Merge branch 'develop' into 'production'

merge develop into production See merge request !278

Merge branch 'develop' into 'production'
72088473 · Jean-Paul Calderone · b694712e · 282d1356 · 72088473 · 72088473
Commit 72088473 authored Mar 8, 2022 by Jean-Paul Calderone
--- a/morph/lib/issuer.nix
+++ b/morph/lib/issuer.nix
@@ -2,12 +2,11 @@
 # "issuer"-type system.
 { lib, config, ...}:
 let
-  inherit (config.grid) publicKeyPath privateKeyPath monitoringvpnEndpoint monitoringvpnIPv4;
+  inherit (config.grid) privateKeyPath;
  inherit (config.grid.issuer) issuerDomains allowedChargeOrigins;
 in {
  imports = [
-    ../../nixos/modules/monitoring/vpn/client.nix
+    ./monitoringvpn-client.nix
-    ../../nixos/modules/monitoring/exporters/node.nix
  ];
  options.grid.issuer = {
@@ -47,26 +46,8 @@ in {
          permissions = "0400";
          action = ["sudo" "systemctl" "restart" "zkapissuer.service"];
        };
-        "monitoringvpn-secret-key" = {
-          destination = "/run/keys/monitoringvpn/client.key";
-          source = "${privateKeyPath}/monitoringvpn/${monitoringvpnIPv4}.key";
-          owner.user = "root";
-          owner.group = "root";
-          permissions = "0400";
-          action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
-        };
-        "monitoringvpn-preshared-key" = {
-          destination = "/run/keys/monitoringvpn/preshared.key";
-          source = "${privateKeyPath}/monitoringvpn/preshared.key";
-          owner.user = "root";
-          owner.group = "root";
-          permissions = "0400";
-          action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
      };
    };
-    };
    services.private-storage-issuer = {
      enable = true;
      tls = true;
@@ -79,12 +60,7 @@ in {
      domains = issuerDomains;
    };
-    services.private-storage.monitoring.vpn.client = {
+    services.private-storage.monitoring.exporters.node.enable = true;
-      enable = true;
-      ip = monitoringvpnIPv4;
-      endpoint = monitoringvpnEndpoint;
-      endpointPublicKeyFile = "${publicKeyPath}/monitoringvpn/server.pub";
-    };
    system.stateVersion = "19.03";
  };

