Skip to content
Snippets Groups Projects
Normal view Permalink
grid.nix 4.29 KiB
Newer Older
  • Learn to ignore specific revisions
    • Jehad's avatar
    working update without configurable token count
    Jehad committed
    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 
    # See morph/grid/local/grid.nix for additional commentary.
let
  gridlib = import ../../lib;
  grid-config = builtins.fromJSON (builtins.readFile ./config.json);

  # Module with per-grid configuration
  grid-module = {config, ...}: {
    imports = [
      gridlib.base
      # Allow us to remotely trigger updates to this system.
      ../../../nixos/modules/deployment.nix
      # Give it a good SSH configuration.
      ../../../nixos/modules/ssh.nix
    ];
    services.private-storage.sshUsers = import ./public-keys/users.nix;
    networking.domain = grid-config.domain;
    # Convert relative paths to absolute so library code can resolve names
    # correctly.
    grid = {
      publicKeyPath = toString ./. + "/${grid-config.publicKeyPath}";
      privateKeyPath = toString ./. + "/${grid-config.privateKeyPath}";
      inherit (grid-config) monitoringvpnEndpoint letsEncryptAdminEmail;
    };
    # Configure deployment management authorization for all systems in the grid.
    services.private-storage.deployment = {
      authorizedKey = builtins.readFile "${config.grid.publicKeyPath}/deploy_key.pub";
      gridName = "production";
    };
  };
  payments = {
    imports = [
      gridlib.issuer
      gridlib.hardware-payments-ovh
      grid-module
    ];
    config = {
      grid.monitoringvpnIPv4 = "172.23.23.11";
      grid.issuer = {
    Benoit Donneaux's avatar
    Propagate missing token count which differs on HRO  
    Benoit Donneaux committed
    39 
            inherit (grid-config) issuerDomains allowedChargeOrigins tokensPerVoucher;
    Jehad's avatar
    working update without configurable token count
    Jehad committed
    40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 
          };
    };
  };

  monitoring = {
    imports = [
      gridlib.monitoring
      gridlib.hardware-monitoring-ovh
      grid-module
    ];
    config = {
      grid.monitoringvpnIPv4 = "172.23.23.1";
      grid.monitoring = {
        inherit paymentExporterTargets blackboxExporterHttpsTargets;
        inherit (grid-config) monitoringDomains;
        googleOAuthClientID = grid-config.monitoringGoogleOAuthClientID;
        enableSlackAlert = false;
      };
      system.stateVersion = "19.09";
    };
  };

  defineStorageNode = name: { vpnIP, stateVersion }:
  let
    Benoit Donneaux's avatar
    Fix path weirdness in HRO as previously done for PS  
    Benoit Donneaux committed
    64 65 
        nodecfg = import (./. + "/${name}-config.nix");
    hardware = (./. + "/${name}-hardware.nix");
    Jehad's avatar
    working update without configurable token count
    Jehad committed
    66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 
      in {
    imports = [
      # Get some of the very lowest-level system configuration for this
      # node.  This isn't all *completely* hardware related.  Maybe some
      # more factoring is in order, someday.
      hardware

      # Slightly awkwardly, enable some of our hardware / network / bootloader options.
      ../../../nixos/modules/100tb.nix

      # At least some of our storage nodes utilize MegaRAID storage controllers.
      # Monitor their array status.
      ../../../nixos/modules/monitoring/exporters/megacli2prom.nix

      # Get all of the configuration that is common across all storage nodes.
      gridlib.storage
      # Also configure deployment management authorization
      grid-module
    ];

    config = {
      grid.monitoringvpnIPv4 = vpnIP;
      grid.storage = {
        inherit (grid-config) passValue publicStoragePort;
      };
      system.stateVersion = stateVersion;

      # And supply configuration for those hardware / network / bootloader
      # options.  See the 100tb module for handling of this value.  The module
      # name is quoted because `1` makes `100tb` look an awful lot like a
      # number.
      "100tb".config = nodecfg;

      # Enable statistics gathering for MegaRAID cards.
      # TODO would be nice to enable only on machines that have such a device.
      services.private-storage.monitoring.exporters.megacli2prom.enable = true;

      # Disable Borg Backup for this grid!
      services.private-storage.borgbackup.enable = false;
    };
  };

  # Define all of the storage nodes for this grid.
  storageNodes = builtins.mapAttrs defineStorageNode {
    storage001 = { vpnIP = "172.23.23.21"; stateVersion = "19.09"; };
    storage002 = { vpnIP = "172.23.23.22"; stateVersion = "19.09"; };
    storage003 = { vpnIP = "172.23.23.23"; stateVersion = "19.09"; };
  };

  paymentExporterTargets = [ "payments.monitoringvpn" ];
  blackboxExporterHttpsTargets = [
    "https://deerfield.leastauthority.com/"
    "https://www.deerfield.leastauthority.com/"
    "https://payments.deerfield.leastauthority.com/"
    "https://monitoring.deerfield.leastauthority.com/"
  ];

in {
  network = {
    description = "HRO Grid";
    inherit (gridlib) pkgs;
  };
  inherit payments;
  inherit monitoring;
} // storageNodes