Remove remaining configuration from `customize-storage.nix` to `storage.nix`

morph/grid/local/grid.nix

@@ -85,28 +85,30 @@ let
   storage1 = {
     imports = [
       gridlib.storage
-      (gridlib.customize-storage (grid-config // {
-        stateVersion = "19.09";
-      }))
       grid-module
     ];
     config = {
       grid.monitoringvpnIPv4 = "172.23.23.12";
       grid.publicIPv4 = "192.168.67.22";
+      grid.storage = {
+        inherit (grid-config) passValue publicStoragePort;
+      };
+      system.stateVersion = "19.09";
     };
   };
 
   storage2 = {
     imports = [
       gridlib.storage
-      (gridlib.customize-storage (grid-config // {
-        stateVersion = "19.09";
-      }))
       grid-module
     ];
     config = {
       grid.monitoringvpnIPv4 = "172.23.23.13";
       grid.publicIPv4 = "192.168.67.23";
+      grid.storage = {
+        inherit (grid-config) passValue publicStoragePort;
+      };
+      system.stateVersion = "19.09";
     };
   };
 

morph/grid/production/grid.nix

@@ -85,18 +85,16 @@ let
 
       # Get all of the configuration that is common across all storage nodes.
       gridlib.storage
-
-      # Then customize the storage system a little bit based on this node's particulars.
-      (gridlib.customize-storage (grid-config // nodecfg // {
-        inherit stateVersion;
-      }))
-
       # Also configure deployment management authorization
       grid-module
     ];
 
     config = {
       grid.monitoringvpnIPv4 = vpnIP;
+      grid.storage = {
+        inherit (grid-config) passValue publicStoragePort;
+      };
+      system.stateVersion = stateVersion;
 
       # And supply configuration for those hardware / network / bootloader
       # options.  See the 100tb module for handling of this value.  The module

morph/grid/testing/grid.nix

@@ -49,13 +49,14 @@ let
       gridlib.storage
       gridlib.hardware-aws
       ./testing001-hardware.nix
-      (gridlib.customize-storage (grid-config // {
-        stateVersion = "19.03";
-      }))
       grid-module
     ];
     config = {
       grid.monitoringvpnIPv4 = "172.23.23.12";
+      grid.storage = {
+        inherit (grid-config) passValue publicStoragePort;
+      };
+      system.stateVersion = "19.03";
     };
   };
 

morph/lib/customize-storage.nix

-# Define a function which returns a value which fills in all the holes left by
-# ``storage.nix``.
-{
-  # An integer giving the value of a single pass in byte×months.
-  passValue
-
-  # An integer giving the port number to include in Tahoe storage service
-  # advertisements and on which to listen for storage connections.
-, publicStoragePort
-
-  # A string giving the NixOS state version for the system.
-, stateVersion
-, ...
-}:
-{ config, ... }:
-let
-  inherit (config.grid) publicKeyPath privateKeyPath;
-in {
-  services.private-storage = {
-    inherit passValue publicStoragePort;
-  };
-
-  system.stateVersion = stateVersion;
-}

morph/lib/default.nix

@@ -8,9 +8,7 @@
   hardware-vagrant = import ./hardware-vagrant.nix;
 
   issuer = import ./issuer.nix;
-
   storage = import ./storage.nix;
-  customize-storage = import ./customize-storage.nix;
 
   monitoring = import ./monitoring.nix;
   customize-monitoring = import ./customize-monitoring.nix;