--- a/morph/lib/monitoring.nix
+++ b/morph/lib/monitoring.nix
@@ -31,7 +31,6 @@ in {
    ../../nixos/modules/monitoring/server/grafana.nix
    ../../nixos/modules/monitoring/server/prometheus.nix
    ../../nixos/modules/monitoring/server/loki.nix
-    ../../nixos/modules/monitoring/exporters/node.nix
    ../../nixos/modules/monitoring/exporters/blackbox.nix
  ];
@@ -161,5 +160,7 @@ in {
      inherit letsEncryptAdminEmail;
      domains = cfg.monitoringDomains;
    };
+    services.private-storage.monitoring.exporters.node.enable = true;
  };
 }
--- a/morph/lib/monitoringvpn-client.nix
+++ b/morph/lib/monitoringvpn-client.nix
+{ lib, config, ...}:
+let
+  inherit (config.grid) publicKeyPath privateKeyPath monitoringvpnEndpoint monitoringvpnIPv4;
+in {
+  config = {
+    deployment = {
+      secrets = {
+        "monitoringvpn-secret-key" = {
+          destination = "/run/keys/monitoringvpn/client.key";
+          source = "${privateKeyPath}/monitoringvpn/${monitoringvpnIPv4}.key";
+          owner.user = "root";
+          owner.group = "root";
+          permissions = "0400";
+          action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
+        };
+        "monitoringvpn-preshared-key" = {
+          destination = "/run/keys/monitoringvpn/preshared.key";
+          source = "${privateKeyPath}/monitoringvpn/preshared.key";
+          owner.user = "root";
+          owner.group = "root";
+          permissions = "0400";
+          action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
+        };
+      };
+    };
+    services.private-storage.monitoring.vpn.client = {
+      enable = true;
+      ip = monitoringvpnIPv4;
+      endpoint = monitoringvpnEndpoint;
+      endpointPublicKeyFile = "${publicKeyPath}/monitoringvpn/server.pub";
+    };
+  };
+}
--- a/morph/lib/storage.nix
+++ b/morph/lib/storage.nix
@@ -2,19 +2,11 @@
 # "storage"-type system.
 { lib, config, ...} :
 let
-  inherit (config.grid) publicKeyPath privateKeyPath monitoringvpnIPv4 monitoringvpnEndpoint;
+  inherit (config.grid) privateKeyPath;
 in {
  # Any extra NixOS modules to load on this server.
  imports = [
-    # Bring in our module for configuring the Tahoe-LAFS service and other
+    ./monitoringvpn-client.nix
-    # Private Storage-specific things.
-    ../../nixos/modules/private-storage.nix
-    # Connect to the monitoringvpn.
-    ../../nixos/modules/monitoring/vpn/client.nix
-    # Expose base system metrics over the monitoringvpn.
-    ../../nixos/modules/monitoring/exporters/node.nix
-    # Collect Tahoe OpenMetrics statistics.
-    ../../nixos/modules/monitoring/exporters/tahoe.nix
  ];
  options.grid.storage = {
@@ -48,25 +40,10 @@ in {
          # extract it from the tahoe-lafs nixos module somehow?
          action = ["sudo" "systemctl" "restart" "tahoe.storage.service"];
        };
-        "monitoringvpn-secret-key" = {
-          destination = "/run/keys/monitoringvpn/client.key";
-          source = "${privateKeyPath}/monitoringvpn/${monitoringvpnIPv4}.key";
-          owner.user = "root";
-          owner.group = "root";
-          permissions = "0400";
-          action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
-        };
-        "monitoringvpn-preshared-key" = {
-          destination = "/run/keys/monitoringvpn/preshared.key";
-          source = "${privateKeyPath}/monitoringvpn/preshared.key";
-          owner.user = "root";
-          owner.group = "root";
-          permissions = "0400";
-          action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
-        };
      };
    };
+    services.private-storage.monitoring.exporters.node.enable = true;
    services.private-storage.monitoring.exporters.tahoe.enable = true;
    # Turn on the Private Storage (Tahoe-LAFS) service.
@@ -77,12 +54,5 @@ in {
      ristrettoSigningKeyPath = config.deployment.secrets.ristretto-signing-key.destination;
      inherit (config.grid.storage) passValue publicStoragePort;
    };
-    services.private-storage.monitoring.vpn.client = {
-      enable = true;
-      ip = monitoringvpnIPv4;
-      endpoint = monitoringvpnEndpoint;
-      endpointPublicKeyFile = "${publicKeyPath}/monitoringvpn/server.pub";
-    };
  };
 }
--- a/nixos/modules/default.nix
+++ b/nixos/modules/default.nix
@@ -12,6 +12,10 @@
  imports = [
    ./packages.nix
    ./issuer.nix
+    ./private-storage.nix
+    ./monitoring/vpn/client.nix
+    ./monitoring/exporters/node.nix
+    ./monitoring/exporters/tahoe.nix
    ./monitoring/exporters/promtail.nix
  ];
 }
--- a/nixos/modules/monitoring/exporters/node.nix
+++ b/nixos/modules/monitoring/exporters/node.nix
@@ -16,13 +16,15 @@ let
 in {
  options.services.private-storage.monitoring.exporters.node = {
+    enable = lib.mkEnableOption "Base system metrics collection";
    textfiles-directory = lib.mkOption {
      type = lib.types.str;
      description = "Directory used by the textfiles collector.";
      default = "/run/prometheus-node-exporter";
    };
  };
-  config.services.prometheus.exporters.node = {
+  config.services.prometheus.exporters.node = lib.mkIf cfg.enable {
    enable = true;
    openFirewall = true;
    firewallFilter = "-i monitoringvpn -p tcp -m tcp --dport 9100";

--- a/nixos/modules/monitoring/exporters/tahoe.nix
+++ b/nixos/modules/monitoring/exporters/tahoe.nix
@@ -39,6 +39,15 @@ in {
  config =
    lib.mkIf cfg.enable {
+      assertions = [
+        {
+          assertion = config.services.private-storage.monitoring.exporters.node.enable;
+          message = ''
+            services.private-storage.monitoring.tahoe requires services.private-storage.monitoring.exporters.node to provide the textfile prometheus collector.
+          '';
+        }
+      ];
      environment.systemPackages = [ pkgs.curl ];
      systemd.services.tahoe-metrics-collector = {

