      storage001 = { vpnIP = "172.23.23.21"; stateVersion = "19.09"; };
      storage002 = { vpnIP = "172.23.23.22"; stateVersion = "19.09"; };
      storage003 = { vpnIP = "172.23.23.23"; stateVersion = "19.09"; };
      storage004 = { vpnIP = "172.23.23.24"; stateVersion = "19.09"; };
      storage005 = { vpnIP = "172.23.23.25"; stateVersion = "19.03"; };
    Jean-Paul Calderone's avatar
    Adapt storage nodes to value-based approach  
    Jean-Paul Calderone committed
    85 
        };
    Florian Sesser's avatar
    Add monitoring to production deployment (WIP)  
    Florian Sesser committed
    86
    Jean-Paul Calderone's avatar
    Production storage node definition is a bit more complex: DRY  
    Jean-Paul Calderone committed
    87 88 89 
        in {
      inherit "payments.privatestorage.io" "monitoring";
    } // storageNodes;
    Jean-Paul Calderone's avatar
    Single node staging grid configuration on AWS EC2
    Jean-Paul Calderone committed
    90 
    }