Skip to content
Snippets Groups Projects
Commit 723e8f97 authored by Jean-Paul Calderone's avatar Jean-Paul Calderone
Browse files

Merge branch 'upgrade-to-release2105-nixos' into 'develop'

Upgrade all hosts to release2105 NixOS

Closes privatestorageops#362, privatestorageops#279, and #42

See merge request privatestorage/PrivateStorageio!121
parents 83743c02 3560d5f4
No related branches found
No related tags found
3 merge requests!140Merge staging into production,!122Merge develop into staging,!121Upgrade all hosts to release2105 NixOS
Pipeline #857 passed
{ pkgs ? import ./stable2105.nix { } }:
{ pkgs ? import ./nixpkgs-2105.nix { } }:
pkgs.callPackage ./privatestorageio.nix { }
......@@ -35,6 +35,7 @@ let
storage001 = {
imports = [
gridlib.storage
gridlib.hardware-aws
./testing001-hardware.nix
(gridlib.customize-storage (config // {
monitoringvpnIPv4 = "172.23.23.12";
......
{
imports = [ <nixpkgs/nixos/modules/virtualisation/amazon-image.nix> ];
ec2.hvm = true;
boot.kernel.sysctl = { "vm.swappiness" = 0; };
swapDevices = [ {
device = "/var/swapfile";
size = 8192; # megabytes
randomEncryption = true;
} ];
boot.supportedFilesystems = [ "zfs" ];
networking.hostId = "10000000";
......
{ lib, ... }: {
{ name, lib, ... }: {
imports = [ <nixpkgs/nixos/modules/virtualisation/amazon-image.nix> ];
# amazon-image.nix isn't quite aware of nvme-attached storage so give it a
......@@ -12,4 +12,9 @@
size = 8192; # megabytes
randomEncryption = true;
} ];
# Break the tie between AWS and morph for the hostname by forcing the
# morph-supplied name. See also
# <https://github.com/DBCDK/morph/issues/146>.
networking.hostName = name;
}
# Minimal configuration that vagrant depends on
{ config, pkgs, ... }:
{ config, pkgs, lib, ... }:
let
# Vagrant uses an insecure shared private key by default, but we
# don't use the authorizedKeys attribute under users because it should be
......@@ -22,8 +22,10 @@ in
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Wireguard kernel module
boot.extraModulePackages = [ config.boot.kernelPackages.wireguard ];
# Wireguard kernel module for Kernels < 5.6
boot = lib.mkIf (lib.versionOlder pkgs.linuxPackages.kernel.version "5.6") {
extraModulePackages = [ config.boot.kernelPackages.wireguard ] ;
};
# Enable DBus
services.dbus.enable = true;
......
......@@ -104,13 +104,11 @@ in {
# Configure the deployment user.
users.users.deployment = {
# Without some shell no login is possible at all, even to execute our
# single non-restricted command.
useDefaultShell = true;
# Without a home directory, lots of tools break.
createHome = true;
home = "/home/deployment";
# A user must be either normal or system. A normal user uses the
# default shell, has a home directory created for it at the usual
# location, and is in the "users" group. That's pretty much what we
# want for the deployment user.
isNormalUser = true;
packages = [
# update-deployment dependencies
......
......@@ -2,6 +2,8 @@
# ZKAPs.
{ lib, pkgs, config, ... }: let
cfg = config.services.private-storage-issuer;
# Our own nixpkgs fork:
ourpkgs = import ../../nixpkgs-ps.nix {};
in {
imports = [
# Give it a good SSH configuration.
......@@ -11,7 +13,7 @@ in {
options = {
services.private-storage-issuer.enable = lib.mkEnableOption "PrivateStorage ZKAP Issuer Service";
services.private-storage-issuer.package = lib.mkOption {
default = pkgs.zkapissuer.components.exes."PaymentServer-exe";
default = ourpkgs.zkapissuer.components.exes."PaymentServer-exe";
type = lib.types.package;
example = lib.literalExample "pkgs.zkapissuer.components.exes.\"PaymentServer-exe\"";
description = ''
......
......@@ -8,6 +8,9 @@ let
# TODO: This path copied from tahoe.nix.
tahoe-base = "/var/db/tahoe-lafs";
# Our own nixpkgs fork:
ourpkgs = import ../../nixpkgs-ps.nix {};
# The full path to the directory where the storage server will write
# incident reports.
incidents-dir = "${tahoe-base}/${storage-node-name}/logs/incidents";
......@@ -37,7 +40,7 @@ in
options =
{ services.private-storage.enable = lib.mkEnableOption "private storage service";
services.private-storage.tahoe.package = lib.mkOption
{ default = pkgs.privatestorage;
{ default = ourpkgs.privatestorage;
type = lib.types.package;
example = lib.literalExample "pkgs.tahoelafs";
description = ''
......@@ -160,7 +163,7 @@ in
environment.systemPackages = [
# Provide a useful tool for reporting about shares.
pkgs.leasereport
ourpkgs.leasereport
];
};
......
# The overall system test suite for PrivateStorageio NixOS configuration.
let
pkgs = import <nixpkgs> { };
pkgs = import ../nixpkgs-ps.nix { };
in {
private-storage = pkgs.nixosTest ./modules/tests/private-storage.nix;
tahoe = pkgs.nixosTest ./modules/tests/tahoe.nix;
......
{ "name": "stable2105"
{ "name": "release2105"
, "url": "https://releases.nixos.org/nixos/21.05/nixos-21.05.804.5de44c15758/nixexprs.tar.xz"
, "sha256": "002zvc16hyrbs0icx1qj255c9dqjpdxx4bhhfjndlj3kwn40by0m"
}
File moved
File moved
import (builtins.fetchTarball (builtins.fromJSON (builtins.readFile ./nixpkgs-ps.json)))
let
nixpkgs = import (builtins.fetchTarball (builtins.fromJSON (builtins.readFile ./nixpkgs.json))) { };
stable2105 = import ./stable2105.nix { };
release2105 = import ./nixpkgs-2105.nix { };
in
{ pkgs ? nixpkgs }:
{ pkgs ? release2105 }:
pkgs.mkShell {
NIX_PATH = "nixpkgs=${pkgs.path}";
buildInputs = [
pkgs.morph
stable2105.vagrant
pkgs.vagrant
pkgs.jp
];
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment