diff --git a/morph/lib/issuer.nix b/morph/lib/issuer.nix
index 69b0527cd74e0752ded6ffbe7513db126f0613f5..86c46a14762f0b9e1aba6602140bc0a2bc245e7c 100644
--- a/morph/lib/issuer.nix
+++ b/morph/lib/issuer.nix
@@ -2,12 +2,11 @@
# "issuer"-type system.
{ lib, config, ...}:
let
- inherit (config.grid) publicKeyPath privateKeyPath monitoringvpnEndpoint monitoringvpnIPv4;
+ inherit (config.grid) privateKeyPath;
inherit (config.grid.issuer) issuerDomains allowedChargeOrigins;
in {
imports = [
- ../../nixos/modules/monitoring/vpn/client.nix
- ../../nixos/modules/monitoring/exporters/node.nix
+ ./monitoringvpn-client.nix
];
options.grid.issuer = {
@@ -47,26 +46,8 @@ in {
permissions = "0400";
action = ["sudo" "systemctl" "restart" "zkapissuer.service"];
};
-
- "monitoringvpn-secret-key" = {
- destination = "/run/keys/monitoringvpn/client.key";
- source = "${privateKeyPath}/monitoringvpn/${monitoringvpnIPv4}.key";
- owner.user = "root";
- owner.group = "root";
- permissions = "0400";
- action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
- };
- "monitoringvpn-preshared-key" = {
- destination = "/run/keys/monitoringvpn/preshared.key";
- source = "${privateKeyPath}/monitoringvpn/preshared.key";
- owner.user = "root";
- owner.group = "root";
- permissions = "0400";
- action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
- };
};
};
-
services.private-storage-issuer = {
enable = true;
tls = true;
@@ -79,12 +60,7 @@ in {
domains = issuerDomains;
};
- services.private-storage.monitoring.vpn.client = {
- enable = true;
- ip = monitoringvpnIPv4;
- endpoint = monitoringvpnEndpoint;
- endpointPublicKeyFile = "${publicKeyPath}/monitoringvpn/server.pub";
- };
+ services.private-storage.monitoring.exporters.node.enable = true;
system.stateVersion = "19.03";
};
diff --git a/morph/lib/monitoring.nix b/morph/lib/monitoring.nix
index d299d62ae7997511897517f9574e33c6de94b7a5..d2552ebedf026a07a92da783b1de410be9ceca38 100644
--- a/morph/lib/monitoring.nix
+++ b/morph/lib/monitoring.nix
@@ -31,7 +31,6 @@ in {
../../nixos/modules/monitoring/server/grafana.nix
../../nixos/modules/monitoring/server/prometheus.nix
../../nixos/modules/monitoring/server/loki.nix
- ../../nixos/modules/monitoring/exporters/node.nix
../../nixos/modules/monitoring/exporters/blackbox.nix
];
@@ -161,5 +160,7 @@ in {
inherit letsEncryptAdminEmail;
domains = cfg.monitoringDomains;
};
+
+ services.private-storage.monitoring.exporters.node.enable = true;
};
}
diff --git a/morph/lib/monitoringvpn-client.nix b/morph/lib/monitoringvpn-client.nix
new file mode 100644
index 0000000000000000000000000000000000000000..e7b87201fd04dfe429e97fa89f13f37ef760042b
--- /dev/null
+++ b/morph/lib/monitoringvpn-client.nix
@@ -0,0 +1,34 @@
+{ lib, config, ...}:
+let
+ inherit (config.grid) publicKeyPath privateKeyPath monitoringvpnEndpoint monitoringvpnIPv4;
+in {
+ config = {
+ deployment = {
+ secrets = {
+ "monitoringvpn-secret-key" = {
+ destination = "/run/keys/monitoringvpn/client.key";
+ source = "${privateKeyPath}/monitoringvpn/${monitoringvpnIPv4}.key";
+ owner.user = "root";
+ owner.group = "root";
+ permissions = "0400";
+ action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
+ };
+ "monitoringvpn-preshared-key" = {
+ destination = "/run/keys/monitoringvpn/preshared.key";
+ source = "${privateKeyPath}/monitoringvpn/preshared.key";
+ owner.user = "root";
+ owner.group = "root";
+ permissions = "0400";
+ action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
+ };
+ };
+ };
+
+ services.private-storage.monitoring.vpn.client = {
+ enable = true;
+ ip = monitoringvpnIPv4;
+ endpoint = monitoringvpnEndpoint;
+ endpointPublicKeyFile = "${publicKeyPath}/monitoringvpn/server.pub";
+ };
+ };
+}
diff --git a/morph/lib/storage.nix b/morph/lib/storage.nix
index 9424784dcd33b8e12b9da9cc309a657be07f66b3..83c12f55cc077abb683482b8435dbcbd5025be10 100644
