From 2aa4a73b0f394812b44b3184225a27bd26a4f18e Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Thu, 24 Jun 2021 07:25:24 -0400
Subject: [PATCH] Convert customize-issuer from positional to set arguments
---
morph/grid/local/grid.nix | 20 ++++++++++++--------
morph/grid/production/grid.nix | 18 +++++++++++-------
morph/grid/testing/grid.nix | 18 +++++++++++-------
morph/lib/customize-issuer.nix | 24 +++++++++++++++++-------
4 files changed, 51 insertions(+), 29 deletions(-)
diff --git a/morph/grid/local/grid.nix b/morph/grid/local/grid.nix
index 8f705c03..1e063d00 100644
--- a/morph/grid/local/grid.nix
+++ b/morph/grid/local/grid.nix
@@ -2,17 +2,21 @@ let
pkgs = import <nixpkgs> { };
gridlib = import ../../lib;
- config = pkgs.lib.trivial.importJSON ./config.json;
- sshUsers = import ./secrets/users.nix;
+ rawConfig = pkgs.lib.trivial.importJSON ./config.json;
+ config = rawConfig // {
+ sshUsers = import ./secrets/users.nix;
- # Get absolute vpn key directory path, as a string:
- monitoringvpnKeyDir = toString ./. + "/${config.monitoringvpnKeyDir}";
+ # Get absolute vpn key directory path, as a string:
+ monitoringvpnKeyDir = toString ./. + "/${rawConfig.monitoringvpnKeyDir}";
+ };
payments = let publicIPv4 = "192.168.67.21"; in {
imports = [
gridlib.issuer
(import ./virtual-hardware.nix ({ inherit publicIPv4; }))
- (gridlib.customize-issuer config sshUsers monitoringvpnKeyDir "172.23.23.11" "19.03")
+ (gridlib.customize-issuer (config // {
+ monitoringvpnIPv4 = "172.23.23.11";
+ }))
];
};
@@ -20,7 +24,7 @@ let
imports = [
gridlib.storage
(import ./virtual-hardware.nix ({ inherit publicIPv4; }))
- (gridlib.customize-storage config sshUsers publicIPv4 monitoringvpnKeyDir "172.23.23.12" "19.09")
+ (gridlib.customize-storage config config.sshUsers publicIPv4 config.monitoringvpnKeyDir "172.23.23.12" "19.09")
];
};
@@ -28,7 +32,7 @@ let
imports = [
gridlib.storage
(import ./virtual-hardware.nix ({ inherit publicIPv4; }))
- (gridlib.customize-storage config sshUsers publicIPv4 monitoringvpnKeyDir "172.23.23.13" "19.09")
+ (gridlib.customize-storage config config.sshUsers publicIPv4 config.monitoringvpnKeyDir "172.23.23.13" "19.09")
];
};
@@ -36,7 +40,7 @@ let
imports = [
gridlib.monitoring
(import ./virtual-hardware.nix ({ inherit publicIPv4; }))
- (gridlib.customize-monitoring hostsMap monitoringvpnKeyDir publicIPv4 "172.23.23.1" vpnClientIPs nodeExporterTargets [] "19.09")
+ (gridlib.customize-monitoring hostsMap config.monitoringvpnKeyDir publicIPv4 "172.23.23.1" vpnClientIPs nodeExporterTargets [] "19.09")
];
};
diff --git a/morph/grid/production/grid.nix b/morph/grid/production/grid.nix
index 0a86aa14..9b7c4979 100644
--- a/morph/grid/production/grid.nix
+++ b/morph/grid/production/grid.nix
@@ -3,17 +3,21 @@ let
pkgs = import <nixpkgs> { };
gridlib = import ../../lib;
- config = pkgs.lib.trivial.importJSON ./config.json;
- sshUsers = import ./secrets/users.nix;
+ rawConfig = pkgs.lib.trivial.importJSON ./config.json;
+ config = rawConfig // {
+ sshUsers = import ./secrets/users.nix;
- # Get absolute vpn key directory path, as a string:
- monitoringvpnKeyDir = toString ./. + "/${config.monitoringvpnKeyDir}";
+ # Get absolute vpn key directory path, as a string:
+ monitoringvpnKeyDir = toString ./. + "/${rawConfig.monitoringvpnKeyDir}";
+ };
"payments.privatestorage.io" = {
imports = [
gridlib.issuer
gridlib.hardware-aws
- (gridlib.customize-issuer config sshUsers monitoringvpnKeyDir "172.23.23.11" "19.03")
+ (gridlib.customize-issuer (config // {
+ monitoringvpnIPv4 = "172.23.23.11";
+ }))
];
};
@@ -21,7 +25,7 @@ let
imports = [
gridlib.monitoring
gridlib.hardware-aws
- (gridlib.customize-monitoring hostsMap monitoringvpnKeyDir publicIPv4 "172.23.23.1" vpnClientIPs nodeExporterTargets [] "19.09")
+ (gridlib.customize-monitoring hostsMap config.monitoringvpnKeyDir publicIPv4 "172.23.23.1" vpnClientIPs nodeExporterTargets [] "19.09")
];
};
