diff --git a/morph/lib/base.nix b/morph/lib/base.nix
index 809e3556c534c55890520d81d3e3383cc0b18f85..4b60be9ad075eeda43dcbd12e89bd4745ead5eb6 100644
--- a/morph/lib/base.nix
+++ b/morph/lib/base.nix
@@ -1,5 +1,5 @@
# This module contains settings and configuration that apply to all nodes in a grid.
-{ lib, config, ...}:
+{ lib, config, pkgs, ...}:
{
options.grid = {
publicKeyPath = lib.mkOption {
@@ -19,4 +19,9 @@
'';
};
};
+
+ config = {
+ # Expose `nixos/pkgs` as a new module argument `ourpkgs`.
+ _module.args.ourpkgs = pkgs.callPackage ../../nixos/pkgs {};
+ };
}
diff --git a/nixos/modules/issuer.nix b/nixos/modules/issuer.nix
index e712ac0d3bbbcafcafd07552e69488e046e3e7e2..87009033ab4b41df6cb07173426483028f801131 100644
--- a/nixos/modules/issuer.nix
+++ b/nixos/modules/issuer.nix
@@ -1,13 +1,12 @@
# A NixOS module which can run a Ristretto-based issuer for PrivateStorage
# ZKAPs.
-{ lib, pkgs, config, ... }: let
+{ lib, pkgs, ourpkgs, config, ... }: let
cfg = config.services.private-storage-issuer;
- zkapissuer = pkgs.callPackage ../pkgs/zkapissuer { };
in {
options = {
services.private-storage-issuer.enable = lib.mkEnableOption "PrivateStorage ZKAP Issuer Service";
services.private-storage-issuer.package = lib.mkOption {
- default = zkapissuer.components.exes."PaymentServer-exe";
+ default = ourpkgs.zkapissuer.components.exes."PaymentServer-exe";
type = lib.types.package;
example = lib.literalExample "pkgs.zkapissuer.components.exes.\"PaymentServer-exe\"";
description = ''
diff --git a/nixos/modules/private-storage.nix b/nixos/modules/private-storage.nix
index d3bc9e61bb8a805d4432edf7d37d51a9501ecc1e..c119a3d3417f7d4b7ec07c5652b65122dc5fce12 100644
--- a/nixos/modules/private-storage.nix
+++ b/nixos/modules/private-storage.nix
@@ -1,6 +1,6 @@
# A NixOS module which can instantiate a Tahoe-LAFS storage server in the
# preferred configuration for the Private Storage grid.
-{ pkgs, lib, config, ... }:
+{ pkgs, ourpkgs, lib, config, ... }:
let
# Grab the configuration for this module for convenient access below.
cfg = config.services.private-storage;
@@ -8,9 +8,6 @@ let
# TODO: This path copied from tahoe.nix.
tahoe-base = "/var/db/tahoe-lafs";
- # Our own nixpkgs fork:
- ourpkgs = import ../../nixpkgs-ps.nix {};
-
# The full path to the directory where the storage server will write
# incident reports.
incidents-dir = "${tahoe-base}/${storage-node-name}/logs/incidents";
diff --git a/nixos/modules/tests/private-storage.nix b/nixos/modules/tests/private-storage.nix
index 2687718bcba3f07cf9e229dadf071489445e4a54..69dcc61492f72bb9ef36848dd1fe8429e777f5a2 100644
--- a/nixos/modules/tests/private-storage.nix
+++ b/nixos/modules/tests/private-storage.nix
@@ -84,7 +84,11 @@ let
in
"${node}.succeed('set -eo pipefail; ${command} | systemd-cat')";
- pspkgs = import ../../../nixpkgs-ps.nix { };
+ ourpkgs-module = {pkgs, ...}: {
+ config = {
+ _module.args.ourpkgs = pkgs.callPackage ../../pkgs {};
+ };
+ };
in {
# https://nixos.org/nixos/manual/index.html#sec-nixos-tests
@@ -92,12 +96,13 @@ in {
nodes = rec {
# Get a machine where we can run a Tahoe-LAFS client node.
client =
- { config, pkgs, ... }:
- { environment.systemPackages = [
+ { config, pkgs, ourpkgs, ... }:
+ { imports = [ ourpkgs-module ];
+ environment.systemPackages = [
pkgs.daemonize
# A Tahoe-LAFS configuration capable of using the right storage
# plugin.
- pspkgs.privatestorage
+ ourpkgs.privatestorage
# Support for the tests we'll run.
(pkgs.python3.withPackages (ps: [ ps.requests ps.hyperlink ]))
];
@@ -110,7 +115,8 @@ in {
storage =
{ config, pkgs, ... }:
{ imports =
- [ ../private-storage.nix
+ [ ourpkgs-module
+ ../private-storage.nix
../ssh.nix
];
services.private-storage = {
@@ -128,7 +134,8 @@ in {
issuer =
{ config, pkgs, ... }:
{ imports =
- [ ../issuer.nix
+ [ ourpkgs-module
+ ../issuer.nix
../ssh.nix
];
services.private-storage.sshUsers = sshUsers;
diff --git a/nixos/modules/tests/tahoe.nix b/nixos/modules/tests/tahoe.nix
index a582accfc09c404383d796c28b6072de70a02ce7..b1a30a1877ed2e9161f6836cf638f1fd2cae6b28 100644
--- a/nixos/modules/tests/tahoe.nix
+++ b/nixos/modules/tests/tahoe.nix
@@ -1,15 +1,20 @@
{ ... }:
let
- pspkgs = import ../../../nixpkgs-ps.nix { };
+ ourpkgs-module = {pkgs, ...}: {
+ config = {
+ _module.args.ourpkgs = pkgs.callPackage ../../pkgs {};
+ };
+ };
in {
nodes = {
- storage = { config, pkgs, ... }: {
+ storage = { config, pkgs, ourpkgs, ... }: {
imports = [
+ ourpkgs-module
../tahoe.nix
];
services.tahoe.nodes.storage = {
- package = pspkgs.privatestorage;
+ package = ourpkgs.privatestorage;
sections = {
node = {
nickname = "storage";
diff --git a/nixos/pkgs/default.nix b/nixos/pkgs/default.nix
new file mode 100644
index 0000000000000000000000000000000000000000..761007f1ef8d925cd0d498b89a933a218a0bd7af
--- /dev/null
+++ b/nixos/pkgs/default.nix
@@ -0,0 +1,24 @@
+# Expose all our locally defined packages as attributes.
+# In `gridlib.base`, we expose this as a new `ourpkgs` module argument.
+# To access this directly, you can call this as::
+#
+# pkgs.callPackage ./nixos/pkgs
+{buildPlatform, hostPlatform, callPackage}:
+let
+ # Our own nixpkgs fork:
+ ourpkgs = import ../../nixpkgs-ps.nix {
+ # Ensure that the fork is configured for the same system
+ # as we were called with.
+ localSystem = buildPlatform;
+ crossSystem = hostPlatform;
+ # Ensure that configuration of the system where this runs
+ # doesn't leak into what we build.
+ # See https://github.com/NixOS/nixpkgs/issues/62513
+ config = {};
+ overlays = [];
+ };
+in
+{
+ zkapissuer = callPackage ./zkapissuer {};
+ inherit (ourpkgs) privatestorage leasereport;
+}