--- a/nixos/modules/monitoring/server/grafana-dashboards/payments.json
+++ b/nixos/modules/monitoring/server/grafana-dashboards/payments.json
@@ -161,95 +161,62 @@
      "type": "timeseries"
    },
    {
+      "aliasColors": {},
+      "bars": false,
+      "dashLength": 10,
+      "dashes": false,
      "description": "",
      "fieldConfig": {
        "defaults": {
-          "color": {
-            "mode": "palette-classic"
-          },
-          "custom": {
-            "axisLabel": "",
-            "axisPlacement": "auto",
-            "barAlignment": 0,
-            "drawStyle": "line",
-            "fillOpacity": 10,
-            "gradientMode": "none",
-            "hideFrom": {
-              "legend": false,
-              "tooltip": false,
-              "viz": false
-            },
-            "lineInterpolation": "linear",
-            "lineWidth": 1,
-            "pointSize": 5,
-            "scaleDistribution": {
-              "type": "linear"
-            },
-            "showPoints": "never",
-            "spanNulls": true,
-            "stacking": {
-              "group": "A",
-              "mode": "none"
-            },
-            "thresholdsStyle": {
-              "mode": "off"
-            }
-          },
-          "mappings": [],
-          "min": 0,
-          "thresholds": {
-            "mode": "absolute",
-            "steps": [
-              {
-                "color": "green",
-                "value": null
-              },
-              {
-                "color": "red",
-                "value": 80
-              }
-            ]
-          },
          "unit": "short"
        },
-        "overrides": [
+        "overrides": []
-          {
-            "matcher": {
-              "id": "byName",
-              "options": "Redeemed vouchers"
-            },
-            "properties": [
-              {
-                "id": "color",
-                "value": {
-                  "fixedColor": "yellow",
-                  "mode": "fixed"
-                }
-              }
-            ]
-          }
-        ]
      },
+      "fill": 1,
+      "fillGradient": 0,
      "gridPos": {
        "h": 7,
        "w": 12,
        "x": 12,
        "y": 1
      },
+      "hiddenSeries": false,
      "id": 20,
-      "options": {
      "legend": {
-          "calcs": [],
+        "avg": false,
-          "displayMode": "list",
+        "current": false,
-          "placement": "bottom"
+        "max": false,
+        "min": false,
+        "show": true,
+        "total": false,
+        "values": false
+      },
+      "lines": true,
+      "linewidth": 1,
+      "nullPointMode": "null",
+      "options": {
+        "alertThreshold": true
      },
-        "tooltip": {
+      "percentage": false,
-          "mode": "single"
+      "pluginVersion": "8.3.5",
+      "pointradius": 2,
+      "points": false,
+      "renderer": "flot",
+      "seriesOverrides": [
+        {
+          "alias": "Issued signatures",
+          "yaxis": 2
        }
-      },
+      ],
-      "pluginVersion": "8.3.4",
+      "spaceLength": 10,
+      "stack": false,
+      "steppedLine": false,
      "targets": [
        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "000000001"
+          },
          "exemplar": true,
          "expr": "payment_redemption_signatures_issued",
          "interval": "",
@@ -257,6 +224,10 @@
          "refId": "A"
        },
        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "000000001"
+          },
          "exemplar": true,
          "expr": "payment_redemption_vouchers_redeemed",
          "format": "time_series",
@@ -266,8 +237,37 @@
          "refId": "B"
        }
      ],
+      "thresholds": [],
+      "timeRegions": [],
      "title": "Redemption",
-      "type": "timeseries"
+      "tooltip": {
+        "shared": true,
+        "sort": 0,
+        "value_type": "individual"
+      },
+      "type": "graph",
+      "xaxis": {
+        "mode": "time",
+        "show": false,
+        "values": []
+      },
+      "yaxes": [
+        {
+          "$$hashKey": "object:408",
+          "format": "short",
+          "logBase": 1,
+          "show": true
+        },
+        {
+          "$$hashKey": "object:409",
+          "format": "short",
+          "logBase": 1,
+          "show": true
+        }
+      ],
+      "yaxis": {
+        "align": false
+      }
    },
    {
      "collapsed": false,

--- a/nixos/pkgs/zkapissuer/repo.json
+++ b/nixos/pkgs/zkapissuer/repo.json
 {
  "owner": "PrivateStorageio",
  "repo": "PaymentServer",
-  "rev": "47478f705332b23219285e9598a69668f2c79aa1",
+  "rev": "d82908141edcd2ddce40bc50b8b2a4f1959f1b30",
  "branch": "main",
  "outputHashAlgo": "sha512",
-  "outputHash": "3z62dfkyivb0l8yc1l1qm31k8sl8i88m9pzrk9nhs42kmgcqyr7sa10lavj499w9l6zvh1628ss0g5pza5yaji537r1bc51qqfszydl"
+  "outputHash": "0r84hjrd03znizr915nn886rybxn9pq4h8fsf6vx8jkh05whr2b950rk4ld3mi9gq75cksd688pi1aqyy9in3ybll2b1m98j9f0h7mz"
 }
\ No newline at end of file
--- a/nixpkgs.json
+++ b/nixpkgs.json
 {
  "name": "source",
-  "url": "https://releases.nixos.org/nixos/21.11/nixos-21.11.336045.4afca382d80/nixexprs.tar.xz",
+  "url": "https://releases.nixos.org/nixos/21.11/nixos-21.11.336340.2ebb6c1e5ae/nixexprs.tar.xz",
-  "sha256": "1af93alrn7iwv6kjm9r941wafjgpx142psjpix45qn2p50lbpxyx"
+  "sha256": "1hi47fq801v2bk7ms50sz7a8744zfkkk27kxjpbxzv1n6k0n1w1q"
 }