grid.nix

# See morph/grid/local/grid.nix for additional commentary.
let
  pkgs = import <nixpkgs> { };

  gridlib = import ../../lib;
  grid-config = pkgs.lib.trivial.importJSON ./config.json;

  # Module with per-grid configuration
  grid-module = {config, ...}: {
    imports = [
      gridlib.base
      # Allow us to remotely trigger updates to this system.
      ../../../nixos/modules/deployment.nix
      # Give it a good SSH configuration.
      ../../../nixos/modules/ssh.nix
    ];
    services.private-storage.sshUsers = import ./public-keys/users.nix;
    networking.domain = grid-config.domain;
    # Convert relative paths to absolute so library code can resolve names
    # correctly.
    grid = {
      publicKeyPath = toString ./. + "/${grid-config.publicKeyPath}";
      privateKeyPath = toString ./. + "/${grid-config.privateKeyPath}";
      inherit (grid-config) monitoringvpnEndpoint letsEncryptAdminEmail;
    };
    # Configure deployment management authorization for all systems in the grid.
    services.private-storage.deployment = {
      authorizedKey = builtins.readFile "${config.grid.publicKeyPath}/deploy_key.pub";
      gridName = "testing";
    };
  };

  payments = {
    imports = [
      gridlib.issuer
      gridlib.hardware-aws
      grid-module
    ];
    config = {
      grid.monitoringvpnIPv4 = "172.23.23.11";
      grid.issuer = {
        inherit (grid-config) issuerDomains allowedChargeOrigins;
      };
    };
  };

  storage001 = {
    imports = [
      gridlib.storage
      gridlib.hardware-aws
      ./testing001-hardware.nix
      grid-module
    ];
    config = {
      grid.monitoringvpnIPv4 = "172.23.23.12";
      grid.storage = {
        inherit (grid-config) passValue publicStoragePort;
      };
      system.stateVersion = "19.03";
    };
  };

  monitoring = {
    imports = [
      gridlib.monitoring
      gridlib.hardware-aws
      grid-module
    ];
    config = {
      grid.monitoringvpnIPv4 = "172.23.23.1";
      grid.monitoring = {
        inherit paymentExporterTargets blackboxExporterHttpsTargets;
        inherit (grid-config) monitoringDomains;
        googleOAuthClientID = grid-config.monitoringGoogleOAuthClientID;
        enableSlackAlert = true;
      };
      system.stateVersion = "19.09";
    };
  };

  # TBD: derive these automatically:
  paymentExporterTargets = [ "payments.monitoringvpn" ];
  blackboxExporterHttpsTargets = [
    "https://privatestorage-staging.com/"
    "https://www.privatestorage-staging.com/"
    "https://extra.privatestorage-staging.com/"
    "https://www.extra.privatestorage-staging.com/"
    "https://payments.privatestorage-staging.com/"
    "https://payments.extra.privatestorage-staging.com/"
    "https://monitoring.privatestorage-staging.com/"
    "https://monitoring.extra.privatestorage-staging.com/"
  ];

in {
  network = {
    description = "PrivateStorage.io Testing Grid";
    inherit (gridlib) pkgs;
  };
  inherit payments monitoring storage001;
}