--- a/morph/lib/storage.nix
+++ b/morph/lib/storage.nix
@@ -2,19 +2,11 @@
# "storage"-type system.
{ lib, config, ...} :
let
- inherit (config.grid) publicKeyPath privateKeyPath monitoringvpnIPv4 monitoringvpnEndpoint;
+ inherit (config.grid) privateKeyPath;
in {
# Any extra NixOS modules to load on this server.
imports = [
- # Bring in our module for configuring the Tahoe-LAFS service and other
- # Private Storage-specific things.
- ../../nixos/modules/private-storage.nix
- # Connect to the monitoringvpn.
- ../../nixos/modules/monitoring/vpn/client.nix
- # Expose base system metrics over the monitoringvpn.
- ../../nixos/modules/monitoring/exporters/node.nix
- # Collect Tahoe OpenMetrics statistics.
- ../../nixos/modules/monitoring/exporters/tahoe.nix
+ ./monitoringvpn-client.nix
];
options.grid.storage = {
@@ -48,25 +40,10 @@ in {
# extract it from the tahoe-lafs nixos module somehow?
action = ["sudo" "systemctl" "restart" "tahoe.storage.service"];
};
- "monitoringvpn-secret-key" = {
- destination = "/run/keys/monitoringvpn/client.key";
- source = "${privateKeyPath}/monitoringvpn/${monitoringvpnIPv4}.key";
- owner.user = "root";
- owner.group = "root";
- permissions = "0400";
- action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
- };
- "monitoringvpn-preshared-key" = {
- destination = "/run/keys/monitoringvpn/preshared.key";
- source = "${privateKeyPath}/monitoringvpn/preshared.key";
- owner.user = "root";
- owner.group = "root";
- permissions = "0400";
- action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
- };
};
};
+ services.private-storage.monitoring.exporters.node.enable = true;
services.private-storage.monitoring.exporters.tahoe.enable = true;
# Turn on the Private Storage (Tahoe-LAFS) service.
@@ -77,12 +54,5 @@ in {
ristrettoSigningKeyPath = config.deployment.secrets.ristretto-signing-key.destination;
inherit (config.grid.storage) passValue publicStoragePort;
};
-
- services.private-storage.monitoring.vpn.client = {
- enable = true;
- ip = monitoringvpnIPv4;
- endpoint = monitoringvpnEndpoint;
- endpointPublicKeyFile = "${publicKeyPath}/monitoringvpn/server.pub";
- };
};
}
diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix
index f7e247f99406ad982c3b1e59d8248e2c80a3a658..09796ef543026ce947dd18c600f98617b9eb3f5d 100644
--- a/nixos/modules/default.nix
+++ b/nixos/modules/default.nix
@@ -12,6 +12,10 @@
imports = [
./packages.nix
./issuer.nix
+ ./private-storage.nix
+ ./monitoring/vpn/client.nix
+ ./monitoring/exporters/node.nix
+ ./monitoring/exporters/tahoe.nix
./monitoring/exporters/promtail.nix
];
}
diff --git a/nixos/modules/monitoring/exporters/node.nix b/nixos/modules/monitoring/exporters/node.nix
index 6a84a31ce58859969e2fb08cff79abb957c6099e..407011069ec0cfdec129244b37a60edd09a57f2b 100644
--- a/nixos/modules/monitoring/exporters/node.nix
+++ b/nixos/modules/monitoring/exporters/node.nix
@@ -16,13 +16,15 @@ let
