From 26dd2e5de2d52302f7471c752915eef59a8f79d4 Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Tue, 24 Sep 2019 15:56:20 -0400
Subject: [PATCH] Steps towards performing really Ristretto-flavored
 PrivacyPass

The issuer runs.  Helpers to poke the right API calls into the right place
forthcoming...
---
 nixos/modules/issuer.nix                | 36 +++++++++++++++++++++++++
 nixos/modules/private-storage.nix       | 11 +-------
 nixos/modules/pspkgs.nix                | 11 ++++++++
 nixos/modules/tests/private-storage.nix | 21 +++++++++++++++
 nixos/pkgs/zkapissuer.nix               | 10 +++++++
 5 files changed, 79 insertions(+), 10 deletions(-)
 create mode 100644 nixos/modules/issuer.nix
 create mode 100644 nixos/modules/pspkgs.nix
 create mode 100644 nixos/pkgs/zkapissuer.nix

diff --git a/nixos/modules/issuer.nix b/nixos/modules/issuer.nix
new file mode 100644
index 00000000..8f98a6e7
--- /dev/null
+++ b/nixos/modules/issuer.nix
@@ -0,0 +1,36 @@
+# A NixOS module which can run a Ristretto-based issuer for PrivacyStorage
+# ZKAPs.
+{ lib, pkgs, config, ... }: let
+  pspkgs = pkgs.callPackage ./pspkgs.nix { };
+  zkapissuer = pspkgs.callPackage ../pkgs/zkapissuer.nix { };
+in {
+  options = {
+    services.private-storage-issuer.enable = lib.mkEnableOption "PrivateStorage ZKAP Issuer Service";
+    services.private-storage-issuer.package = lib.mkOption {
+      default = zkapissuer.components.exes."PaymentServer-exe";
+      type = lib.types.package;
+      example = lib.literalExample "pkgs.zkapissuer";
+      description = ''
+        The package to use for the ZKAP issuer.
+      '';
+    };
+  };
+
+  config = let
+    cfg = config.services.private-storage-issuer;
+  in
+    lib.mkIf cfg.enable {
+      systemd.services.zkapissuer = {
+        enable = true;
+        description = "ZKAP Issuer";
+        wantedBy = [ "multi-user.target" ];
+        after = [ "network.target" ];
+
+        serviceConfig = {
+          ExecStart = "${cfg.package}/bin/PaymentServer-exe";
+          Type = "simple";
+          Restart = "always";
+        };
+      };
+    };
+}
diff --git a/nixos/modules/private-storage.nix b/nixos/modules/private-storage.nix
index d2db7dd6..58f4ba36 100644
--- a/nixos/modules/private-storage.nix
+++ b/nixos/modules/private-storage.nix
@@ -2,16 +2,7 @@
 # preferred configuration for the Private Storage grid.
 { pkgs, lib, config, ... }:
 let
-  # Derive a brand new version of pkgs which has our overlay applied.  The
-  # overlay defines a new version of Tahoe-LAFS and some of its dependencies
-  # and maybe other useful Private Storage customizations.
-  pspkgs = import pkgs.path
-  { overlays = [
-      # needs fetchFromGitHub to check out zkapauthorizer
-      (pkgs.callPackage ./zkap-overlay.nix { })
-      (import ./overlays.nix)
-    ];
-  };
+  pspkgs = pkgs.callPackage ./pspkgs.nix { };
   # Grab the configuration for this module for convenient access below.
   cfg = config.services.private-storage;
 in
diff --git a/nixos/modules/pspkgs.nix b/nixos/modules/pspkgs.nix
new file mode 100644
index 00000000..189778e0
--- /dev/null
+++ b/nixos/modules/pspkgs.nix
@@ -0,0 +1,11 @@
+# Derive a brand new version of pkgs which has our overlay applied.  The
+# overlay defines a new version of Tahoe-LAFS and some of its dependencies
+# and maybe other useful Private Storage customizations.
+{ pkgs }:
+import pkgs.path {
+  overlays = [
+    # needs fetchFromGitHub to check out zkapauthorizer
+    (pkgs.callPackage ./zkap-overlay.nix { })
+    (import ./overlays.nix)
+  ];
+}
diff --git a/nixos/modules/tests/private-storage.nix b/nixos/modules/tests/private-storage.nix
index 30818b33..b2f2f1f0 100644
--- a/nixos/modules/tests/private-storage.nix
+++ b/nixos/modules/tests/private-storage.nix
@@ -47,6 +47,15 @@ import <nixpkgs/nixos/tests/make-test.nix> {
         services.private-storage.publicIPv4 = "storage";
         services.private-storage.introducerFURL = introducerFURL;
       } // networkConfig;
+
+    # Operate an issuer as well.
+    issuer =
+    { config, pkgs, ... }:
+    { imports =
+      [ ../issuer.nix
+      ];
+      services.private-storage-issuer.enable = true;
+    };
   };
 
   # Test the machines with a Perl program (sobbing).
@@ -135,6 +144,18 @@ import <nixpkgs/nixos/tests/make-test.nix> {
       );
       $client->waitForOpenPort(3456);
 
+      #
+      # Get some ZKAPs from the issuer.
+      #
+
+      # Simulate a payment for a voucher.
+      $voucher = "0123456789";
+      $client->succeed("${simulate-payment} $voucher");
+
+      # Tell the client to redeem the voucher.
+      $client->succeed("${redeem-voucher} $voucher");
+
+      # The client should be prepped now.  Make it try to use some storage.
       my ($code, $out) = $client->execute(
           'tahoe -d /tmp/client ' .
           'put /etc/issue'
diff --git a/nixos/pkgs/zkapissuer.nix b/nixos/pkgs/zkapissuer.nix
new file mode 100644
index 00000000..823a9f91
--- /dev/null
+++ b/nixos/pkgs/zkapissuer.nix
@@ -0,0 +1,10 @@
+{ fetchFromGitHub, callPackage }:
+let
+  paymentServer = fetchFromGitHub {
+    owner = "PrivateStorage";
+    repo = "PaymentServer";
+    rev = "6fbaac7a14d2a03b74e10a4a82b1147ee1dd7d49";
+    sha256 = "0z8mqmns3fqbjy765830s5q6lhz3lxmslxahjc155jsv5b46gjip";
+  };
+in
+  (callPackage "${paymentServer}/nix" { }).PaymentServer
-- 
GitLab