diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 1f037fbf9603b91a3f511c290c9ec65b2bcca914..fe9fbe14c982dd6ba69f3af7101a07b001f59cc0 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -88,11 +88,6 @@ morph-build-staging:
variables:
GRID: "testing"
-morph-build-hro-cloud:
- <<: *MORPH_BUILD
- variables:
- GRID: "hro-cloud"
-
morph-build-production:
<<: *MORPH_BUILD
variables:
@@ -169,22 +164,6 @@ deploy-to-production:
name: "production"
url: "https://monitoring.private.storage/"
-# Update the hro-cloud deployment - only on a commit to the hro-cloud branch.
-deploy-to-hro-cloud:
- <<: *UPDATE_GRID
-
- # https://docs.gitlab.com/ee/ci/yaml/#rules
- rules:
- # https://docs.gitlab.com/ee/ci/yaml/index.html#rulesif
- # https://docs.gitlab.com/ee/ci/jobs/job_control.html#cicd-variable-expressions
- # https://docs.gitlab.com/ee/ci/variables/predefined_variables.html
- - if: '$CI_COMMIT_BRANCH == "hro-cloud"'
-
- environment:
- # See notes in `update-staging`.
- name: "hro-cloud"
- url: "https://monitoring.deerfield.leastauthority.com/"
-
update-nixpkgs:
<<: *RUN_ON_SCHEDULE
stage: "build"
@@ -208,14 +187,3 @@ update-production:
"$CI_PROJECT_ID" \
"develop" \
"production"
-
-update-hro-cloud:
- <<: *RUN_ON_SCHEDULE
- stage: "build"
- script:
- - |
- ./ci-tools/update-production \
- "$CI_SERVER_URL" \
- "$CI_PROJECT_ID" \
- "develop" \
- "hro-cloud"
diff --git a/ci-tools/update-grid-servers b/ci-tools/update-grid-servers
index 51ebc6211bf42a48e0e0c7535ffc343f9c58617c..0b8c265bc832512e42cfb7ec4940053b8d4172d3 100755
--- a/ci-tools/update-grid-servers
+++ b/ci-tools/update-grid-servers
@@ -61,11 +61,6 @@ update_grid_nodes() {
domain=private.storage
;;
- "hro-cloud")
- grid_dir=./morph/grid/hro-cloud
- domain=deerfield.leastauthority.com
- ;;
-
"staging")
grid_dir=./morph/grid/testing
domain=privatestorage-staging.com
diff --git a/ci-tools/update-production b/ci-tools/update-production
index a3c4cd64cf3f343b76a552e56bc3854d8270f2c7..26f3868ec515bedd46713b7fece03266681090ad 100755
--- a/ci-tools/update-production
+++ b/ci-tools/update-production
@@ -78,7 +78,7 @@ describe_update() {
local TARGET_BRANCH=$1
shift
- # Since the target (production or hro-cloud) should not diverge from the source
+ # Since the target (production) should not diverge from the source
# (develop) it is fine to use `..` instead of `...` in the git ranges here.
# `...` encounters problems related to discovering the merge base because
# of the way GitLab manages the git checkout on CI (I think).
diff --git a/morph/grid/hro-cloud/.gitignore b/morph/grid/hro-cloud/.gitignore
deleted file mode 100644
index e3b6111c86090b06c38b9e5afd1fcd16838ddf47..0000000000000000000000000000000000000000
--- a/morph/grid/hro-cloud/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-private-keys
diff --git a/morph/grid/hro-cloud/config.json b/morph/grid/hro-cloud/config.json
deleted file mode 100644
index 191e375166967d4f7d06833196fbac209615c940..0000000000000000000000000000000000000000
--- a/morph/grid/hro-cloud/config.json
+++ /dev/null
@@ -1,19 +0,0 @@
-{ "domain": "deerfield.leastauthority.com"
-, "publicStoragePort": 8898
-, "privateKeyPath": "./private-keys"
-, "publicKeyPath": "./public-keys"
-, "monitoringvpnEndpoint": "monitoring.deerfield.leastauthority.com:51820"
-, "passValue": 1000000
-, "tokensPerVoucher": 150000
-, "issuerDomains": [
- "payments.deerfield.leastauthority.com"
- ]
-, "monitoringDomains": [
- "monitoring.deerfield.leastauthority.com"
-]
-, "letsEncryptAdminEmail": "infrastructure@leastauthority.com"
-, "allowedChargeOrigins": [
- "https://leastauthority.com"
- ]
-, "monitoringGoogleOAuthClientID": ""
-}
diff --git a/morph/grid/hro-cloud/grid.nix b/morph/grid/hro-cloud/grid.nix
deleted file mode 100644
index 56bdb1b6cc3e06d0b6a990193272ab36ea45c53f..0000000000000000000000000000000000000000
--- a/morph/grid/hro-cloud/grid.nix
+++ /dev/null
@@ -1,128 +0,0 @@
-# See morph/grid/local/grid.nix for additional commentary.
