diff --git a/docs.nix b/docs.nix
index 9bb64627870dfee01c6858d5699001cae96045c4..4c8b230a7eddb462bf47a4c3ee591e64fb3ce1ff 100644
--- a/docs.nix
+++ b/docs.nix
@@ -1,2 +1,2 @@
-{ pkgs ? import ./stable2105.nix { } }:
+{ pkgs ? import ./nixpkgs-2105.nix { } }:
pkgs.callPackage ./privatestorageio.nix { }
diff --git a/morph/grid/testing/grid.nix b/morph/grid/testing/grid.nix
index 0c3d7c1c6b297ef9c3695eb438996cd2501536a6..85cbe54057c3a234e36e66289725e5d46a6f197f 100644
--- a/morph/grid/testing/grid.nix
+++ b/morph/grid/testing/grid.nix
@@ -35,6 +35,7 @@ let
storage001 = {
imports = [
gridlib.storage
+ gridlib.hardware-aws
./testing001-hardware.nix
(gridlib.customize-storage (config // {
monitoringvpnIPv4 = "172.23.23.12";
diff --git a/morph/grid/testing/testing001-hardware.nix b/morph/grid/testing/testing001-hardware.nix
index b57f193a6155a88be0af804fd6edd9a98043368a..5dceb16af1deaeb4668e67cbb65715ae79aa55d9 100644
--- a/morph/grid/testing/testing001-hardware.nix
+++ b/morph/grid/testing/testing001-hardware.nix
@@ -1,14 +1,4 @@
{
- imports = [ <nixpkgs/nixos/modules/virtualisation/amazon-image.nix> ];
- ec2.hvm = true;
- boot.kernel.sysctl = { "vm.swappiness" = 0; };
- swapDevices = [ {
- device = "/var/swapfile";
- size = 8192; # megabytes
- randomEncryption = true;
- } ];
-
-
boot.supportedFilesystems = [ "zfs" ];
networking.hostId = "10000000";
diff --git a/morph/lib/issuer-aws.nix b/morph/lib/issuer-aws.nix
index 3febd796b3eceb5a2da73e4874d52d50767da947..a66ab72addd43da1feb96bdd86d46312ec327fd3 100644
--- a/morph/lib/issuer-aws.nix
+++ b/morph/lib/issuer-aws.nix
@@ -1,4 +1,4 @@
-{ lib, ... }: {
+{ name, lib, ... }: {
imports = [ <nixpkgs/nixos/modules/virtualisation/amazon-image.nix> ];
# amazon-image.nix isn't quite aware of nvme-attached storage so give it a
@@ -12,4 +12,9 @@
size = 8192; # megabytes
randomEncryption = true;
} ];
+
+ # Break the tie between AWS and morph for the hostname by forcing the
+ # morph-supplied name. See also
+ # <https://github.com/DBCDK/morph/issues/146>.
+ networking.hostName = name;
}
diff --git a/morph/lib/vagrant-guest.nix b/morph/lib/vagrant-guest.nix
index 9e8e6d8ccab25d98d11738ff7df4a574c5cfd724..360671f5e8391571d37da6db37b2de8dc02b66bd 100644
--- a/morph/lib/vagrant-guest.nix
+++ b/morph/lib/vagrant-guest.nix
@@ -1,6 +1,6 @@
# Minimal configuration that vagrant depends on
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
let
# Vagrant uses an insecure shared private key by default, but we
# don't use the authorizedKeys attribute under users because it should be
@@ -22,8 +22,10 @@ in
# Enable the OpenSSH daemon.
services.openssh.enable = true;
- # Wireguard kernel module
- boot.extraModulePackages = [ config.boot.kernelPackages.wireguard ];
+ # Wireguard kernel module for Kernels < 5.6
+ boot = lib.mkIf (lib.versionOlder pkgs.linuxPackages.kernel.version "5.6") {
+ extraModulePackages = [ config.boot.kernelPackages.wireguard ] ;
+ };
# Enable DBus
services.dbus.enable = true;
diff --git a/nixos/modules/deployment.nix b/nixos/modules/deployment.nix
index 2615659519469c9c1c2712382b178bc4fd1c323b..4c3a9dd0b8fa16e204495269616e09a1e715ad6b 100755
--- a/nixos/modules/deployment.nix
+++ b/nixos/modules/deployment.nix
@@ -104,13 +104,11 @@ in {
# Configure the deployment user.
users.users.deployment = {
- # Without some shell no login is possible at all, even to execute our
- # single non-restricted command.
- useDefaultShell = true;
-
- # Without a home directory, lots of tools break.
- createHome = true;
- home = "/home/deployment";
+ # A user must be either normal or system. A normal user uses the
+ # default shell, has a home directory created for it at the usual
+ # location, and is in the "users" group. That's pretty much what we
+ # want for the deployment user.
