Skip to content
Snippets Groups Projects
Select Git revision
  • 9f3d006aa53e6326bb420109fba4cb3b5a56f890
  • develop default protected
  • production protected
  • nixpkgs-upgrade-2025-06-16
  • nixpkgs-upgrade-2024-12-23
  • 190-our-regular-updates-fill-up-the-servers-boot-partitions
  • nixpkgs-upgrade-2024-10-14
  • hro-cloud protected
  • 162.flexible-grafana-module
  • nixpkgs-upgrade-2024-05-13
  • nixpkgs-upgrade-2024-04-22
  • nixpkgs-upgrade-2024-03-25
  • nixpkgs-upgrade-2024-03-18
  • nixpkgs-upgrade-2024-03-11
  • nixpkgs-upgrade-2024-03-04
  • 163.jp-to-ben-for-prod
  • nixpkgs-upgrade-2024-02-26
  • 164.grafana-alert-rules
  • 157.authorize-new-hro-key
  • nixpkgs-upgrade-2024-02-19
  • nixpkgs-upgrade-2024-02-12
21 results

default.nix

Blame
    • grid.nix 4.30 KiB 
    let
  pkgs = import <nixpkgs> { };

  gridlib = import ../../lib;
  grid-config = pkgs.lib.trivial.importJSON ./config.json;

  ssh-users = let
    ssh-users-file = ./public-keys/users.nix;
  in
    if builtins.pathExists ssh-users-file then
      import ssh-users-file
    else
      # Use builtins.toString so that nix does not add the file
      # to the nix store before including it in the string.
      throw ''
        ssh-keys for local grid are not configured.
        Refusing to build a possibly inaccessible configuration.
        Please create ${builtins.toString ssh-users-file} before building.
        See ${builtins.toString ./README.rst} for more information.
      '';

  # Module with per-grid configuration
  grid-module = {config, ...}: {
    imports = [
      gridlib.base
      # Allow us to remotely trigger updates to this system.
      ../../../nixos/modules/deployment.nix
      # Give it a good SSH configuration.
      ../../../nixos/modules/ssh.nix
      # Configure things specific to the virtualisation environment.
      gridlib.hardware-vagrant
    ];
    services.private-storage.sshUsers = ssh-users;

    # Include the ssh-users config in a form that can be read by nix,
    # so the self-update deployment system can access it.
    # nixos/modules/update-deployment imports the nix file into
    # the checkout of this repository it creates.
    environment.etc."nixos/ssh-users.json" = {
      # Output the loaded value, rather than just copying the file, in case the
      # file has external references.
      mode = "0666";
      text = builtins.toJSON ssh-users;
    };
    environment.etc."nixos/ssh-users.nix" = {
      # This is the file that is imported by update-deployment.
      # We don't directly read the JSON so that the script doesn't
      # depend on the format we use.
      mode = "0666";
      text = ''
        # Include the ssh-users config
        builtins.fromJSON (builtins.readFile ./ssh-users.json)
      '';
    };

    networking.domain = grid-config.domain;
    # Convert relative paths to absolute so library code can resolve names
    # correctly.
    grid = {
      publicKeyPath = toString ./. + "/${grid-config.publicKeyPath}";
      privateKeyPath = toString ./. + "/${grid-config.privateKeyPath}";
      inherit (grid-config) monitoringvpnEndpoint letsEncryptAdminEmail;
    };
    # Configure deployment management authorization for all systems in the grid.
    services.private-storage.deployment = {
      authorizedKey = builtins.readFile "${config.grid.publicKeyPath}/deploy_key.pub";
      gridName = "local";
    };
  };