in {
options.services.private-storage.monitoring.exporters.node = {
+ enable = lib.mkEnableOption "Base system metrics collection";
textfiles-directory = lib.mkOption {
type = lib.types.str;
description = "Directory used by the textfiles collector.";
default = "/run/prometheus-node-exporter";
};
};
- config.services.prometheus.exporters.node = {
+
+ config.services.prometheus.exporters.node = lib.mkIf cfg.enable {
enable = true;
openFirewall = true;
firewallFilter = "-i monitoringvpn -p tcp -m tcp --dport 9100";
diff --git a/nixos/modules/monitoring/exporters/tahoe.nix b/nixos/modules/monitoring/exporters/tahoe.nix
index 087e6532e372b11bb2db826456957fa14dfa3c3d..0f24bb6c099725242647e4fa23fba20da644811d 100644
--- a/nixos/modules/monitoring/exporters/tahoe.nix
+++ b/nixos/modules/monitoring/exporters/tahoe.nix
@@ -39,6 +39,15 @@ in {
config =
lib.mkIf cfg.enable {
+ assertions = [
+ {
+ assertion = config.services.private-storage.monitoring.exporters.node.enable;
+ message = ''
+ services.private-storage.monitoring.tahoe requires services.private-storage.monitoring.exporters.node to provide the textfile prometheus collector.
+ '';
+ }
+ ];
+
environment.systemPackages = [ pkgs.curl ];
systemd.services.tahoe-metrics-collector = {
diff --git a/nixos/modules/monitoring/server/grafana-dashboards/payments.json b/nixos/modules/monitoring/server/grafana-dashboards/payments.json
index 6541c9796059523aff679dc34f451db2feeed85d..331e623dd18024e58ce49eb4f435ca74e7ad55d8 100644
--- a/nixos/modules/monitoring/server/grafana-dashboards/payments.json
+++ b/nixos/modules/monitoring/server/grafana-dashboards/payments.json
@@ -161,95 +161,62 @@
"type": "timeseries"
},
{
+ "aliasColors": {},
+ "bars": false,
+ "dashLength": 10,
+ "dashes": false,
"description": "",
"fieldConfig": {
"defaults": {
- "color": {
- "mode": "palette-classic"
- },
- "custom": {
- "axisLabel": "",
- "axisPlacement": "auto",
- "barAlignment": 0,
- "drawStyle": "line",
- "fillOpacity": 10,
- "gradientMode": "none",
- "hideFrom": {
- "legend": false,
- "tooltip": false,
- "viz": false
- },
- "lineInterpolation": "linear",
- "lineWidth": 1,
- "pointSize": 5,
- "scaleDistribution": {
- "type": "linear"
- },
- "showPoints": "never",
- "spanNulls": true,
- "stacking": {
- "group": "A",
- "mode": "none"
- },
- "thresholdsStyle": {
- "mode": "off"
- }
- },
- "mappings": [],
- "min": 0,
- "thresholds": {
- "mode": "absolute",
- "steps": [
- {
- "color": "green",
- "value": null
- },
- {
- "color": "red",
- "value": 80
- }
- ]
- },
"unit": "short"
},
- "overrides": [
- {
- "matcher": {
- "id": "byName",
- "options": "Redeemed vouchers"
- },
- "properties": [
- {
- "id": "color",
- "value": {
- "fixedColor": "yellow",
- "mode": "fixed"
- }
- }
- ]
- }
- ]
+ "overrides": []
},
+ "fill": 1,
+ "fillGradient": 0,
"gridPos": {
"h": 7,
"w": 12,
"x": 12,
"y": 1
},
+ "hiddenSeries": false,