morph/lib/storage.nix

-# Similar to ``issuer.nix`` but for a "storage"-type system.  Holes are filled
-# by ``customize-storage.nix``.
-{ config, ...} :
+# This contains all of the NixOS system configuration necessary to specify an
+# "storage"-type system.
+{ lib, config, ...} :
 let
   inherit (config.grid) publicKeyPath privateKeyPath monitoringvpnIPv4 monitoringvpnEndpoint;
 in {
-  deployment = {
-    secrets = {
-      "ristretto-signing-key" = {
-        destination = "/run/keys/ristretto.signing-key";
-        source = "${privateKeyPath}/ristretto.signing-key";
-        owner.user = "root";
-        owner.group = "root";
-        permissions = "0400";
-        # Service name here matches the name defined by our tahoe-lafs nixos
-        # module.  It would be nice to not have to hard-code it here.  Can we
-        # extract it from the tahoe-lafs nixos module somehow?
-        action = ["sudo" "systemctl" "restart" "tahoe.storage.service"];
-      };
-      "monitoringvpn-secret-key" = {
-        destination = "/run/keys/monitoringvpn/client.key";
-        source = "${privateKeyPath}/monitoringvpn/${monitoringvpnIPv4}.key";
-        owner.user = "root";
-        owner.group = "root";
-        permissions = "0400";
-        action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
-      };
-      "monitoringvpn-preshared-key" = {
-        destination = "/run/keys/monitoringvpn/preshared.key";
-        source = "${privateKeyPath}/monitoringvpn/preshared.key";
-        owner.user = "root";
-        owner.group = "root";
-        permissions = "0400";
-        action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
-      };
-    };
-  };
-
   # Any extra NixOS modules to load on this server.
   imports = [
     # Bring in our module for configuring the Tahoe-LAFS service and other
@@ -49,20 +17,72 @@ in {
     ../../nixos/modules/monitoring/exporters/tahoe.nix
   ];
 
-  services.private-storage.monitoring.tahoe.enable = true;
+  options.grid.storage = {
+    passValue = lib.mkOption {
+      type = lib.types.int;
+      description = ''
+        An integer giving the value of a single pass in byte×months.
+      '';
+    };
 
-  # Turn on the Private Storage (Tahoe-LAFS) service.
-  services.private-storage = {
-    # Yep.  Turn it on.
-    enable = true;
-    # Give it the Ristretto signing key to support authorization.
-    ristrettoSigningKeyPath = config.deployment.secrets.ristretto-signing-key.destination;
+    publicStoragePort = lib.mkOption {
+      type = lib.types.port;
+      description = ''
+        An integer giving the port number to include in Tahoe storage service
+        advertisements and on which to listen for storage connections.
+      '';
+    };
   };
 
-  services.private-storage.monitoring.vpn.client = {
-    enable = true;
-    ip = monitoringvpnIPv4;
-    endpoint = monitoringvpnEndpoint;
-    endpointPublicKeyFile = "${publicKeyPath}/monitoringvpn/server.pub";
+  config = {
+    deployment = {
+      secrets = {
+        "ristretto-signing-key" = {
+          destination = "/run/keys/ristretto.signing-key";
+          source = "${privateKeyPath}/ristretto.signing-key";
+          owner.user = "root";
+          owner.group = "root";
+          permissions = "0400";
+          # Service name here matches the name defined by our tahoe-lafs nixos
+          # module.  It would be nice to not have to hard-code it here.  Can we
+          # extract it from the tahoe-lafs nixos module somehow?
+          action = ["sudo" "systemctl" "restart" "tahoe.storage.service"];
+        };
+        "monitoringvpn-secret-key" = {
+          destination = "/run/keys/monitoringvpn/client.key";
+          source = "${privateKeyPath}/monitoringvpn/${monitoringvpnIPv4}.key";
+          owner.user = "root";
+          owner.group = "root";
+          permissions = "0400";
+          action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
+        };
+        "monitoringvpn-preshared-key" = {
+          destination = "/run/keys/monitoringvpn/preshared.key";
+          source = "${privateKeyPath}/monitoringvpn/preshared.key";
+          owner.user = "root";
+          owner.group = "root";
+          permissions = "0400";
+          action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
+        };
+      };
+    };
+
+    services.private-storage.monitoring.tahoe.enable = true;
+
+    # Turn on the Private Storage (Tahoe-LAFS) service.
+    services.private-storage = {
+      # Yep.  Turn it on.
+      enable = true;
+      # Give it the Ristretto signing key to support authorization.
+      ristrettoSigningKeyPath = config.deployment.secrets.ristretto-signing-key.destination;
+      inherit (config.grid.storage) passValue publicStoragePort;
+    };
+
+    services.private-storage.monitoring.vpn.client = {
+      enable = true;
+      ip = monitoringvpnIPv4;
+      endpoint = monitoringvpnEndpoint;
+      endpointPublicKeyFile = "${publicKeyPath}/monitoringvpn/server.pub";
+    };
   };
 }