From b0ef52e80acabe362ae0493a28357ab5b86b42a8 Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone <exarkun@twistedmatrix.com> Date: Wed, 10 Jun 2020 15:26:18 -0400 Subject: [PATCH] Have the storage functions (prod and testing) configure ssh users --- morph/grid/production/grid.nix | 12 ++++++++++-- morph/grid/testing/grid.nix | 8 ++++++-- morph/lib/make-storage.nix | 3 +++ morph/lib/make-testing.nix | 3 ++- 4 files changed, 21 insertions(+), 5 deletions(-) diff --git a/morph/grid/production/grid.nix b/morph/grid/production/grid.nix index cf8f7eb9..7b056146 100644 --- a/morph/grid/production/grid.nix +++ b/morph/grid/production/grid.nix @@ -4,7 +4,10 @@ import ../../lib/make-grid.nix { name = "Production"; config = ./config.json; - nodes = cfg: { + nodes = cfg: + let + sshUsers = import ../../../../PrivateStorageSecrets/production-users.nix; + in { # Here are the hosts that are in this morph network. This is sort of like # a server manifest. We try to keep as many of the specific details as # possible out of *this* file so that this file only grows as server count @@ -18,33 +21,38 @@ import ../../lib/make-grid.nix { # # The names must be unique! "payments.privatestorage.io" = import ../../lib/issuer.nix ({ - sshUsers = import ../../../../PrivateStorageSecrets/production-users.nix; + inherit sshUsers; hardware = ../../lib/issuer-aws.nix; stateVersion = "19.03"; } // cfg); "storage001" = import ../../lib/make-storage.nix ({ cfg = import ./storage001-config.nix; + inherit sshUsers; hardware = ./storage001-hardware.nix; stateVersion = "19.09"; } // cfg); "storage002" = import ../../lib/make-storage.nix ({ cfg = import ./storage002-config.nix; + inherit sshUsers; hardware = ./storage002-hardware.nix; stateVersion = "19.09"; } // cfg); "storage003" = import ../../lib/make-storage.nix ({ cfg = import ./storage003-config.nix; + inherit sshUsers; hardware = ./storage003-hardware.nix; stateVersion = "19.09"; } // cfg); "storage004" = import ../../lib/make-storage.nix ({ cfg = import ./storage004-config.nix; + inherit sshUsers; hardware = ./storage004-hardware.nix; stateVersion = "19.09"; } // cfg); "storage005" = import ../../lib/make-storage.nix ({ cfg = import ./storage005-config.nix; + inherit sshUsers; hardware = ./storage005-hardware.nix; stateVersion = "19.03"; } // cfg); diff --git a/morph/grid/testing/grid.nix b/morph/grid/testing/grid.nix index b6161f5a..3a1c5f39 100644 --- a/morph/grid/testing/grid.nix +++ b/morph/grid/testing/grid.nix @@ -4,15 +4,19 @@ import ../../lib/make-grid.nix { name = "Testing"; config = ./config.json; - nodes = cfg: { + nodes = cfg: + let + sshUsers = import ../../../../PrivateStorageSecrets/staging-users.nix; + in { "payments.privatestorage-staging.com" = import ../../lib/issuer.nix ({ - sshUsers = import ../../../../PrivateStorageSecrets/staging-users.nix; + inherit sshUsers; hardware = ../../lib/issuer-aws.nix; stateVersion = "19.03"; } // cfg); "3.120.26.190" = import ../../lib/make-testing.nix (cfg // { publicIPv4 = "3.120.26.190"; + inherit sshUsers; hardware = ./testing001-hardware.nix; stateVersion = "19.03"; }); diff --git a/morph/lib/make-storage.nix b/morph/lib/make-storage.nix index da206572..0c556bef 100644 --- a/morph/lib/make-storage.nix +++ b/morph/lib/make-storage.nix @@ -3,6 +3,7 @@ , hardware # The path to the hardware configuration for this node. , publicStoragePort # The storage port number on which to accept connections. , ristrettoSigningKeyPath # The *local* path to the Ristretto signing key file. +, sshUsers # Users for which to configure SSH access to this node. , stateVersion # The value for system.stateVersion on this node. # This value determines the NixOS release with # which your system is to be compatible, in order @@ -56,6 +57,8 @@ inherit publicStoragePort; # Give it the Ristretto signing key, too, to support authorization. ristrettoSigningKeyPath = deployment.secrets.ristretto-signing-key.destination; + # It gets the users, too. + inherit sshUsers; }; system.stateVersion = stateVersion; diff --git a/morph/lib/make-testing.nix b/morph/lib/make-testing.nix index 24de7ea4..df8eb006 100644 --- a/morph/lib/make-testing.nix +++ b/morph/lib/make-testing.nix @@ -1,4 +1,4 @@ -{ publicIPv4, hardware, publicStoragePort, ristrettoSigningKeyPath, stateVersion, ... }: rec { +{ publicIPv4, hardware, publicStoragePort, ristrettoSigningKeyPath, sshUsers, stateVersion, ... }: rec { deployment = { secrets = { @@ -26,6 +26,7 @@ inherit publicIPv4; inherit publicStoragePort; ristrettoSigningKeyPath = deployment.secrets.ristretto-signing-key.destination; + inherit sshUsers; }; system.stateVersion = stateVersion; -- GitLab