From 34eefcd72c853245db49b6061986fbcb3cc6b4fa Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Thu, 24 Jun 2021 10:34:53 -0400
Subject: [PATCH] Storage-related documentation and cleanups

---
 morph/lib/customize-storage.nix | 23 ++++++++++++++++++-----
 morph/lib/storage.nix           | 24 +++---------------------
 2 files changed, 21 insertions(+), 26 deletions(-)

diff --git a/morph/lib/customize-storage.nix b/morph/lib/customize-storage.nix
index 2153d78a..b9d25e98 100644
--- a/morph/lib/customize-storage.nix
+++ b/morph/lib/customize-storage.nix
@@ -1,11 +1,24 @@
-{ ristrettoSigningKeyPath
-, passValue
-, publicStoragePort
-, sshUsers
-, publicIPv4
+# Define a function which returns a value which fills in all the holes left by
+# ``storage.nix``.
+{
+  # See ``customize-issuer.nix``
+  ristrettoSigningKeyPath
 , monitoringvpnKeyDir
 , monitoringvpnEndpoint
 , monitoringvpnIPv4
+, sshUsers
+
+  # An integer giving the value of a single pass in byte×months.
+, passValue
+
+  # An integer giving the port number to include in Tahoe storage service
+  # advertisements and on which to listen for storage connections.
+, publicStoragePort
+
+  # XXX To be removed
+, publicIPv4
+
+  # A string giving the NixOS state version for the system.
 , stateVersion
 , ...
 }: {
diff --git a/morph/lib/storage.nix b/morph/lib/storage.nix
index 2835e024..1cac51b4 100644
--- a/morph/lib/storage.nix
+++ b/morph/lib/storage.nix
@@ -1,8 +1,9 @@
+# Similar to ``issuer.nix`` but for a "storage"-type system.  Holes are filled
+# by ``customize-storage.nix``.
 rec {
   deployment = {
     secrets = {
       "ristretto-signing-key" = {
-        # source = ...;
         destination = "/run/keys/ristretto.signing-key";
         owner.user = "root";
         owner.group = "root";
@@ -13,7 +14,6 @@ rec {
         action = ["sudo" "systemctl" "restart" "tahoe.storage.service"];
       };
       "monitoringvpn-secret-key" = {
-        # source = ...;
         destination = "/run/keys/monitoringvpn/client.key";
         owner.user = "root";
         owner.group = "root";
@@ -21,7 +21,6 @@ rec {
         action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
       };
       "monitoringvpn-preshared-key" = {
-        # source = ...;
         destination = "/run/keys/monitoringvpn/preshared.key";
         owner.user = "root";
         owner.group = "root";
@@ -46,24 +45,7 @@ rec {
   services.private-storage = {
     # Yep.  Turn it on.
     enable = true;
-    # Get the public IPv4 address from the node configuration.
-    # inherit (cfg) publicIPv4;
-    # And the port to operate on is specified via parameter.
-    # inherit publicStoragePort;
-    # Give it the Ristretto signing key, too, to support authorization.
+    # Give it the Ristretto signing key to support authorization.
     ristrettoSigningKeyPath = deployment.secrets.ristretto-signing-key.destination;
-    # Assign the configured pass value.
-    # inherit passValue;
-    # It gets the users, too.
-    # sshUsers = ...;
-  };
-
-  # system.stateVersion = ...'
-
-  services.private-storage.monitoring.vpn.client = {
-    # enable = ...;
-    # ip = ...;
-    # endpoint = ...;
-    # endpointPublicKeyFile = ...;
   };
 }
-- 
GitLab