-let
- gridlib = import ../../lib;
- grid-config = builtins.fromJSON (builtins.readFile ./config.json);
-
- # Module with per-grid configuration
- grid-module = {config, ...}: {
- imports = [
- gridlib.base
- # Allow us to remotely trigger updates to this system.
- ../../../nixos/modules/deployment.nix
- # Give it a good SSH configuration.
- ../../../nixos/modules/ssh.nix
- ];
- services.private-storage.sshUsers = import ./public-keys/users.nix;
- networking.domain = grid-config.domain;
- # Convert relative paths to absolute so library code can resolve names
- # correctly.
- grid = {
- publicKeyPath = toString ./. + "/${grid-config.publicKeyPath}";
- privateKeyPath = toString ./. + "/${grid-config.privateKeyPath}";
- inherit (grid-config) monitoringvpnEndpoint letsEncryptAdminEmail;
- };
- # Configure deployment management authorization for all systems in the grid.
- services.private-storage.deployment = {
- authorizedKey = builtins.readFile "${config.grid.publicKeyPath}/deploy_key.pub";
- gridName = "hro-cloud";
- };
- };
- payments = {
- imports = [
- gridlib.issuer
- gridlib.hardware-payments-ovh
- grid-module
- ];
- config = {
- grid.monitoringvpnIPv4 = "172.23.23.11";
- grid.issuer = {
- inherit (grid-config) issuerDomains allowedChargeOrigins tokensPerVoucher;
- };
- };
- };
-
- monitoring = {
- imports = [
- gridlib.monitoring
- gridlib.hardware-monitoring-ovh
- grid-module
- ];
- config = {
- grid.monitoringvpnIPv4 = "172.23.23.1";
- grid.monitoring = {
- inherit paymentExporterTargets blackboxExporterHttpsTargets;
- inherit (grid-config) monitoringDomains;
- googleOAuthClientID = grid-config.monitoringGoogleOAuthClientID;
- enableSlackAlert = false;
- };
- system.stateVersion = "19.09";
- };
- };
-
- defineStorageNode = name: { vpnIP, stateVersion }:
- let
- nodecfg = import (./. + "/${name}-config.nix");
- hardware = (./. + "/${name}-hardware.nix");
- in {
- imports = [
- # Get some of the very lowest-level system configuration for this
- # node. This isn't all *completely* hardware related. Maybe some
- # more factoring is in order, someday.
- hardware
-
- # Slightly awkwardly, enable some of our hardware / network / bootloader options.
- ../../../nixos/modules/100tb.nix
-
- # At least some of our storage nodes utilize MegaRAID storage controllers.
- # Monitor their array status.
- ../../../nixos/modules/monitoring/exporters/megacli2prom.nix
-
- # Get all of the configuration that is common across all storage nodes.
- gridlib.storage
- # Also configure deployment management authorization
- grid-module
- ];
-
- config = {
- grid.monitoringvpnIPv4 = vpnIP;
- grid.storage = {
- inherit (grid-config) passValue publicStoragePort;
- };
- system.stateVersion = stateVersion;
-
- # And supply configuration for those hardware / network / bootloader
- # options. See the 100tb module for handling of this value. The module
- # name is quoted because `1` makes `100tb` look an awful lot like a
- # number.
- "100tb".config = nodecfg;
-
- # Enable statistics gathering for MegaRAID cards.
- # TODO would be nice to enable only on machines that have such a device.
- services.private-storage.monitoring.exporters.megacli2prom.enable = true;
-
- # Disable Borg Backup for this grid!
- services.private-storage.borgbackup.enable = false;
- };
- };
-
- # Define all of the storage nodes for this grid.
