Skip to content
Snippets Groups Projects
grid.nix 4.3 KiB
Newer Older
  • Learn to ignore specific revisions
  • let
      pkgs = import <nixpkgs> { };
    
    
      grid-config = pkgs.lib.trivial.importJSON ./config.json;
    
      ssh-users = let
        ssh-users-file = ./public-keys/users.nix;
      in
        if builtins.pathExists ssh-users-file then
          import ssh-users-file
        else
          # Use builtins.toString so that nix does not add the file
          # to the nix store before including it in the string.
          throw ''
            ssh-keys for local grid are not configured.
            Refusing to build a possibly inaccessible configuration.
            Please create ${builtins.toString ssh-users-file} before building.
            See ${builtins.toString ./README.rst} for more information.
          '';
    
    
      # Module with per-grid configuration
    
      grid-module = {config, ...}: {
    
          # Allow us to remotely trigger updates to this system.
          ../../../nixos/modules/deployment.nix
          # Give it a good SSH configuration.
          ../../../nixos/modules/ssh.nix
    
          # Configure things specific to the virtualisation environment.
          gridlib.hardware-vagrant
    
        services.private-storage.sshUsers = ssh-users;
    
        # Include the ssh-users config in a form that can be read by nix,
        # so the self-update deployment system can access it.
        # nixos/modules/update-deployment imports the nix file into
        # the checkout of this repository it creates.
        environment.etc."nixos/ssh-users.json" = {
          # Output the loaded value, rather than just copying the file, in case the
          # file has external references.
          mode = "0666";
          text = builtins.toJSON ssh-users;
        };
        environment.etc."nixos/ssh-users.nix" = {
          # This is the file that is imported by update-deployment.
          # We don't directly read the JSON so that the script doesn't
          # depend on the format we use.
          mode = "0666";
          text = ''
    
            # Include the ssh-users config
    
            builtins.fromJSON (builtins.readFile ./ssh-users.json)
          '';
        };
    
    
        networking.domain = grid-config.domain;
    
        # Convert relative paths to absolute so library code can resolve names
        # correctly.
        grid = {
          publicKeyPath = toString ./. + "/${grid-config.publicKeyPath}";
          privateKeyPath = toString ./. + "/${grid-config.privateKeyPath}";
    
          inherit (grid-config) monitoringvpnEndpoint letsEncryptAdminEmail;
    
        # Configure deployment management authorization for all systems in the grid.
    
        services.private-storage.deployment = {
    
          authorizedKey = builtins.readFile "${config.grid.publicKeyPath}/deploy_key.pub";
    
          grid.monitoringvpnIPv4 = "172.23.23.11";
    
          grid.publicIPv4 = "192.168.56.21";
    
            inherit (grid-config) issuerDomains allowedChargeOrigins;
    
          grid.monitoringvpnIPv4 = "172.23.23.12";
    
          grid.publicIPv4 = "192.168.56.22";
    
          grid.storage = {
            inherit (grid-config) passValue publicStoragePort;
          };
          system.stateVersion = "19.09";
    
          grid.monitoringvpnIPv4 = "172.23.23.13";
    
          grid.publicIPv4 = "192.168.56.23";
    
          grid.storage = {
            inherit (grid-config) passValue publicStoragePort;
          };
          system.stateVersion = "19.09";
    
          grid.publicIPv4 = "192.168.56.24";
    
          grid.monitoring = {
            inherit paymentExporterTargets blackboxExporterHttpsTargets;
            inherit (grid-config) monitoringDomains;
            googleOAuthClientID = grid-config.monitoringGoogleOAuthClientID;
            enableSlackAlert = false;
          };
          system.stateVersion = "19.09";
    
      };
    
      # TBD: derive these automatically:
    
      paymentExporterTargets = [ "payments.monitoringvpn" ];
    
      blackboxExporterHttpsTargets = [
        # "https://private.storage/"
        # "https://payments.private.storage/"
      ];
    
    
    in {
      network = {
        description = "PrivateStorage.io LocalDev Grid";
    
        inherit (gridlib) pkgs;
    
      inherit payments monitoring storage1 storage2;