Skip to content
Snippets Groups Projects
Select Git revision
  • 9ff44d9eb5cb91eee08fe04ab12b60ab9fbbabae
  • develop default protected
  • production protected
  • nixpkgs-upgrade-2025-06-16
  • nixpkgs-upgrade-2024-12-23
  • 190-our-regular-updates-fill-up-the-servers-boot-partitions
  • nixpkgs-upgrade-2024-10-14
  • hro-cloud protected
  • 162.flexible-grafana-module
  • nixpkgs-upgrade-2024-05-13
  • nixpkgs-upgrade-2024-04-22
  • nixpkgs-upgrade-2024-03-25
  • nixpkgs-upgrade-2024-03-18
  • nixpkgs-upgrade-2024-03-11
  • nixpkgs-upgrade-2024-03-04
  • 163.jp-to-ben-for-prod
  • nixpkgs-upgrade-2024-02-26
  • 164.grafana-alert-rules
  • 157.authorize-new-hro-key
  • nixpkgs-upgrade-2024-02-19
  • nixpkgs-upgrade-2024-02-12
21 results

base.nix

Blame
  • Florian Sesser's avatar
    Florian Sesser authored
    Do some name resolution for those poor computers
    
    Improve factoring by removing those `/etc/hosts` entries
    
    And avoid the infinite loop @tomprince was encountering in !258
    e9b28a79
    History
    base.nix 2.64 KiB
    # This module contains settings and configuration that apply to all nodes in a grid.
    { lib, config, nodes, ...}:
    {
      options.grid = {
        publicKeyPath = lib.mkOption {
          type = lib.types.path;
          description = ''
          A path on the deployment system of a directory containing all of the
          public keys for the system.  For example, this holds Wireguard public keys
          for the VPN configuration and SSH public keys to configure SSH
          authentication.
          '';
        };
        privateKeyPath = lib.mkOption {
          type = lib.types.path;
          description = ''
          A path on the deployment system of a directory containing all of the
          corresponding private keys for the system.
          '';
        };
        monitoringvpnIPv4 = lib.mkOption {
          type = lib.types.str;
          description = ''
            The IPv4 address of this node on the monitoring VPN.
          '';
        };
        monitoringvpnEndpoint = lib.mkOption {
          type = lib.types.str;
          description = ''
            The domain name and port of the monitoring VPN endpoint.
          '';
        };
    
        letsEncryptAdminEmail = lib.mkOption {
          type = lib.types.str;
          description = ''
            A string giving an email address to use for Let's Encrypt registration and
            certificate issuance.
          '';
        };
      };
    
      # Any extra NixOS modules to load on all our servers.  Note that just
      # because they're loaded doesn't *necessarily* mean they're turned on.
      imports = [
        # This brings in various other modules that define options for different
        # areas of the service.
        ../../nixos/modules/default.nix
      ];
    
      config = {
        # The morph default deployment target the name of the node in the network
        # attrset.  We don't always want to give the node its proper public address
        # there (because it depends on which domain is associated with the grid
        # being configured and using variable names complicates a lot of things).
        # Instead, just tell morph how to reach the node here - by using its fully
        # qualified domain name.
        deployment.targetHost = config.networking.fqdn;
    
        services.private-storage.monitoring.exporters.promtail.enable = true;
    
        assertions = [
          # This is a check to save somebody in the future trying to debug why
          # setting `nixpkgs.config` is not having an effect.
          {
            # `{}` is the default value for `nixpkgs.config`
            assertion = config.nixpkgs.config == {};
            message = ''
              Since we set `nixpkgs.pkgs` via morph's `network.pkgs`, the value for `nixpkgs.config` is ignored.
              See https://whetstone.private.storage/privatestorage/PrivateStorageio/-/issues/85#note_15876 for details.