Newer
Older
gridlib = import ../../lib;
grid-config = builtins.fromJSON (builtins.readFile ./config.json);
ssh-users = let
ssh-users-file = ./public-keys/users.nix;
in
if builtins.pathExists ssh-users-file then
import ssh-users-file
else
# Use builtins.toString so that nix does not add the file
# to the nix store before including it in the string.
throw ''
ssh-keys for local grid are not configured.
Refusing to build a possibly inaccessible configuration.
Please create ${builtins.toString ssh-users-file} before building.
See ${builtins.toString ./README.rst} for more information.
'';
# Module with per-grid configuration
grid-module = {config, ...}: {
imports = [
# Allow us to remotely trigger updates to this system.
../../../nixos/modules/deployment.nix
# Give it a good SSH configuration.
../../../nixos/modules/ssh.nix

Tom Prince
committed
# Configure things specific to the virtualisation environment.
gridlib.hardware-vagrant
services.private-storage.sshUsers = ssh-users;
# Include the ssh-users config in a form that can be read by nix,
# so the self-update deployment system can access it.
# nixos/modules/update-deployment imports the nix file into
# the checkout of this repository it creates.
environment.etc."nixos/ssh-users.json" = {
# Output the loaded value, rather than just copying the file, in case the
# file has external references.
mode = "0666";
text = builtins.toJSON ssh-users;
};
environment.etc."nixos/ssh-users.nix" = {
# This is the file that is imported by update-deployment.
# We don't directly read the JSON so that the script doesn't
# depend on the format we use.
mode = "0666";
text = ''
# Include the ssh-users config
builtins.fromJSON (builtins.readFile ./ssh-users.json)
'';
};
# Convert relative paths to absolute so library code can resolve names
# correctly.
grid = {
publicKeyPath = toString ./. + "/${grid-config.publicKeyPath}";
privateKeyPath = toString ./. + "/${grid-config.privateKeyPath}";

Tom Prince
committed
inherit (grid-config) monitoringvpnEndpoint letsEncryptAdminEmail;
# Configure deployment management authorization for all systems in the grid.
services.private-storage.deployment = {
authorizedKey = builtins.readFile "${config.grid.publicKeyPath}/deploy_key.pub";
gridName = "local";
};
};
gridlib.issuer

Tom Prince
committed
grid.monitoringvpnIPv4 = "172.23.23.11";
grid.publicIPv4 = "192.168.56.21";
grid.issuer = {

Tom Prince
committed
inherit (grid-config) issuerDomains allowedChargeOrigins;
};
gridlib.storage

Tom Prince
committed
grid.monitoringvpnIPv4 = "172.23.23.12";
grid.publicIPv4 = "192.168.56.22";
grid.storage = {
inherit (grid-config) passValue publicStoragePort;
};
system.stateVersion = "19.09";
gridlib.storage

Tom Prince
committed
grid.monitoringvpnIPv4 = "172.23.23.13";
grid.publicIPv4 = "192.168.56.23";
grid.storage = {
inherit (grid-config) passValue publicStoragePort;
};
system.stateVersion = "19.09";
gridlib.monitoring

Tom Prince
committed
grid.monitoringvpnIPv4 = "172.23.23.1";
grid.publicIPv4 = "192.168.56.24";

Tom Prince
committed
grid.monitoring = {
inherit paymentExporterTargets blackboxExporterHttpsTargets;
inherit (grid-config) monitoringDomains;
googleOAuthClientID = grid-config.monitoringGoogleOAuthClientID;
enableZulipAlert = false;

Tom Prince
committed
};
system.stateVersion = "19.09";
};
# TBD: derive these automatically:
paymentExporterTargets = [ "payments.monitoringvpn" ];
blackboxExporterHttpsTargets = [
# "https://private.storage/"
# "https://payments.private.storage/"
];
in {
network = {
description = "PrivateStorage.io LocalDev Grid";
inherit payments monitoring storage1 storage2;