Skip to content
Snippets Groups Projects
Select Git revision
  • bc4955db8c958bba802c319aa3b205c6a6c4fb72
  • develop default protected
  • nixpkgs-upgrade-2025-07-28
  • production protected
  • nixpkgs-upgrade-2025-06-16
  • nixpkgs-upgrade-2024-12-23
  • 190-our-regular-updates-fill-up-the-servers-boot-partitions
  • nixpkgs-upgrade-2024-10-14
  • hro-cloud protected
  • 162.flexible-grafana-module
  • nixpkgs-upgrade-2024-05-13
  • nixpkgs-upgrade-2024-04-22
  • nixpkgs-upgrade-2024-03-25
  • nixpkgs-upgrade-2024-03-18
  • nixpkgs-upgrade-2024-03-11
  • nixpkgs-upgrade-2024-03-04
  • 163.jp-to-ben-for-prod
  • nixpkgs-upgrade-2024-02-26
  • 164.grafana-alert-rules
  • 157.authorize-new-hro-key
  • nixpkgs-upgrade-2024-02-19
21 results

update-github-repo

Blame
  • storage.nix 1.93 KiB
    # This contains all of the NixOS system configuration necessary to specify an
    # "storage"-type system.
    { lib, config, ...} :
    let
      inherit (config.grid) privateKeyPath;
    in {
      # Any extra NixOS modules to load on this server.
      imports = [
        ./monitoringvpn-client.nix
        ./borgbackup.nix
      ];
    
      options.grid.storage = {
        passValue = lib.mkOption {
          type = lib.types.int;
          description = ''
            An integer giving the value of a single pass in byte×months.
          '';
        };
    
        publicStoragePort = lib.mkOption {
          type = lib.types.port;
          description = ''
            An integer giving the port number to include in Tahoe storage service
            advertisements and on which to listen for storage connections.
          '';
        };
      };
    
      config = {
        deployment = {
          secrets = {
            "ristretto-signing-key" = {
              destination = "/run/keys/ristretto.signing-key";
              source = "${privateKeyPath}/ristretto.signing-key";
              owner.user = "root";
              owner.group = "root";
              permissions = "0400";
              # Service name here matches the name defined by our tahoe-lafs nixos
              # module.  It would be nice to not have to hard-code it here.  Can we
              # extract it from the tahoe-lafs nixos module somehow?
              action = ["sudo" "systemctl" "restart" "tahoe.storage.service"];
            };
          };
        };
    
        services.private-storage.monitoring.exporters.node.enable = true;
        services.private-storage.monitoring.exporters.tahoe.enable = true;
    
        services.private-storage.borgbackup.enable = lib.mkDefault true;
    
        # Turn on the Private Storage (Tahoe-LAFS) service.
        services.private-storage = {
          # Yep.  Turn it on.
          enable = true;
          # Give it the Ristretto signing key to support authorization.
          ristrettoSigningKeyPath = config.deployment.secrets.ristretto-signing-key.destination;
          inherit (config.grid.storage) passValue publicStoragePort;
        };
      };
    }