Newer
Older
Set up and use a network of local development VMs
-------------------------------------------------
... using `Vagrant <https://www.vagrantup.com/>`_ to manage VirtualBox VMs [#]_.
To get started, first install Vagrant and make sure it works.
One possible way to do it in NixOS:
1. Install Vagrant, by adding the packages:
- ``vagrant`` (orchestrating virtual machines on the command line)
- Only use when version >= 2.2.16 has become available. Else see below.
- Optional: ``packer`` (for creating your own VM images)
2. Add configuration to install and enable VirtualBox:
- ``virtualisation.virtualbox.host.enable = true;``
3. Add your user to the ``vboxusers`` group, for example:
- ``users.extraGroups.vboxusers.members = [ "flo" "jp" ];``
.. [#] The author of this documentation wasted a lot of time trying to get Vagrant to work with KVM/libvirt. Issues with networking that looked like guest misconfigurations vanished after changing to the better-tested combination of Vagrant and VirtualBox.
Pre-Vagrant 2.2.16: Get Vagrant with the required fixes for NixOS guests
````````````````````````````````````````````````````````````````````````
The Vagrant nixos-guest template `received a critical update on 2021-03-08 <https://github.com/hashicorp/vagrant/commit/990d94ed9d0b3092e855bc1bb9deeeb7aa7792cf>`_ which came out with Vagrant version 2.2.16.
If you run an older Nixpkgs, retrieve and use the latest Vagrant development version like so::
NIX_PATH=nixpkgs=https://github.com/NixOS/nixpkgs/archive/refs/heads/master.tar.gz nix-shell -p vagrant
Generating and deploying keys
`````````````````````````````
``config.json`` has the paths for the Ristretto and the Stripe secret key files.
Here is a Ristretto key you can use, randomly generated just now::
SILOWzbnkBjxC1hGde9d5Q3Ir/4yLosCLEnEQGAxEQE=
Generate your own like this::
[flo@la:~/PrivateStorageio]$ nix-shell
[nix-shell:~/PrivateStorageio]$ nix-shell -p zkapissuer.components.exes.PaymentServer-generate-key
[nix-shell:~/PrivateStorageio]$ PaymentServer-generate-key
SILOWzbnkBjxC1hGde9d5Q3Ir/4yLosCLEnEQGAxEQE=
Make sure you write it into the key file `without any leading or trailing white space, also without newlines <https://github.com/LeastAuthority/python-challenge-bypass-ristretto/issues/37>`_.
For example::
echo -n "SILOWzbnkBjxC1hGde9d5Q3Ir/4yLosCLEnEQGAxEQE=" > ristretto.signing-key
For the Stripe key any random bytes with a little light formatting "work" - at least to make our software happy - but if you want to be able to interact with Stripe and have payments (even pretend payments) move all the way through the system you should get a Stripe account and generate a key w/ them.
Lauri can get you added to our "dev" Stripe account, too, though I forget how important that is for ad hoc dev/testing.
I think this will work for generating random Stripe secret keys (that our software will load, I think, but Stripe will reject)::
>>> import base64, os
>>> print((b"sk_test_" + base64.b64encode(os.urandom(25)).strip(b"=")).decode("ascii"))
sk_test_Dr+XLVjkC0oO3Zw8Ws0yWtDLqR1sM+/fmw
Public keys are the same but "pk_test" instead of "sk_test" ("test" is for "test mode" key that can only process pretend txns; for real txns there are keys with "live" embedded).
The ZKAPIssuer.service needs a working TLS certificate and expects it in the certbot directory for the domain you configured, in my case::
openssl req -x509 -newkey rsa:4096 -nodes -keyout privkey.pem -out cert.pem -days 3650
touch chain.pem
Move the three .pem files into the payment's server ``/var/lib/letsencrypt/live/payments.localdev/`` directory and issue a ``sudo systemctl restart zkapissuer.service``.
Use the local development environment
`````````````````````````````````````
1. Build and start the VMs::
VAGRANT_DEFAULT_PROVIDER=virtualbox vagrant up
vagrant ssh-config > ./vagrant-ssh-config
3. Edit the output: Add the IPs from ``grid.nix`` to the ``vagrant-ssh-config`` **Host match blocks** so the config reads like::
Host payments1 192.168.67.21
HostName 192.168.67.21
User vagrant
4. Then, make morph use this ssh config either - with newer morph [#]_ - by pointing it to it::
export SSH_CONFIG_FILE=./vagrant-ssh-config
Or, with older morph, adding the config to your user's ``~/.ssh/config`` file.
.. [#] Morph honors the ``SSH_CONFIG_FILE`` environment variable `since 3f90aa88 (March 2020, v 1.5.0) <https://github.com/DBCDK/morph/commit/3f90aa885fac1c29fce9242452fa7c0c505744ef#diff-d155ad793bd62e6ea4c44ba985049ecb13a4f4f32f799791b2bce695a16c0101>`_.
5. Then, build and deploy our software to the Vagrant VMs::
morph build grid.nix
morph push grid.nix
morph upload-secrets grid.nix
morph deploy grid.nix switch
You will now be able to log in with the users and keys you set in your ``localdev-users.nix`` file.