diff --git a/morph/grid/production/grid.nix b/morph/grid/production/grid.nix
index 7b056146c300952f014da6fc57e71ee022ac58a5..fc3b9b5b6a5f3a532c05a42159bbcb2f0e6c798d 100644
--- a/morph/grid/production/grid.nix
+++ b/morph/grid/production/grid.nix
@@ -21,6 +21,7 @@ import ../../lib/make-grid.nix {
#
# The names must be unique!
"payments.privatestorage.io" = import ../../lib/issuer.nix ({
+ publicIPv4 = "18.184.142.208";
inherit sshUsers;
hardware = ../../lib/issuer-aws.nix;
stateVersion = "19.03";
diff --git a/morph/grid/testing/grid.nix b/morph/grid/testing/grid.nix
index 65f97a97fa949ac0eed0249c4b89bd7399ebf436..9d5de19491b02409909fdbb9ca649d22c402ffd2 100644
--- a/morph/grid/testing/grid.nix
+++ b/morph/grid/testing/grid.nix
@@ -13,13 +13,14 @@ import ../../lib/make-grid.nix {
);
sshUsers = importDef {} ../../../../PrivateStorageSecrets/staging-users.nix;
in {
- "payments.privatestorage-staging.com" = import ../../lib/issuer.nix ({
+ "payments" = import ../../lib/issuer.nix ({
+ publicIPv4 = "18.197.42.120";
inherit sshUsers;
hardware = ../../lib/issuer-aws.nix;
stateVersion = "19.03";
} // cfg);
- "3.120.26.190" = import ../../lib/make-testing.nix (cfg // {
+ "storage001" = import ../../lib/make-testing.nix (cfg // {
publicIPv4 = "3.120.26.190";
inherit sshUsers;
hardware = ./testing001-hardware.nix;
diff --git a/morph/lib/issuer.nix b/morph/lib/issuer.nix
index 33c87f70d81e0ad064977ab7204c5484f4d9e7e6..7510b6b82e8b298387394e5ff8082445a2fe18e7 100644
--- a/morph/lib/issuer.nix
+++ b/morph/lib/issuer.nix
@@ -6,9 +6,12 @@
, allowedChargeOrigins
, sshUsers
, stateVersion
+, publicIPv4
, ...
}: {
deployment = {
+ targetHost = publicIPv4;
+
secrets = {
"ristretto-signing-key" = {
source = ristrettoSigningKeyPath;
diff --git a/morph/lib/make-storage.nix b/morph/lib/make-storage.nix
index a9c968c285cf7c252a72b9fb90608a1138c85c66..c286106a18caca4a575305f0fa897aedaac60c55 100644
--- a/morph/lib/make-storage.nix
+++ b/morph/lib/make-storage.nix
@@ -14,6 +14,8 @@
, ...
}: rec {
deployment = {
+ targetHost = cfg.publicIPv4;
+
secrets = {
"ristretto-signing-key" = {
source = ristrettoSigningKeyPath;
diff --git a/morph/lib/make-testing.nix b/morph/lib/make-testing.nix
index bb254d1aa3ef9dd3edaf93693b2bd52f1e42a74c..ee1e2db49ba337578312866f737e216f961dc152 100644
--- a/morph/lib/make-testing.nix
+++ b/morph/lib/make-testing.nix
@@ -1,6 +1,8 @@
{ publicIPv4, hardware, publicStoragePort, ristrettoSigningKeyPath, passValue, sshUsers, stateVersion, ... }: rec {
deployment = {
+ targetHost = publicIPv4;
+
secrets = {
"ristretto-signing-key" = {
source = ristrettoSigningKeyPath;
diff --git a/nixos/modules/issuer.nix b/nixos/modules/issuer.nix
index 7654bf1fc7082afcdc2056a9373deea89bdc4f19..6ad4f1b8fa01d570e8b6e1d5c4acfbeb42757822 100644
