grid.nix

# See morph/grid/local/grid.nix for additional commentary.
let lib = import ../../lib;
in lib.make-grid {
  name = "Production";
  config = ./config.json;
  nodes = cfg:
    let
      sshUsers = import ./secrets/users.nix;

      # Get absolute vpn key directory path, as a string:
      monitoringvpnKeyDir = toString ./. + "/${cfg.monitoringvpnKeyDir}";

      # TBD: derive these automatically:
      hostsMap = {
        "172.23.23.1"  = [ "monitoring" "monitoring.monitoringvpn" ];
        "172.23.23.11" = [   "payments"   "payments.monitoringvpn" ];
        "172.23.23.21" = [ "storage001" "storage001.monitoringvpn" ];
        "172.23.23.22" = [ "storage002" "storage002.monitoringvpn" ];
        "172.23.23.23" = [ "storage003" "storage003.monitoringvpn" ];
        "172.23.23.24" = [ "storage004" "storage004.monitoringvpn" ];
        "172.23.23.25" = [ "storage005" "storage005.monitoringvpn" ];
      };
      vpnClientIPs = [
        "172.23.23.11"
        "172.23.23.21"
        "172.23.23.22"
        "172.23.23.23"
        "172.23.23.24"
        "172.23.23.25"
      ];
      nodeExporterTargets = [
        "monitoring"
        "payments"
        "storage001"
        "storage002"
        "storage003"
        "storage004"
        "storage005"
      ];

    in {
    # Here are the hosts that are in this morph network.  This is sort of like
    # a server manifest.  We try to keep as many of the specific details as
    # possible out of *this* file so that this file only grows as server count
    # grows.  If it grows too much, we can load servers by listing contents of
    # a directory or reading from another JSON file or some such.  For now,
    # I'm just manually maintaining these entries.
    #
    # The name on the left of the `=` is mostly irrelevant but it does provide
    # a default hostname for the server if the configuration on the right side
    # doesn't specify one.
    #
    # The names must be unique!
    "payments.privatestorage.io" = rec {
      imports = [
        lib.issuer
        lib.hardware-aws
        (lib.customize-issuer cfg sshUsers monitoringvpnKeyDir "172.23.23.11" "19.03")
      ];
    };

    "storage001" = let nodecfg = import ./storage001-config.nix; in {
      imports = [
        ./storage001-hardware.nix
        # Slightly awkwardly, enable some of our hardware / network / bootloader options.
        ../../../nixos/modules/100tb.nix
        lib.storage
        (lib.customize-storage cfg sshUsers nodecfg.publicIPv4 monitoringvpnKeyDir "172.23.23.21" "19.09")
      ];
      # And supply configuration for those hardware / network / bootloader options.
      "100tb".config = nodecfg;
    };

    "storage002" = let nodecfg = import ./storage002-config.nix; in {
      imports = [
        ./storage002-hardware.nix
        # Slightly awkwardly, enable some of our hardware / network / bootloader options.
        ../../../nixos/modules/100tb.nix
        lib.storage
        (lib.customize-storage cfg sshUsers nodecfg.publicIPv4 monitoringvpnKeyDir "172.23.23.22" "19.09")
      ];
      # And supply configuration for those hardware / network / bootloader options.
      "100tb".config = nodecfg;
    };

    "storage003" = let nodecfg = import ./storage003-config.nix; in {
      imports = [
        ./storage003-hardware.nix
        # Slightly awkwardly, enable some of our hardware / network / bootloader options.
        ../../../nixos/modules/100tb.nix
        lib.storage
        (lib.customize-storage cfg sshUsers nodecfg.publicIPv4 monitoringvpnKeyDir "172.23.23.23" "19.09")
      ];
      # And supply configuration for those hardware / network / bootloader options.
      "100tb".config = nodecfg;
    };

    "storage004" = let nodecfg = import ./storage004-config.nix; in {
      imports = [
        ./storage004-hardware.nix
        # Slightly awkwardly, enable some of our hardware / network / bootloader options.
        ../../../nixos/modules/100tb.nix
        lib.storage
        (lib.customize-storage cfg sshUsers nodecfg.publicIPv4 monitoringvpnKeyDir "172.23.23.24" "19.09")
      ];
      # And supply configuration for those hardware / network / bootloader options.
      "100tb".config = nodecfg;
    };

    "storage005" = let nodecfg = import ./storage005-config.nix; in {
      imports = [
        ./storage005-hardware.nix
        # Slightly awkwardly, enable some of our hardware / network / bootloader options.
        ../../../nixos/modules/100tb.nix
        lib.storage
        (lib.customize-storage cfg sshUsers nodecfg.publicIPv4 monitoringvpnKeyDir "172.23.23.25" "19.03")
      ];
      # And supply configuration for those hardware / network / bootloader options.
      "100tb".config = nodecfg;
    };

    "monitoring" = lib.make-monitoring (cfg // {
      publicIPv4 = "monitoring.private.storage";
      monitoringvpnIPv4 = "172.23.23.1";
      inherit monitoringvpnKeyDir;
      inherit vpnClientIPs;
      inherit hostsMap;
      inherit nodeExporterTargets;
      hardware = lib.hardware-aws;
      stateVersion = "19.09";
      inherit sshUsers;
    });
  };
}