@@ -39,7 +43,7 @@ let
gridlib.storage
# Then customize the storage system a little bit based on this node's particulars.
- (gridlib.customize-storage config sshUsers nodecfg.publicIPv4 monitoringvpnKeyDir vpnIP stateVersion)
+ (gridlib.customize-storage config config.sshUsers nodecfg.publicIPv4 config.monitoringvpnKeyDir vpnIP stateVersion)
];
# And supply configuration for those hardware / network / bootloader
diff --git a/morph/grid/testing/grid.nix b/morph/grid/testing/grid.nix
index 0ec06cbb..e5eaf990 100644
--- a/morph/grid/testing/grid.nix
+++ b/morph/grid/testing/grid.nix
@@ -3,17 +3,21 @@ let
pkgs = import <nixpkgs> { };
gridlib = import ../../lib;
- config = pkgs.lib.trivial.importJSON ./config.json;
- sshUsers = import ./secrets/users.nix;
+ rawConfig = pkgs.lib.trivial.importJSON ./config.json;
+ config = rawConfig // {
+ sshUsers = import ./secrets/users.nix;
- # Get absolute vpn key directory path, as a string:
- monitoringvpnKeyDir = toString ./. + "/${config.monitoringvpnKeyDir}";
+ # Get absolute vpn key directory path, as a string:
+ monitoringvpnKeyDir = toString ./. + "/${rawConfig.monitoringvpnKeyDir}";
+ };
payments = {
imports = [
gridlib.issuer
gridlib.hardware-aws
- (gridlib.customize-issuer config sshUsers monitoringvpnKeyDir "172.23.23.11" "19.03")
+ (gridlib.customize-issuer (config // {
+ monitoringvpnIPv4 = "172.23.23.11";
+ }))
];
};
@@ -21,7 +25,7 @@ let
imports = [
gridlib.storage
./testing001-hardware.nix
- (gridlib.customize-storage config sshUsers publicIPv4 monitoringvpnKeyDir "172.23.23.12" "19.03")
+ (gridlib.customize-storage config config.sshUsers publicIPv4 config.monitoringvpnKeyDir "172.23.23.12" "19.03")
];
};
@@ -29,7 +33,7 @@ let
imports = [
gridlib.monitoring
gridlib.hardware-aws
- (gridlib.customize-monitoring hostsMap monitoringvpnKeyDir publicIPv4 "172.23.23.1" vpnClientIPs nodeExporterTargets [] "19.09")
+ (gridlib.customize-monitoring hostsMap config.monitoringvpnKeyDir publicIPv4 "172.23.23.1" vpnClientIPs nodeExporterTargets [] "19.09")
];
};
diff --git a/morph/lib/customize-issuer.nix b/morph/lib/customize-issuer.nix
index a7e82713..7c8356a2 100644
--- a/morph/lib/customize-issuer.nix
+++ b/morph/lib/customize-issuer.nix
@@ -1,7 +1,17 @@
-cfg: sshUsers: monitoringvpnKeyDir: monitoringvpnIPv4: stateVersion: {
+{ ristrettoSigningKeyPath
+, stripeSecretKeyPath
+, monitoringvpnKeyDir
+, monitoringvpnEndpoint
+, monitoringvpnIPv4
+, sshUsers
+, letsEncryptAdminEmail
+, issuerDomains
+, allowedChargeOrigins
+, ...
+}: {
deployment.secrets = {
- "ristretto-signing-key".source = cfg.ristrettoSigningKeyPath;
- "stripe-secret-key".source = cfg.stripeSecretKeyPath;
+ "ristretto-signing-key".source = ristrettoSigningKeyPath;
+ "stripe-secret-key".source = stripeSecretKeyPath;
"monitoringvpn-secret-key".source = "${monitoringvpnKeyDir}/${monitoringvpnIPv4}.key";
"monitoringvpn-preshared-key".source = "${monitoringvpnKeyDir}/preshared.key";
};
@@ -10,14 +20,14 @@ cfg: sshUsers: monitoringvpnKeyDir: monitoringvpnIPv4: stateVersion: {
services.private-storage.monitoring.vpn.client = {
enable = true;
ip = monitoringvpnIPv4;
- endpoint = cfg.monitoringvpnEndpoint;
+ endpoint = monitoringvpnEndpoint;
endpointPublicKeyFile = "${monitoringvpnKeyDir}/server.pub";
};
services.private-storage-issuer = {
- letsEncryptAdminEmail = cfg.letsEncryptAdminEmail;
- domains = cfg.issuerDomains;
- allowedChargeOrigins = cfg.allowedChargeOrigins;
+ letsEncryptAdminEmail = letsEncryptAdminEmail;
+ domains = issuerDomains;
+ allowedChargeOrigins = allowedChargeOrigins;
};
system.stateVersion = "19.03";
--
GitLab