"id": 20,
+ "legend": {
+ "avg": false,
+ "current": false,
+ "max": false,
+ "min": false,
+ "show": true,
+ "total": false,
+ "values": false
+ },
+ "lines": true,
+ "linewidth": 1,
+ "nullPointMode": "null",
"options": {
- "legend": {
- "calcs": [],
- "displayMode": "list",
- "placement": "bottom"
- },
- "tooltip": {
- "mode": "single"
- }
+ "alertThreshold": true
},
- "pluginVersion": "8.3.4",
+ "percentage": false,
+ "pluginVersion": "8.3.5",
+ "pointradius": 2,
+ "points": false,
+ "renderer": "flot",
+ "seriesOverrides": [
+ {
+ "alias": "Issued signatures",
+ "yaxis": 2
+ }
+ ],
+ "spaceLength": 10,
+ "stack": false,
+ "steppedLine": false,
"targets": [
{
+ "datasource": {
+ "type": "prometheus",
+ "uid": "000000001"
+ },
"exemplar": true,
"expr": "payment_redemption_signatures_issued",
"interval": "",
@@ -257,6 +224,10 @@
"refId": "A"
},
{
+ "datasource": {
+ "type": "prometheus",
+ "uid": "000000001"
+ },
"exemplar": true,
"expr": "payment_redemption_vouchers_redeemed",
"format": "time_series",
@@ -266,8 +237,37 @@
"refId": "B"
}
],
+ "thresholds": [],
+ "timeRegions": [],
"title": "Redemption",
- "type": "timeseries"
+ "tooltip": {
+ "shared": true,
+ "sort": 0,
+ "value_type": "individual"
+ },
+ "type": "graph",
+ "xaxis": {
+ "mode": "time",
+ "show": false,
+ "values": []
+ },
+ "yaxes": [
+ {
+ "$$hashKey": "object:408",
+ "format": "short",
+ "logBase": 1,
+ "show": true
+ },
+ {
+ "$$hashKey": "object:409",
+ "format": "short",
+ "logBase": 1,
+ "show": true
+ }
+ ],
+ "yaxis": {
+ "align": false
+ }
},
{
"collapsed": false,
diff --git a/nixos/pkgs/zkapissuer/repo.json b/nixos/pkgs/zkapissuer/repo.json
index 98ecb9ff70785d8ebd338d6a5e17fe19b8bfebd8..85864bd3ca995c1534f4be6a1dbb98d8551c4365 100644
--- a/nixos/pkgs/zkapissuer/repo.json
+++ b/nixos/pkgs/zkapissuer/repo.json
@@ -1,8 +1,8 @@
{
"owner": "PrivateStorageio",
"repo": "PaymentServer",
- "rev": "47478f705332b23219285e9598a69668f2c79aa1",
+ "rev": "d82908141edcd2ddce40bc50b8b2a4f1959f1b30",
"branch": "main",
"outputHashAlgo": "sha512",
- "outputHash": "3z62dfkyivb0l8yc1l1qm31k8sl8i88m9pzrk9nhs42kmgcqyr7sa10lavj499w9l6zvh1628ss0g5pza5yaji537r1bc51qqfszydl"
+ "outputHash": "0r84hjrd03znizr915nn886rybxn9pq4h8fsf6vx8jkh05whr2b950rk4ld3mi9gq75cksd688pi1aqyy9in3ybll2b1m98j9f0h7mz"
}
\ No newline at end of file
diff --git a/nixpkgs.json b/nixpkgs.json
index 1ef93ddcc57942d20ca7fdb599c7261ad09c02c3..e9f9b68919ec766d41474a299caecfdb3cffd966 100644
--- a/nixpkgs.json
+++ b/nixpkgs.json
@@ -1,5 +1,5 @@
{
"name": "source",
- "url": "https://releases.nixos.org/nixos/21.11/nixos-21.11.336045.4afca382d80/nixexprs.tar.xz",
- "sha256": "1af93alrn7iwv6kjm9r941wafjgpx142psjpix45qn2p50lbpxyx"
-}
\ No newline at end of file
+ "url": "https://releases.nixos.org/nixos/21.11/nixos-21.11.336340.2ebb6c1e5ae/nixexprs.tar.xz",
+ "sha256": "1hi47fq801v2bk7ms50sz7a8744zfkkk27kxjpbxzv1n6k0n1w1q"
+}