- storageNodes = builtins.mapAttrs defineStorageNode {
- storage001 = { vpnIP = "172.23.23.21"; stateVersion = "19.09"; };
- storage002 = { vpnIP = "172.23.23.22"; stateVersion = "19.09"; };
- storage003 = { vpnIP = "172.23.23.23"; stateVersion = "19.09"; };
- };
-
- paymentExporterTargets = [ "payments.monitoringvpn" ];
- blackboxExporterHttpsTargets = [
- "https://payments.deerfield.leastauthority.com/"
- "https://monitoring.deerfield.leastauthority.com/"
- ];
-
-in {
- network = {
- description = "HRO Grid";
- inherit (gridlib) pkgs;
- };
- inherit payments;
- inherit monitoring;
-} // storageNodes
diff --git a/morph/grid/hro-cloud/public-keys/deploy_key.pub b/morph/grid/hro-cloud/public-keys/deploy_key.pub
deleted file mode 100644
index e3ea3b63fdd3b7681433418892389da27ccb2c34..0000000000000000000000000000000000000000
--- a/morph/grid/hro-cloud/public-keys/deploy_key.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICB19iufUtpjsneYd46n4uJHudYeNROsgm6+BfZfQVuh hro-cloud-deploy
\ No newline at end of file
diff --git a/morph/grid/hro-cloud/public-keys/monitoringvpn/172.23.23.1.pub b/morph/grid/hro-cloud/public-keys/monitoringvpn/172.23.23.1.pub
deleted file mode 100644
index 5e1f8829e4ce978bbfb35c86ab5578c9bfedf971..0000000000000000000000000000000000000000
--- a/morph/grid/hro-cloud/public-keys/monitoringvpn/172.23.23.1.pub
+++ /dev/null
@@ -1 +0,0 @@
-An7g9oexXQizNu6PTNWuLHDprwd5GydHHd2fuImvhGs=
diff --git a/morph/grid/hro-cloud/public-keys/monitoringvpn/172.23.23.11.pub b/morph/grid/hro-cloud/public-keys/monitoringvpn/172.23.23.11.pub
deleted file mode 100644
index ca6afb607f2cb4197e2db5e087727a15e6e9baca..0000000000000000000000000000000000000000
--- a/morph/grid/hro-cloud/public-keys/monitoringvpn/172.23.23.11.pub
+++ /dev/null
@@ -1 +0,0 @@
-mVXVGBpS/rHp5qQG8izNdP/Tpj5TXO9CA4CGJ5c0cXk=
diff --git a/morph/grid/hro-cloud/public-keys/monitoringvpn/172.23.23.21.pub b/morph/grid/hro-cloud/public-keys/monitoringvpn/172.23.23.21.pub
deleted file mode 100644
index ebd2e8f75964b0dec876a52022b2702e6361e48e..0000000000000000000000000000000000000000
--- a/morph/grid/hro-cloud/public-keys/monitoringvpn/172.23.23.21.pub
+++ /dev/null
@@ -1 +0,0 @@
-aKsdXaE+1YINE71pX2BLiaIrxeSXbr/F/lHo/gDSxG4=
diff --git a/morph/grid/hro-cloud/public-keys/monitoringvpn/172.23.23.22.pub b/morph/grid/hro-cloud/public-keys/monitoringvpn/172.23.23.22.pub
deleted file mode 100644
index 2f5ca047322a49b71c4451bba1c924477cf67239..0000000000000000000000000000000000000000
--- a/morph/grid/hro-cloud/public-keys/monitoringvpn/172.23.23.22.pub
+++ /dev/null
@@ -1 +0,0 @@
-GCnw0k/Y4HDkRCSpZ/hrpMIGQt6LViS7ub25cpbHm3Q=
diff --git a/morph/grid/hro-cloud/public-keys/monitoringvpn/172.23.23.23.pub b/morph/grid/hro-cloud/public-keys/monitoringvpn/172.23.23.23.pub
deleted file mode 100644
index 07cf3a9af3a8d9fcd708ddbab6dfd049c0409a7e..0000000000000000000000000000000000000000
--- a/morph/grid/hro-cloud/public-keys/monitoringvpn/172.23.23.23.pub
+++ /dev/null
@@ -1 +0,0 @@
-8xMB69/yQDyjfXbPWn3VWqXKqRT/yCZ/RGjy1hLBE2Y=
diff --git a/morph/grid/hro-cloud/public-keys/monitoringvpn/172.23.23.24.pub b/morph/grid/hro-cloud/public-keys/monitoringvpn/172.23.23.24.pub
deleted file mode 100644
index c54c728a732d7ca083f9f5ac9e1cb7d82475101f..0000000000000000000000000000000000000000
--- a/morph/grid/hro-cloud/public-keys/monitoringvpn/172.23.23.24.pub
+++ /dev/null
@@ -1 +0,0 @@
-fPUnFOzBZRJDBdSR6iS5AaC40KKy/2REiM16hx+woxk=
diff --git a/morph/grid/hro-cloud/public-keys/monitoringvpn/172.23.23.25.pub b/morph/grid/hro-cloud/public-keys/monitoringvpn/172.23.23.25.pub
deleted file mode 100644
index 0ae6bb2adee18a318237aa020ab222be0b240aa9..0000000000000000000000000000000000000000
--- a/morph/grid/hro-cloud/public-keys/monitoringvpn/172.23.23.25.pub
+++ /dev/null
@@ -1 +0,0 @@
-qS4rT+zjWrbXDhtEF4oyGv8/5oCIE1ZU9FF+O6AL8V4=
diff --git a/morph/grid/hro-cloud/public-keys/monitoringvpn/server.pub b/morph/grid/hro-cloud/public-keys/monitoringvpn/server.pub
deleted file mode 100644
index 5e1f8829e4ce978bbfb35c86ab5578c9bfedf971..0000000000000000000000000000000000000000
--- a/morph/grid/hro-cloud/public-keys/monitoringvpn/server.pub
+++ /dev/null
@@ -1 +0,0 @@
-An7g9oexXQizNu6PTNWuLHDprwd5GydHHd2fuImvhGs=
diff --git a/morph/grid/hro-cloud/public-keys/users.nix b/morph/grid/hro-cloud/public-keys/users.nix
deleted file mode 100644
index 290993e21fed80bcf3c3d8e7e1e6058e1c4ea443..0000000000000000000000000000000000000000
--- a/morph/grid/hro-cloud/public-keys/users.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-let
- bdonneaux = [
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZtWY7t8HVnaz6bluYsrAlzZC3MZtb8g0nO5L5fCQKR cardno:000619776016"
- ];
- flo = [
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII6EUU/KNDr7y3m5OVWBZAuPiMJ4us3YOBEhxpG29yPN flo@la"
- ];
- lastresort = [
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE1hy9mPkJI+7mY2Uq6CLpuFMMLOTfiY2sRJHwpihgRt cardno:26 269 859"
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPYMUVNuWr2y+FL1GxW6S6jb3BWYhbzJ2zhvQVKu2ll cardno:23 845 763"
- ];
-in {
- "root" = bdonneaux ++ flo ++ lastresort;
- inherit bdonneaux;
- inherit flo;
- inherit lastresort;
-}
diff --git a/morph/grid/hro-cloud/storage001-config.nix b/morph/grid/hro-cloud/storage001-config.nix
deleted file mode 100644
index 0bd4c2fb022f2a789eae876773eeb33b1f6c476c..0000000000000000000000000000000000000000
--- a/morph/grid/hro-cloud/storage001-config.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-#100tb
-{ "hostId" = "00000001";
- "interface" = "eno1";
- "publicIPv4" = "185.225.209.174";
- "prefixLength" = 24;
- "gateway" = "185.225.209.1";
- "gatewayInterface" = "eno1";
-}
diff --git a/morph/grid/hro-cloud/storage001-hardware.nix b/morph/grid/hro-cloud/storage001-hardware.nix
deleted file mode 100644
index 65ed08db328479b2154d91700de058f51e9866e5..0000000000000000000000000000000000000000
--- a/morph/grid/hro-cloud/storage001-hardware.nix
+++ /dev/null
@@ -1,37 +0,0 @@
-# NixOS configuration specific to this node
-{ config, lib, pkgs, ... }:
-
-{
- imports =
- [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
-
- boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
- boot.initrd.kernelModules = [ ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
- boot.kernel.sysctl = { "vm.swappiness" = 1; };
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/d0837e6f-72cb-4ffa-85ba-fd57bbbd9a97";
- fsType = "ext4";
- };
-
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/915E-08F9";
- fsType = "vfat";
- };
-
- fileSystems."/storage" =
- { device = "root";
- fsType = "zfs";
- };
-
- swapDevices = [ {
- device = "/dev/disk/by-partuuid/9f8f4ed8-9c26-45ff-ba1b-648a3babc050";
- randomEncryption = true;
- } ];
-
- nix.settings.max-jobs = lib.mkDefault 24;
- powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-}
diff --git a/morph/grid/hro-cloud/storage002-config.nix b/morph/grid/hro-cloud/storage002-config.nix
deleted file mode 100644
index 3ae425ade41ab36156be67cce2ceb0e455b9290c..0000000000000000000000000000000000000000
--- a/morph/grid/hro-cloud/storage002-config.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-#Servermania
-{ "hostId" = "00000002";
- "interface" = "eno1";
- "publicIPv4" = "38.170.241.34";
- "prefixLength" = 29;
- "gateway" = "38.170.241.33";
- "gatewayInterface" = "eno1";
-}
diff --git a/morph/grid/hro-cloud/storage002-hardware.nix b/morph/grid/hro-cloud/storage002-hardware.nix
deleted file mode 100644
index e12dc954677c6893fa50bfb81a6f2d76b4b719fb..0000000000000000000000000000000000000000
--- a/morph/grid/hro-cloud/storage002-hardware.nix
+++ /dev/null
@@ -1,39 +0,0 @@
-# NixOS configuration specific to this node
-{ config, lib, pkgs, ... }:
-
-{
- imports =
- [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
-
- boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "ehci_pci" "megaraid_sas" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
- boot.initrd.kernelModules = [ ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
- boot.kernel.sysctl = { "vm.swappiness" = 1; };
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/c8d29070-c5d3-4cfb-9bb2-c14d3727c45b";
- fsType = "ext4";
- };
-
- # Manually created using:
- # zpool create -m legacy -o ashift=12 root raidz /dev/disk/by-id/{wwn-0x5000cca25dcc966d,wwn-0x5000cca24cec02e3,wwn-0x5000cca25dcc7711,wwn-0x5000cca25dccca63,wwn-0x5000cca25dcc74b6,wwn-0x5000cca25dcc4591,wwn-0x5000cca25dcc4461}
- fileSystems."/storage" = {
- device = "root";
- fsType = "zfs";
- };
-
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/3648-C8F5";
- fsType = "vfat";
- };
-
- swapDevices = [ {
- device = "/dev/disk/by-partuuid/e0e81098-3b66-4486-b138-b320645bc698";
- randomEncryption = true;
- } ];
-
- nix.settings.max-jobs = lib.mkDefault 24;
- powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-}
diff --git a/morph/grid/hro-cloud/storage003-config.nix b/morph/grid/hro-cloud/storage003-config.nix
deleted file mode 100644
index 1290d8ded2eb1bfc97f79d8d6c9afda5b2612634..0000000000000000000000000000000000000000
--- a/morph/grid/hro-cloud/storage003-config.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-#OVH
-{ "hostId" = "00000001";
- "interface" = "eno3";
- "publicIPv4" = "151.80.28.108";
- "prefixLength" = 24;
- "gateway" = "151.80.28.254";
- "gatewayInterface" = "eno3";
-}
diff --git a/morph/grid/hro-cloud/storage003-hardware.nix b/morph/grid/hro-cloud/storage003-hardware.nix
deleted file mode 100644
index 82028c1c79f016f176b587fb7265db83b3f43513..0000000000000000000000000000000000000000
--- a/morph/grid/hro-cloud/storage003-hardware.nix
+++ /dev/null
@@ -1,37 +0,0 @@
-# NixOS configuration specific to this node
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
- imports =
- [ (modulesPath + "/installer/scan/not-detected.nix")
- ];
-
- boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
- boot.initrd.kernelModules = [ ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
- boot.kernel.sysctl = { "vm.swappiness" = 1; };
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/8f88c0f1-3aef-41ec-bfd7-55b4ba6c1341";
- fsType = "ext4";
- };
-
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/23DC-4051";
- fsType = "vfat";
- };
-
- fileSystems."/storage" = {
- device = "root";
- fsType = "zfs";
- };
-
- swapDevices = [ {
- device = "/dev/disk/by-partuuid/f56b5104-e4a7-443e-91c8-4555eb27899e";
- randomEncryption = true;
- } ];
-
- hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
- powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-}
diff --git a/nixos/modules/update-deployment b/nixos/modules/update-deployment
index ddac57525caa1e07779ee686302bd6b4c83dcb24..cd41a2363c699c7e551a33d73f1eb83996c1ca85 100755
--- a/nixos/modules/update-deployment
+++ b/nixos/modules/update-deployment
@@ -17,10 +17,6 @@ case "${GRIDNAME}" in
BRANCH="develop"
;;
- "hro-cloud")
- BRANCH="hro-cloud"
- ;;
-
"production")
BRANCH="production"
;;