From e91263664b74d09a36b09f361aceec1406cad9ea Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Thu, 24 Jun 2021 09:02:37 -0400
Subject: [PATCH] Teach the private-storage module to construct its own public
address
Just require hostName and domain instead of an extra publicIPv4 option. Leave
behind a similar option, `publicAddress`, just in case it needs to be
overridden at some point, but stop supplying a value for it anywhere.
---
morph/grid/local/config.json | 3 ++-
morph/grid/local/grid.nix | 2 --
morph/grid/production/config.json | 3 ++-
morph/grid/testing/config.json | 3 ++-
morph/grid/testing/grid.nix | 3 +--
morph/lib/customize-storage.nix | 6 ++++--
nixos/modules/private-storage.nix | 19 +++++++++++++------
7 files changed, 24 insertions(+), 15 deletions(-)
diff --git a/morph/grid/local/config.json b/morph/grid/local/config.json
index 38f00367..4c3fd003 100644
--- a/morph/grid/local/config.json
+++ b/morph/grid/local/config.json
@@ -1,4 +1,5 @@
-{ "publicStoragePort": 8898
+{ "domain": "local"
+, "publicStoragePort": 8898
, "ristrettoSigningKeyPath": "./secrets/ristretto.signing-key"
, "stripeSecretKeyPath": "./secrets/stripe.secret"
, "monitoringvpnKeyDir": "./secrets/monitoringvpn"
diff --git a/morph/grid/local/grid.nix b/morph/grid/local/grid.nix
index 88c19818..c7897997 100644
--- a/morph/grid/local/grid.nix
+++ b/morph/grid/local/grid.nix
@@ -25,7 +25,6 @@ let
gridlib.storage
(import ./virtual-hardware.nix ({ inherit publicIPv4; }))
(gridlib.customize-storage (config // {
- inherit publicIPv4;
monitoringvpnIPv4 = "172.23.23.12";
stateVersion = "19.09";
}))
@@ -37,7 +36,6 @@ let
gridlib.storage
(import ./virtual-hardware.nix ({ inherit publicIPv4; }))
(gridlib.customize-storage (config // {
- inherit publicIPv4;
monitoringvpnIPv4 = "172.23.23.13";
stateVersion = "19.09";
}))
diff --git a/morph/grid/production/config.json b/morph/grid/production/config.json
index ef7dc536..21e080d5 100644
--- a/morph/grid/production/config.json
+++ b/morph/grid/production/config.json
@@ -1,4 +1,5 @@
-{ "publicStoragePort": 8898
+{ "domain": "private.storage"
+, "publicStoragePort": 8898
, "ristrettoSigningKeyPath": "./secrets/ristretto.signing-key"
, "stripeSecretKeyPath": "./secrets/stripe.secret"
, "monitoringvpnKeyDir": "./secrets/monitoringvpn"
diff --git a/morph/grid/testing/config.json b/morph/grid/testing/config.json
index a44b465f..c069bbed 100644
--- a/morph/grid/testing/config.json
+++ b/morph/grid/testing/config.json
@@ -1,4 +1,5 @@
-{ "publicStoragePort": 8898
+{ "domain": "privatestorage-staging.com"
+, "publicStoragePort": 8898
, "ristrettoSigningKeyPath": "./secrets/ristretto.signing-key"
, "stripeSecretKeyPath": "./secrets/stripe.secret"
, "monitoringvpnKeyDir": "./secrets/monitoringvpn"
diff --git a/morph/grid/testing/grid.nix b/morph/grid/testing/grid.nix
index 8e68558a..67ba8303 100644
--- a/morph/grid/testing/grid.nix
+++ b/morph/grid/testing/grid.nix
@@ -21,12 +21,11 @@ let
];
};
- storage001 = let publicIPv4 = "3.120.26.190"; in {
+ storage001 = {
imports = [
gridlib.storage
./testing001-hardware.nix
(gridlib.customize-storage (config // {
- inherit publicIPv4;
monitoringvpnIPv4 = "172.23.23.12";
stateVersion = "19.03";
}))
diff --git a/morph/lib/customize-storage.nix b/morph/lib/customize-storage.nix
index 2153d78a..6a5766a3 100644
--- a/morph/lib/customize-storage.nix
+++ b/morph/lib/customize-storage.nix
@@ -2,7 +2,7 @@
, passValue
, publicStoragePort
, sshUsers
-, publicIPv4
+, domain
, monitoringvpnKeyDir
, monitoringvpnEndpoint
, monitoringvpnIPv4
@@ -15,8 +15,10 @@
"monitoringvpn-preshared-key".source = "${monitoringvpnKeyDir}/preshared.key";
};
+ networking.domain = domain;
+
services.private-storage = {
- inherit sshUsers publicIPv4 passValue publicStoragePort;
+ inherit sshUsers passValue publicStoragePort;
};
services.private-storage.monitoring.vpn.client = {
diff --git a/nixos/modules/private-storage.nix b/nixos/modules/private-storage.nix
index 52720e61..38e22470 100644
--- a/nixos/modules/private-storage.nix
+++ b/nixos/modules/private-storage.nix
@@ -18,6 +18,12 @@ let
# NOTE: This is promised by the service privacy policy. It *may not* be
# raised without following the process for updating the privacy policy.
max-incident-age = "29d";
+
+ fqdn = "${
+ assert config.networking.hostName != null; config.networking.hostName
+ }.${
+ assert config.networking.domain != null; config.networking.domain
+ }";
in
{
imports = [
@@ -38,12 +44,13 @@ in
The package to use for the Tahoe-LAFS daemon.
'';
};
- services.private-storage.publicIPv4 = lib.mkOption
- { default = "127.0.0.1";
+ services.private-storage.publicAddress = lib.mkOption
+ { default = "${fqdn}";
type = lib.types.str;
- example = lib.literalExample "192.0.2.0";
+ example = lib.literalExample "storage.example.invalid";
description = ''
- An IPv4 address to advertise for this storage service.
+ A publicly-visible address to use in Tahoe-LAFS advertisements for
+ this storage service.
'';
};
services.private-storage.introducerFURL = lib.mkOption
@@ -63,7 +70,7 @@ in
'';
};
services.private-storage.issuerRootURL = lib.mkOption
- { default = "https://issuer.privatestorage.io/";
+ { default = "https://issuer.${config.networking.domain}/";
type = lib.types.str;
example = lib.literalExample "https://example.invalid/";
description = ''
@@ -122,7 +129,7 @@ in
# First, in the syntax which it uses to listen.
"tub.port" = "tcp:${toString cfg.publicStoragePort}";
# Second, in the syntax it advertises to in the fURL.
- "tub.location" = "tcp:${cfg.publicIPv4}:${toString cfg.publicStoragePort}";
+ "tub.location" = "tcp:${cfg.publicAddress}:${toString cfg.publicStoragePort}";
};
storage =
{ enabled = true;
--
GitLab