base.nix

# This module contains settings and configuration that apply to all nodes in a grid.
{ lib, config, ...}:
{
  options.grid = {
    publicKeyPath = lib.mkOption {
      type = lib.types.path;
      description = ''
      A path on the deployment system of a directory containing all of the
      public keys for the system.  For example, this holds Wireguard public keys
      for the VPN configuration and SSH public keys to configure SSH
      authentication.
      '';
    };
    privateKeyPath = lib.mkOption {
      type = lib.types.path;
      description = ''
      A path on the deployment system of a directory containing all of the
      corresponding private keys for the system.
      '';
    };
    monitoringvpnIPv4 = lib.mkOption {
      type = lib.types.str;
      description = ''
        The IPv4 address of this node on the monitoring VPN.
      '';
    };
    monitoringvpnEndpoint = lib.mkOption {
      type = lib.types.str;
      description = ''
        The domain name and port of the monitoring VPN endpoint.
      '';
    };

    letsEncryptAdminEmail = lib.mkOption {
      type = lib.types.str;
      description = ''
        A string giving an email address to use for Let's Encrypt registration and
        certificate issuance.
      '';
    };
  };

  # Any extra NixOS modules to load on all our servers.  Note that just
  # because they're loaded doesn't *necessarily* mean they're turned on.
  imports = [
    # This brings in various other modules that define options for different
    # areas of the service.
    ../../nixos/modules/default.nix
  ];

  config = {
    # The morph default deployment target the name of the node in the network
    # attrset.  We don't always want to give the node its proper public address
    # there (because it depends on which domain is associated with the grid
    # being configured and using variable names complicates a lot of things).
    # Instead, just tell morph how to reach the node here - by using its fully
    # qualified domain name.
    deployment.targetHost = config.networking.fqdn;

    networking.hosts = {
      # To stream logs to the monitoring host, all nodes need to know its address
      "172.23.23.1" = [ "monitoring" "monitoring.monitoringvpn" ];
    };

    services.private-storage.monitoring.exporters.promtail.enable = true;

    assertions = [
      # This is a check to save somebody in the future trying to debug why
      # setting `nixpkgs.config` is not having an effect.
      {
        # `{}` is the default value for `nixpkgs.config`
        assertion = config.nixpkgs.config == {};
        message = ''
          Since we set `nixpkgs.pkgs` via morph's `network.pkgs`, the value for `nixpkgs.config` is ignored.
          See https://whetstone.private.storage/privatestorage/PrivateStorageio/-/issues/85#note_15876 for details.
          '';
      }
    ];
  };
}