+ isNormalUser = true;
packages = [
# update-deployment dependencies
diff --git a/nixos/modules/issuer.nix b/nixos/modules/issuer.nix
index fb93ce35cce8c9cadbad5a04e888b0cca991f9c7..da56a43012b7e53a6d5ced17123eb3d898b24f3e 100644
--- a/nixos/modules/issuer.nix
+++ b/nixos/modules/issuer.nix
@@ -2,6 +2,8 @@
# ZKAPs.
{ lib, pkgs, config, ... }: let
cfg = config.services.private-storage-issuer;
+ # Our own nixpkgs fork:
+ ourpkgs = import ../../nixpkgs-ps.nix {};
in {
imports = [
# Give it a good SSH configuration.
@@ -11,7 +13,7 @@ in {
options = {
services.private-storage-issuer.enable = lib.mkEnableOption "PrivateStorage ZKAP Issuer Service";
services.private-storage-issuer.package = lib.mkOption {
- default = pkgs.zkapissuer.components.exes."PaymentServer-exe";
+ default = ourpkgs.zkapissuer.components.exes."PaymentServer-exe";
type = lib.types.package;
example = lib.literalExample "pkgs.zkapissuer.components.exes.\"PaymentServer-exe\"";
description = ''
diff --git a/nixos/modules/private-storage.nix b/nixos/modules/private-storage.nix
index 38e224709e783b9590de73d728e4d6ca134e5adb..fa5fea837c544e66ae8811a2e3c468a67a18759e 100644
--- a/nixos/modules/private-storage.nix
+++ b/nixos/modules/private-storage.nix
@@ -8,6 +8,9 @@ let
# TODO: This path copied from tahoe.nix.
tahoe-base = "/var/db/tahoe-lafs";
+ # Our own nixpkgs fork:
+ ourpkgs = import ../../nixpkgs-ps.nix {};
+
# The full path to the directory where the storage server will write
# incident reports.
incidents-dir = "${tahoe-base}/${storage-node-name}/logs/incidents";
@@ -37,7 +40,7 @@ in
options =
{ services.private-storage.enable = lib.mkEnableOption "private storage service";
services.private-storage.tahoe.package = lib.mkOption
- { default = pkgs.privatestorage;
+ { default = ourpkgs.privatestorage;
type = lib.types.package;
example = lib.literalExample "pkgs.tahoelafs";
description = ''
@@ -160,7 +163,7 @@ in
environment.systemPackages = [
# Provide a useful tool for reporting about shares.
- pkgs.leasereport
+ ourpkgs.leasereport
];
};
diff --git a/nixos/system-tests.nix b/nixos/system-tests.nix
index b2556d4692ee0c3eff96554fa7c13df59ec94507..5f51d01dd57267b75b3742c76c03c1393676d426 100644
--- a/nixos/system-tests.nix
+++ b/nixos/system-tests.nix
@@ -1,6 +1,6 @@
# The overall system test suite for PrivateStorageio NixOS configuration.
let
- pkgs = import <nixpkgs> { };
+ pkgs = import ../nixpkgs-ps.nix { };
in {
private-storage = pkgs.nixosTest ./modules/tests/private-storage.nix;
tahoe = pkgs.nixosTest ./modules/tests/tahoe.nix;
diff --git a/nixpkgs-2105.json b/nixpkgs-2105.json
index d441d00995a78a20cc8677a85ced2a675a9502ae..76950db1870cb62d68e655f5ca4be90f3fcbf6be 100644
--- a/nixpkgs-2105.json
+++ b/nixpkgs-2105.json
@@ -1,4 +1,4 @@
-{ "name": "stable2105"
+{ "name": "release2105"
, "url": "https://releases.nixos.org/nixos/21.05/nixos-21.05.804.5de44c15758/nixexprs.tar.xz"
, "sha256": "002zvc16hyrbs0icx1qj255c9dqjpdxx4bhhfjndlj3kwn40by0m"
}
diff --git a/stable2105.nix b/nixpkgs-2105.nix
similarity index 100%
rename from stable2105.nix
rename to nixpkgs-2105.nix
diff --git a/nixpkgs.json b/nixpkgs-ps.json
similarity index 100%
rename from nixpkgs.json
rename to nixpkgs-ps.json
diff --git a/nixpkgs-ps.nix b/nixpkgs-ps.nix
new file mode 100644
index 0000000000000000000000000000000000000000..d98a53843052fda824f4ed7e34db50524df36ce2
--- /dev/null
+++ b/nixpkgs-ps.nix
@@ -0,0 +1 @@
+import (builtins.fetchTarball (builtins.fromJSON (builtins.readFile ./nixpkgs-ps.json)))
diff --git a/shell.nix b/shell.nix
index df272a12e2241c704a4c08c6d60d47bb138bcae5..f3d2750edd68e4861e6d0700e0259c1ce86f817a 100644
--- a/shell.nix
+++ b/shell.nix
@@ -1,13 +1,12 @@
let
- nixpkgs = import (builtins.fetchTarball (builtins.fromJSON (builtins.readFile ./nixpkgs.json))) { };
- stable2105 = import ./stable2105.nix { };
+ release2105 = import ./nixpkgs-2105.nix { };
in
-{ pkgs ? nixpkgs }:
+{ pkgs ? release2105 }:
pkgs.mkShell {
NIX_PATH = "nixpkgs=${pkgs.path}";
buildInputs = [
pkgs.morph
- stable2105.vagrant
+ pkgs.vagrant
pkgs.jp
];
}