--- a/nixos/modules/issuer.nix
+++ b/nixos/modules/issuer.nix
@@ -1,8 +1,6 @@
# A NixOS module which can run a Ristretto-based issuer for PrivateStorage
# ZKAPs.
{ lib, pkgs, config, ... }: let
- pspkgs = pkgs.callPackage ./pspkgs.nix { };
- zkapissuer = pspkgs.callPackage ../pkgs/zkapissuer.nix { };
cfg = config.services.private-storage-issuer;
in {
imports = [
@@ -13,7 +11,7 @@ in {
options = {
services.private-storage-issuer.enable = lib.mkEnableOption "PrivateStorage ZKAP Issuer Service";
services.private-storage-issuer.package = lib.mkOption {
- default = zkapissuer.components.exes."PaymentServer-exe";
+ default = pkgs.zkapissuer.components.exes."PaymentServer-exe";
type = lib.types.package;
example = lib.literalExample "pkgs.zkapissuer.components.exes.\"PaymentServer-exe\"";
description = ''
diff --git a/nixos/modules/leasereport-repo.nix b/nixos/modules/leasereport-repo.nix
deleted file mode 100644
index a474311be4d3e6758748028f1b28c5dd15c06f3a..0000000000000000000000000000000000000000
--- a/nixos/modules/leasereport-repo.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-let
- pkgs = import <nixpkgs> {};
-in
- pkgs.fetchFromGitHub {
- owner = "PrivateStorageio";
- repo = "LeaseReport";
- rev = "92f6567160c1459b5992f1cb8535aee0c23bc093";
- sha256 = "04k1q170n4dwvakgi9gsc8mbbhqzcnygiw51rqyrf9blrsdh5fma";
- }
\ No newline at end of file
diff --git a/nixos/modules/leasereport.nix b/nixos/modules/leasereport.nix
deleted file mode 100644
index a44a8d97bbb1253b3152f22e31ed00ac18642696..0000000000000000000000000000000000000000
--- a/nixos/modules/leasereport.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ callPackage }:
-let
- leasereport = import ./leasereport-repo.nix;
-
- # Pin a particular version of haskell.nix. The particular version isn't
- # special. It's just recent at the time this expression was written and it
- # is known to work with LeaseReport. It could be bumped if necessary but
- # this would probably only happen as a result of bumping the resolver in
- # stack.yaml.
- haskellNixSrc = builtins.fetchTarball https://github.com/input-output-hk/haskell.nix/archive/f6663a8449f5e4a7393aa24601600c8f6e352c97.tar.gz;
-in
- (callPackage "${leasereport}/nix" { inherit haskellNixSrc; }).LeaseReport.components.exes.LeaseReport
diff --git a/nixos/modules/overlays.nix b/nixos/modules/overlays.nix
deleted file mode 100644
index 376ffa56b013764934c3e8cecb5b10426728a1b4..0000000000000000000000000000000000000000
--- a/nixos/modules/overlays.nix
+++ /dev/null
@@ -1,56 +0,0 @@
-let
- # Define a Python packageOverride that puts our version of some Python
- # packages into python27Packages.
- pythonPackageOverride = python-self: python-super: rec {
- # Get our Twisted derivation. Pass in the old one so it can have pieces
- # overridden. It needs to be passed in explicitly because callPackage is
- # specially crafted to always pull attributes from the fixed-point. That
- # is, `python-self.callPackage` and `python-super.callPackage` will *both*
- # try to pass `python-self.twisted`. So we take it upon ourselves to pass
- # the "correct" Twisted (it is correct because we call its override method
- # and that never converges if it is the fixed point Twisted).
- twisted = python-self.callPackage ../pkgs/twisted.nix {
- inherit (python-super) twisted;
- };
-
- # Put in our preferred version of tahoe-lafs as well.
- tahoe-lafs = python-self.callPackage ../pkgs/tahoe-lafs.nix { };
-
- # This is handy too...
- zkapauthorizer = python-self.callPackage ../pkgs/zkapauthorizer.nix {
- # And explicitly configure it with our preferred version of Tahoe-LAFS.
- inherit tahoe-lafs;
- };
- };
-in
-self: super: {
- leasereport = self.callPackage ./leasereport.nix { };
-
- # Use self.python27 to get the fixed point of all packages (that is, to
- # respect all of the overrides). This is important since we want the
- # overridden Twisted as a dependency of this env, not the original one.
- #
- # This might seem to violate the advice to use super for "library
- # functionality" but python27.buildEnv should be considered a derivation
- # instead because it implies a whole mess of derivations (all of the Python
- # modules available).
- privatestorage = self.python27.buildEnv.override
- { # ... for dropin.cache
- ignoreCollisions = true;
- extraLibs =
- [ self.python27Packages.tahoe-lafs
- self.python27Packages.zkapauthorizer
- ];
- };
-
- # Using super.python27 here causes us to define a python27 that overrides
- # the value from the previously overlay, not from the fixed point. This is
- # important because this override never converges.
