Skip to content
Snippets Groups Projects
Select Git revision
  • f526062058733d7ad97a849dee2f286fa1523c00
  • develop default protected
  • production protected
  • nixpkgs-upgrade-2025-06-16
  • nixpkgs-upgrade-2024-12-23
  • 190-our-regular-updates-fill-up-the-servers-boot-partitions
  • nixpkgs-upgrade-2024-10-14
  • hro-cloud protected
  • 162.flexible-grafana-module
  • nixpkgs-upgrade-2024-05-13
  • nixpkgs-upgrade-2024-04-22
  • nixpkgs-upgrade-2024-03-25
  • nixpkgs-upgrade-2024-03-18
  • nixpkgs-upgrade-2024-03-11
  • nixpkgs-upgrade-2024-03-04
  • 163.jp-to-ben-for-prod
  • nixpkgs-upgrade-2024-02-26
  • 164.grafana-alert-rules
  • 157.authorize-new-hro-key
  • nixpkgs-upgrade-2024-02-19
  • nixpkgs-upgrade-2024-02-12
21 results

ip-util.nix

Blame
    • make-testing.nix 1.04 KiB 
    { publicIPv4, hardware, publicStoragePort, ristrettoSigningKeyPath, passValue, sshUsers, stateVersion, ... }: rec {

  deployment = {
    targetHost = publicIPv4;

    secrets = {
      "ristretto-signing-key" = {
        source = ristrettoSigningKeyPath;
        destination = "/run/keys/ristretto.signing-key";
        owner.user = "root";
        owner.group = "root";
        permissions = "0400";
        # Service name here matches the name defined by our tahoe-lafs nixos
        # module.  It would be nice to not have to hard-code it here.  Can we
        # extract it from the tahoe-lafs nixos module somehow?
        action = ["sudo" "systemctl" "restart" "tahoe.storage.service"];
      };
    };
  };

  imports = [
    hardware
    ../../nixos/modules/private-storage.nix
  ];

  services.private-storage =
  { enable = true;
    inherit publicIPv4;
    inherit publicStoragePort;
    ristrettoSigningKeyPath = deployment.secrets.ristretto-signing-key.destination;
    inherit passValue;
    inherit sshUsers;
  };

  system.stateVersion = stateVersion;
}