Merge branch 'upgrade-to-release2105-nixos' into 'develop'

Upgrade all hosts to release2105 NixOS

Closes privatestorageops#362, privatestorageops#279, and #42

See merge request privatestorage/PrivateStorageio!121

docs.nix

-{ pkgs ? import ./stable2105.nix { } }:
+{ pkgs ? import ./nixpkgs-2105.nix { } }:
 pkgs.callPackage ./privatestorageio.nix { }

morph/grid/testing/grid.nix

@@ -35,6 +35,7 @@ let
   storage001 = {
     imports = [
       gridlib.storage
+      gridlib.hardware-aws
       ./testing001-hardware.nix
       (gridlib.customize-storage (config // {
         monitoringvpnIPv4 = "172.23.23.12";

morph/grid/testing/testing001-hardware.nix

 {
-  imports = [ <nixpkgs/nixos/modules/virtualisation/amazon-image.nix> ];
-  ec2.hvm = true;
-  boot.kernel.sysctl = { "vm.swappiness" = 0; };
-  swapDevices = [ {
-    device = "/var/swapfile";
-    size = 8192; # megabytes
-    randomEncryption = true;
-  } ];
-
-
   boot.supportedFilesystems = [ "zfs" ];
   networking.hostId = "10000000";
 

morph/lib/issuer-aws.nix

-{ lib, ... }: {
+{ name, lib, ... }: {
   imports = [ <nixpkgs/nixos/modules/virtualisation/amazon-image.nix> ];
 
   # amazon-image.nix isn't quite aware of nvme-attached storage so give it a
@@ -12,4 +12,9 @@
     size = 8192; # megabytes
     randomEncryption = true;
   } ];
+
+  # Break the tie between AWS and morph for the hostname by forcing the
+  # morph-supplied name.  See also
+  # <https://github.com/DBCDK/morph/issues/146>.
+  networking.hostName = name;
 }

morph/lib/vagrant-guest.nix

 # Minimal configuration that vagrant depends on
 
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
 let
   # Vagrant uses an insecure shared private key by default, but we
   # don't use the authorizedKeys attribute under users because it should be
@@ -22,8 +22,10 @@ in
   # Enable the OpenSSH daemon.
   services.openssh.enable = true;
 
-  # Wireguard kernel module
-  boot.extraModulePackages = [ config.boot.kernelPackages.wireguard ];
+  # Wireguard kernel module for Kernels < 5.6
+  boot = lib.mkIf (lib.versionOlder pkgs.linuxPackages.kernel.version "5.6") {
+    extraModulePackages = [ config.boot.kernelPackages.wireguard ] ;
+  };
 
   # Enable DBus
   services.dbus.enable    = true;

nixos/modules/deployment.nix

@@ -104,13 +104,11 @@ in {
 
     # Configure the deployment user.
     users.users.deployment = {
-      # Without some shell no login is possible at all, even to execute our
-      # single non-restricted command.
-      useDefaultShell = true;
-
-      # Without a home directory, lots of tools break.
-      createHome = true;
-      home = "/home/deployment";
+      # A user must be either normal or system.  A normal user uses the
+      # default shell, has a home directory created for it at the usual
+      # location, and is in the "users" group.  That's pretty much what we
+      # want for the deployment user.
+      isNormalUser = true;
 
       packages = [
         # update-deployment dependencies

nixos/modules/issuer.nix

@@ -2,6 +2,8 @@
 # ZKAPs.
 { lib, pkgs, config, ... }: let
   cfg = config.services.private-storage-issuer;
+  # Our own nixpkgs fork:
+  ourpkgs = import ../../nixpkgs-ps.nix {};
 in {
   imports = [
     # Give it a good SSH configuration.
@@ -11,7 +13,7 @@ in {
   options = {
     services.private-storage-issuer.enable = lib.mkEnableOption "PrivateStorage ZKAP Issuer Service";
     services.private-storage-issuer.package = lib.mkOption {
-      default = pkgs.zkapissuer.components.exes."PaymentServer-exe";
+      default = ourpkgs.zkapissuer.components.exes."PaymentServer-exe";
       type = lib.types.package;
       example = lib.literalExample "pkgs.zkapissuer.components.exes.\"PaymentServer-exe\"";
       description = ''

nixos/modules/private-storage.nix

@@ -8,6 +8,9 @@ let
   # TODO: This path copied from tahoe.nix.
   tahoe-base = "/var/db/tahoe-lafs";
 
+  # Our own nixpkgs fork:
+  ourpkgs = import ../../nixpkgs-ps.nix {};
+
   # The full path to the directory where the storage server will write
   # incident reports.
   incidents-dir = "${tahoe-base}/${storage-node-name}/logs/incidents";
@@ -37,7 +40,7 @@ in
   options =
   { services.private-storage.enable = lib.mkEnableOption "private storage service";
     services.private-storage.tahoe.package = lib.mkOption
-    { default = pkgs.privatestorage;
+    { default = ourpkgs.privatestorage;
       type = lib.types.package;
       example = lib.literalExample "pkgs.tahoelafs";
       description = ''
@@ -160,7 +163,7 @@ in
 
     environment.systemPackages = [
       # Provide a useful tool for reporting about shares.
-      pkgs.leasereport
+      ourpkgs.leasereport
     ];
 
   };

nixos/system-tests.nix

 # The overall system test suite for PrivateStorageio NixOS configuration.
 let
-  pkgs = import <nixpkgs> { };
+  pkgs = import ../nixpkgs-ps.nix { };
 in {
   private-storage = pkgs.nixosTest ./modules/tests/private-storage.nix;
   tahoe = pkgs.nixosTest ./modules/tests/tahoe.nix;

nixpkgs-2105.json

-{ "name": "stable2105"
+{ "name": "release2105"
 , "url": "https://releases.nixos.org/nixos/21.05/nixos-21.05.804.5de44c15758/nixexprs.tar.xz"
 , "sha256": "002zvc16hyrbs0icx1qj255c9dqjpdxx4bhhfjndlj3kwn40by0m"
 }

nixpkgs-ps.nix

+import (builtins.fetchTarball (builtins.fromJSON (builtins.readFile ./nixpkgs-ps.json)))

shell.nix

 let
-  nixpkgs = import (builtins.fetchTarball (builtins.fromJSON (builtins.readFile ./nixpkgs.json))) { };
-  stable2105 = import ./stable2105.nix { };
+  release2105 = import ./nixpkgs-2105.nix { };
 in
-{ pkgs ? nixpkgs }:
+{ pkgs ? release2105 }:
 pkgs.mkShell {
   NIX_PATH = "nixpkgs=${pkgs.path}";
   buildInputs = [
     pkgs.morph
-    stable2105.vagrant
+    pkgs.vagrant
     pkgs.jp
   ];
 }