From 34eefcd72c853245db49b6061986fbcb3cc6b4fa Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone <exarkun@twistedmatrix.com> Date: Thu, 24 Jun 2021 10:34:53 -0400 Subject: [PATCH] Storage-related documentation and cleanups --- morph/lib/customize-storage.nix | 23 ++++++++++++++++++----- morph/lib/storage.nix | 24 +++--------------------- 2 files changed, 21 insertions(+), 26 deletions(-) diff --git a/morph/lib/customize-storage.nix b/morph/lib/customize-storage.nix index 2153d78a..b9d25e98 100644 --- a/morph/lib/customize-storage.nix +++ b/morph/lib/customize-storage.nix @@ -1,11 +1,24 @@ -{ ristrettoSigningKeyPath -, passValue -, publicStoragePort -, sshUsers -, publicIPv4 +# Define a function which returns a value which fills in all the holes left by +# ``storage.nix``. +{ + # See ``customize-issuer.nix`` + ristrettoSigningKeyPath , monitoringvpnKeyDir , monitoringvpnEndpoint , monitoringvpnIPv4 +, sshUsers + + # An integer giving the value of a single pass in byte×months. +, passValue + + # An integer giving the port number to include in Tahoe storage service + # advertisements and on which to listen for storage connections. +, publicStoragePort + + # XXX To be removed +, publicIPv4 + + # A string giving the NixOS state version for the system. , stateVersion , ... }: { diff --git a/morph/lib/storage.nix b/morph/lib/storage.nix index 2835e024..1cac51b4 100644 --- a/morph/lib/storage.nix +++ b/morph/lib/storage.nix @@ -1,8 +1,9 @@ +# Similar to ``issuer.nix`` but for a "storage"-type system. Holes are filled +# by ``customize-storage.nix``. rec { deployment = { secrets = { "ristretto-signing-key" = { - # source = ...; destination = "/run/keys/ristretto.signing-key"; owner.user = "root"; owner.group = "root"; @@ -13,7 +14,6 @@ rec { action = ["sudo" "systemctl" "restart" "tahoe.storage.service"]; }; "monitoringvpn-secret-key" = { - # source = ...; destination = "/run/keys/monitoringvpn/client.key"; owner.user = "root"; owner.group = "root"; @@ -21,7 +21,6 @@ rec { action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"]; }; "monitoringvpn-preshared-key" = { - # source = ...; destination = "/run/keys/monitoringvpn/preshared.key"; owner.user = "root"; owner.group = "root"; @@ -46,24 +45,7 @@ rec { services.private-storage = { # Yep. Turn it on. enable = true; - # Get the public IPv4 address from the node configuration. - # inherit (cfg) publicIPv4; - # And the port to operate on is specified via parameter. - # inherit publicStoragePort; - # Give it the Ristretto signing key, too, to support authorization. + # Give it the Ristretto signing key to support authorization. ristrettoSigningKeyPath = deployment.secrets.ristretto-signing-key.destination; - # Assign the configured pass value. - # inherit passValue; - # It gets the users, too. - # sshUsers = ...; - }; - - # system.stateVersion = ...' - - services.private-storage.monitoring.vpn.client = { - # enable = ...; - # ip = ...; - # endpoint = ...; - # endpointPublicKeyFile = ...; }; } -- GitLab