- python27 = super.python27.override (old: {
- packageOverrides =
- if old ? packageOverrides then
- super.lib.composeExtensions old.packageOverrides pythonPackageOverride
- else
- pythonPackageOverride;
- });
-}
diff --git a/nixos/modules/private-storage.nix b/nixos/modules/private-storage.nix
index 0490af1ee4ebfea20ebcc3acc2e3c59e0a0963d1..52720e618973c57b41aade87585c7ab758abff22 100644
--- a/nixos/modules/private-storage.nix
+++ b/nixos/modules/private-storage.nix
@@ -2,7 +2,6 @@
# preferred configuration for the Private Storage grid.
{ pkgs, lib, config, ... }:
let
- pspkgs = pkgs.callPackage ./pspkgs.nix { };
# Grab the configuration for this module for convenient access below.
cfg = config.services.private-storage;
storage-node-name = "storage";
@@ -32,7 +31,7 @@ in
options =
{ services.private-storage.enable = lib.mkEnableOption "private storage service";
services.private-storage.tahoe.package = lib.mkOption
- { default = pspkgs.privatestorage;
+ { default = pkgs.privatestorage;
type = lib.types.package;
example = lib.literalExample "pkgs.tahoelafs";
description = ''
@@ -154,7 +153,7 @@ in
environment.systemPackages = [
# Provide a useful tool for reporting about shares.
- pspkgs.leasereport
+ pkgs.leasereport
];
};
diff --git a/nixos/modules/pspkgs.nix b/nixos/modules/pspkgs.nix
deleted file mode 100644
index 697bc5a0b4edf4734ac131d40a3584f4e7d5406a..0000000000000000000000000000000000000000
--- a/nixos/modules/pspkgs.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-# Derive a brand new version of pkgs which has our overlays applied. This is
-# where the `privatestorage` derivation is added to nixpkgs.
-{ pkgs }:
-pkgs.extend (import ./overlays.nix)
diff --git a/nixos/modules/tahoe.nix b/nixos/modules/tahoe.nix
index cd7306d64adf955515f44884df04dffcc4d40a5a..330474912a0eb9aecc98fbb71cef9e7f9da15b39 100644
--- a/nixos/modules/tahoe.nix
+++ b/nixos/modules/tahoe.nix
@@ -229,13 +229,12 @@ in
# listening ports and such. This currently doesn't factor into
# our choice but perhaps it could somehow.
#
+ # Tahoe-LAFS has no logic to raise soft limit to hard limit so
+ # make it the same.
+ #
# There is only one IPv4 address assigned to each host right
# now. So it makes sense to have the limit be 2^15 right now.
LimitNOFILE = 32768;
-
- # Tahoe-LAFS has no logic to raise soft limit to hard limit so
- # make it the same.
- LimitNOFILESoft = 32768;
};
preStart =
let
diff --git a/nixos/modules/tests/private-storage.nix b/nixos/modules/tests/private-storage.nix
index ff771bc1a7cc3e9747f32ac758be8e5e4cd58f6d..e085f8bc7142da4067745bdee233c82e7b1e8d1c 100644
--- a/nixos/modules/tests/private-storage.nix
+++ b/nixos/modules/tests/private-storage.nix
@@ -1,7 +1,5 @@
{ pkgs }:
let
- pspkgs = import ../pspkgs.nix { inherit pkgs; };
-
sshPrivateKey = ./probeuser_ed25519;
sshPublicKey = ./probeuser_ed25519.pub;
sshUsers = {
@@ -100,7 +98,7 @@ in {
pkgs.daemonize
# A Tahoe-LAFS configuration capable of using the right storage
# plugin.
- pspkgs.privatestorage
+ pkgs.privatestorage
# Support for the tests we'll run.
(pkgs.python3.withPackages (ps: [ ps.requests ps.hyperlink ]))
];
@@ -179,8 +177,21 @@ in {
# Test the machines with a Perl program (sobbing).
testScript =
''
- # Start booting all the VMs in parallel to speed up operations down below.
- startAll;
+ # Boot the VMs. We used to do them all in parallel but the boot
+ # sequence got flaky at some point for some reason I don't
+ # understand. :/ It might be related to this:
+ #
+ # https://discourse.nixos.org/t/nixos-ppc64le-vm-does-not-have-dev-vda-device/11548/9
+ #
+ # See <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix> for the Nix
+ # that constructs the QEMU command that gets run.
+ #
+ # Boot them one at a time for now.
+ $issuer->connect();
+ $introducer->connect();
+ $storage->connect();
+ $client->connect();
+ $api_stripe_com->connect();
# The issuer and the storage server should accept SSH connections. This
# doesn't prove it is so but if it fails it's a pretty good indication
diff --git a/nixos/modules/tests/tahoe.nix b/nixos/modules/tests/tahoe.nix
index be3d51a0c4fbfd4cac73b4a990c4507dcb6b674e..df7acdf3cde3e8101a1119dbce127b17a68ef589 100644
--- a/nixos/modules/tests/tahoe.nix
+++ b/nixos/modules/tests/tahoe.nix
@@ -6,7 +6,7 @@
];
services.tahoe.nodes.storage = {
- package = (pkgs.callPackage ../pspkgs.nix { }).privatestorage;
+ package = pkgs.privatestorage;
sections = {
node = {
nickname = "storage";
diff --git a/nixos/modules/zkap-overlay.nix b/nixos/modules/zkap-overlay.nix
deleted file mode 100644
index 167a9b9fff0ba388951937cb12ff92eaf3d6477b..0000000000000000000000000000000000000000
--- a/nixos/modules/zkap-overlay.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-let
- src = import ../pkgs/zkapauthorizer-repo.nix;
-in
- import "${src}/overlays.nix"
diff --git a/nixos/pkgs/tahoe-lafs-repo.nix b/nixos/pkgs/tahoe-lafs-repo.nix
deleted file mode 100644
index dd5ecbb6b6e91160edd42a659d218c8e8bcdf9f4..0000000000000000000000000000000000000000
--- a/nixos/pkgs/tahoe-lafs-repo.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-let
- pkgs = import <nixpkgs> {};
-in
- pkgs.fetchFromGitHub {
- owner = "tahoe-lafs";
- repo = "tahoe-lafs";
- rev = "23e1223c94330741f5b1dda476c3aeb42c3a012f";
- sha256 = "1zh37rvkiigciwadgrjvnq9519lap1c260v8593g65qrpc1zwjxz";
- }
\ No newline at end of file
diff --git a/nixos/pkgs/tahoe-lafs.nix b/nixos/pkgs/tahoe-lafs.nix
deleted file mode 100644
index 3289c5f5761df1ea60b33d3ef3d64d4dd0e3e1cb..0000000000000000000000000000000000000000
--- a/nixos/pkgs/tahoe-lafs.nix
+++ /dev/null
@@ -1,5 +0,0 @@
-{ callPackage }:
-let
- tahoe-lafs-repo = import ./tahoe-lafs-repo.nix;
-in
- callPackage "${tahoe-lafs-repo}/nix" { }
diff --git a/nixos/pkgs/twisted.nix b/nixos/pkgs/twisted.nix
deleted file mode 100644
index efa56cd0c924880559f554636f7ea5975e8df56e..0000000000000000000000000000000000000000
--- a/nixos/pkgs/twisted.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ twisted }:
-twisted.overrideAttrs (old: {
- prePatch = old.patchPhase;
- patchPhase = null;
- # Add a patch which adds more logging to a namer resolver failure case. The
- # NixOS system test harness might be setting up a weird semi-broken system
- # that provokes a weird behavior out of getaddrinfo() that Twisted doesn't
- # normally handle. The logging can help with debugging this case. We
- # should think about upstreaming something related to this.
- patches = (if old ? "patches" then old.patches else []) ++ [ ./twisted.patch ];
-})
diff --git a/nixos/pkgs/twisted.patch b/nixos/pkgs/twisted.patch
deleted file mode 100644
index 9f50368c8cffe60a819306687b5f78df228d4b61..0000000000000000000000000000000000000000
--- a/nixos/pkgs/twisted.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-diff --git a/src/twisted/internet/_resolver.py b/src/twisted/internet/_resolver.py
-index 1c16174a2..8c8249db4 100644
---- a/src/twisted/internet/_resolver.py
-+++ b/src/twisted/internet/_resolver.py
-@@ -74,6 +74,8 @@ class GAIResolver(object):
- L{getaddrinfo} in a thread.
- """
-
-+ _log = Logger()
-+
- def __init__(self, reactor, getThreadPool=None, getaddrinfo=getaddrinfo):
- """
- Create a L{GAIResolver}.
-@@ -124,6 +126,9 @@ class GAIResolver(object):
- socketType)
- except gaierror:
- return []
-+ except Exception as e:
-+ self._log.failure("Problem resolving {hostName}", hostName=hostName)
-+ return []
- d = deferToThreadPool(self._reactor, pool, get)
- resolution = HostResolution(hostName)
- resolutionReceiver.resolutionBegan(resolution)
diff --git a/nixos/pkgs/zkapauthorizer-repo.nix b/nixos/pkgs/zkapauthorizer-repo.nix
deleted file mode 100644
index 595e7b4c8f6e5336fe48c50b22a7a9cc8b8d00db..0000000000000000000000000000000000000000
--- a/nixos/pkgs/zkapauthorizer-repo.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-let
- pkgs = import <nixpkgs> {};
-in
- pkgs.fetchFromGitHub {
- owner = "PrivateStorageio";
- repo = "ZKAPAuthorizer";
- rev = "e4430a0050cef286b723da7f8013c7affd5a58f7";
- sha256 = "148d79zppsd6bnyagbx126s9x9yy975dx6rrbm26dh98kl1r8mbh";
- }
\ No newline at end of file
diff --git a/nixos/pkgs/zkapauthorizer.nix b/nixos/pkgs/zkapauthorizer.nix
deleted file mode 100644
index a76a770ec0678a22c44e07c5e0761851f9920dbc..0000000000000000000000000000000000000000
--- a/nixos/pkgs/zkapauthorizer.nix
+++ /dev/null
@@ -1 +0,0 @@
-import "${import ./zkapauthorizer-repo.nix}/default.nix"
diff --git a/nixos/pkgs/zkapissuer-repo.nix b/nixos/pkgs/zkapissuer-repo.nix
deleted file mode 100644
index 54242c06d5eed318873e595b065a3fae0006efd4..0000000000000000000000000000000000000000
--- a/nixos/pkgs/zkapissuer-repo.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-let
- pkgs = import <nixpkgs> {};
-in
- pkgs.fetchFromGitHub {
- owner = "PrivateStorageio";
- repo = "PaymentServer";
- rev = "139323f403fa0847606f8e58d950b68f0dc59105";
- sha256 = "0jx5h469hvc8i7k61cj2240z6gwza0l5zlm55wj1kd0dqgigi0lj";
- }
\ No newline at end of file
diff --git a/nixos/pkgs/zkapissuer.nix b/nixos/pkgs/zkapissuer.nix
deleted file mode 100644
index 2cf44d8fc9d3b7c08d870e8bcb01e89a30c75dba..0000000000000000000000000000000000000000
--- a/nixos/pkgs/zkapissuer.nix
+++ /dev/null
@@ -1,5 +0,0 @@
-{ callPackage }:
-let
- paymentServer = import ./zkapissuer-repo.nix;
-in
- (callPackage "${paymentServer}/nix" { }).PaymentServer
diff --git a/nixpkgs.json b/nixpkgs.json
index 25e71e44cd7635329b2dd2e0b43d662165c51328..eb12fb3463b0fbed00b37329ab74afe38588de03 100644
--- a/nixpkgs.json
+++ b/nixpkgs.json
@@ -1,3 +1,4 @@
-{ "url": "https://github.com/NixOS/nixpkgs-channels/archive/353333ef340952c05332e3c271dff953264cb017.tar.gz"
-, "sha256": "sha256:0bv34yz892yxhx2kb8a1yr5pm0g8ck5w021yj87r7kfnp416apdh"
+{ "name": "nixpkgs"
+, "url": "https://github.com/PrivateStorageio/nixpkgs/archive/31c7a57bd9972979275fbfd9e490bfb502154c11.tar.gz"
+, "sha256": "0chvfxi2xcqhnabivjych8xdz7lm9svkvribjssyyaxc54xpql24"
}
diff --git a/shell.nix b/shell.nix
index 26aaad6035ca9b16f36eb832d591bddce8a93cbb..b15b7c66b110a785480142c3b1d34b3d365004f6 100644
--- a/shell.nix
+++ b/shell.nix
@@ -4,19 +4,9 @@ let
nixpkgs = import nixpkgs-src { };
in
{ pkgs ? nixpkgs }:
-let
- # Get a version of Morph known to work with our version of NixOS.
- morph-src = pkgs.fetchFromGitHub {
- owner = "DBCDK";
- repo = "morph";
- rev = "3856a9c2f733192dee1600b8655715d760ba1803";
- hash = "sha256:0jhypvj45yjg4cn4rvb2j9091pl6z5j541vcfaln5sb3ds14fkwf";
- };
- morph = pkgs.callPackage (morph-src + "/nix-packaging") { };
-in
pkgs.mkShell {
- NIX_PATH = "nixpkgs=${nixpkgs-pin.url}";
+ NIX_PATH = "nixpkgs=${nixpkgs.path}";
buildInputs = [
- morph
+ pkgs.morph
];
}