Skip to content
Snippets Groups Projects
Commit 0c7c27ac authored by Jean-Paul Calderone's avatar Jean-Paul Calderone
Browse files

Add morph for the PaymentServer deployment

parent 3ce91e7f
Branches
No related tags found
1 merge request!16Deploy PaymentServer
...@@ -16,6 +16,11 @@ import ./make-grid.nix { ...@@ -16,6 +16,11 @@ import ./make-grid.nix {
# doesn't specify one. # doesn't specify one.
# #
# The names must be unique! # The names must be unique!
"issuer" = import ./issuer.nix ({
hardware = ./issuer-aws.nix;
stateVersion = "19.03";
} // cfg);
"storage001" = import ./make-storage.nix ({ "storage001" = import ./make-storage.nix ({
cfg = import ./storage001-config.nix; cfg = import ./storage001-config.nix;
hardware = ./storage001-hardware.nix; hardware = ./storage001-hardware.nix;
......
{
imports = [ <nixpkgs/nixos/modules/virtualisation/amazon-image.nix> ];
ec2.hvm = true;
}
{ hardware
, ristrettoSigningKeyPath
, stateVersion
, ...
}: {
deployment = {
secrets = {
"ristretto-signing-key" = {
source = ristrettoSigningKeyPath;
destination = "/var/secrets/ristretto.signing-key";
owner.user = "root";
owner.group = "root";
permissions = "0400";
action = ["sudo" "systemctl" "restart" "zkapissuer.service"];
};
};
};
imports = [
hardware
../nixos/modules/issuer.nix
];
services.private-storage-issuer = {
enable = true;
# XXX This should be passed as a path.
ristrettoSigningKey = builtins.readFile (./.. + ristrettoSigningKeyPath);
database = "SQLite3";
databasePath = "/var/db/vouchers.sqlite3";
};
system.stateVersion = stateVersion;
}
...@@ -17,7 +17,7 @@ in { ...@@ -17,7 +17,7 @@ in {
}; };
services.private-storage-issuer.issuer = lib.mkOption { services.private-storage-issuer.issuer = lib.mkOption {
default = "Ristretto"; default = "Ristretto";
type = lib.types.str; type = lib.types.enum [ " Trivial" "Ristretto" ];
example = lib.literalExample "Trivial"; example = lib.literalExample "Trivial";
description = '' description = ''
The issuer algorithm to use. Either Trivial for a fake no-crypto The issuer algorithm to use. Either Trivial for a fake no-crypto
...@@ -32,6 +32,21 @@ in { ...@@ -32,6 +32,21 @@ in {
``Ristretto``. ``Ristretto``.
''; '';
}; };
services.private-storage-issuer.database = lib.mkOption {
default = "Memory";
type = lib.types.enum [ "Memory" "SQLite3" ];
description = ''
The kind of voucher database to use.
'';
};
services.private-storage-issuer.databasePath = lib.mkOption {
default = null;
type = lib.types.str;
description = ''
The path to a database file in the filesystem, if the SQLite3 database
type is being used.
'';
};
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
...@@ -47,12 +62,16 @@ in { ...@@ -47,12 +62,16 @@ in {
let let
# Compute the right command line arguments to pass to it. The # Compute the right command line arguments to pass to it. The
# signing key is only supplied when using the Ristretto issuer. # signing key is only supplied when using the Ristretto issuer.
args = issuerArgs =
if cfg.issuer == "Trivial" if cfg.issuer == "Trivial"
then "--issuer Trivial" then "--issuer Trivial"
else "--issuer Ristretto --signing-key ${cfg.ristrettoSigningKey}"; else "--issuer Ristretto --signing-key ${cfg.ristrettoSigningKey}";
databaseArgs =
if cfg.database == "Memory"
then "--database Memory"
else "--database SQLite3 --database-path ${cfg.databasePath}";
in in
"${cfg.package}/bin/PaymentServer-exe ${args}"; "${cfg.package}/bin/PaymentServer-exe ${issuerArgs} ${databaseArgs}";
Type = "simple"; Type = "simple";
# It really shouldn't ever exit on its own! If it does, it's a bug # It really shouldn't ever exit on its own! If it does, it's a bug
# we'll have to fix. Restart it and hope it doesn't happen too much # we'll have to fix. Restart it and hope it doesn't happen too much
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment