diff --git a/morph/grid/production/.gitignore b/morph/grid/production/.gitignore old mode 100644 new mode 100755 diff --git a/morph/grid/production/config.json b/morph/grid/production/config.json index 8f81daf2464b07cd7fe646b95de29ddceb3aadb1..dca2b2ec9e37228753e7d3c0f5808eee0ee360a8 100644 --- a/morph/grid/production/config.json +++ b/morph/grid/production/config.json @@ -1,20 +1,18 @@ -{ "domain": "private.storage" +{ "domain": "deerfield.leastauthority.com" , "publicStoragePort": 8898 , "privateKeyPath": "./private-keys" , "publicKeyPath": "./public-keys" -, "monitoringvpnEndpoint": "monitoring.private.storage:51820" +, "monitoringvpnEndpoint": "monitoring.deerfield.leastauthority.com:51820" , "passValue": 1000000 , "issuerDomains": [ - "payments.private.storage" - , "payments.privatestorage.io" + "payments.deerfield.leastauthority.com" ] , "monitoringDomains": [ - "monitoring.private.storage" - , "monitoring.privatestorage.io" - ] -, "letsEncryptAdminEmail": "jean-paul@privatestorage.io" + "monitoring.deerfield.leastauthority.com" +] +, "letsEncryptAdminEmail": "infrastructure@leastauthority.com" , "allowedChargeOrigins": [ - "https://private.storage" + "https://leastauthority.com" ] -, "monitoringGoogleOAuthClientID": "802959152038-klpkk38sfnqmknn1ucg7pvs4hcc2k8ae.apps.googleusercontent.com" +, "monitoringGoogleOAuthClientID": "" } diff --git a/morph/grid/production/grid.nix b/morph/grid/production/grid.nix old mode 100644 new mode 100755 index 06fe07f8277bf81e26e2f9f735783614c117a7b3..cbb1a03e3a416ad999b1ce4e1a9f9be783a94b66 --- a/morph/grid/production/grid.nix +++ b/morph/grid/production/grid.nix @@ -27,11 +27,10 @@ let gridName = "production"; }; }; - payments = { imports = [ gridlib.issuer - gridlib.hardware-aws + gridlib.hardware-payments-ovh grid-module ]; config = { @@ -45,7 +44,7 @@ let monitoring = { imports = [ gridlib.monitoring - gridlib.hardware-aws + gridlib.hardware-monitoring-ovh grid-module ]; config = { @@ -54,7 +53,7 @@ let inherit paymentExporterTargets blackboxExporterHttpsTargets; inherit (grid-config) monitoringDomains; googleOAuthClientID = grid-config.monitoringGoogleOAuthClientID; - enableSlackAlert = true; + enableSlackAlert = false; }; system.stateVersion = "19.09"; }; @@ -108,25 +107,19 @@ let storage001 = { vpnIP = "172.23.23.21"; stateVersion = "19.09"; }; storage002 = { vpnIP = "172.23.23.22"; stateVersion = "19.09"; }; storage003 = { vpnIP = "172.23.23.23"; stateVersion = "19.09"; }; - storage004 = { vpnIP = "172.23.23.24"; stateVersion = "19.09"; }; - storage005 = { vpnIP = "172.23.23.25"; stateVersion = "19.03"; }; }; paymentExporterTargets = [ "payments.monitoringvpn" ]; blackboxExporterHttpsTargets = [ - "https://private.storage/" - "https://www.private.storage/" - "https://privatestorage.io/" - "https://www.privatestorage.io/" - "https://payments.private.storage/" - "https://payments.privatestorage.io/" - "https://monitoring.private.storage/" - "https://monitoring.privatestorage.io/" + "https://deerfield.leastauthority.com/" + "https://www.deerfield.leastauthority.com/" + "https://payments.deerfield.leastauthority.com/" + "https://monitoring.deerfield.leastauthority.com/" ]; in { network = { - description = "PrivateStorage.io Production Grid"; + description = "HRO Grid"; inherit (gridlib) pkgs; }; inherit payments; diff --git a/morph/grid/production/public-keys/borgbackup/storage001.repopath b/morph/grid/production/public-keys/borgbackup/storage001.repopath old mode 100644 new mode 100755 diff --git a/morph/grid/production/public-keys/borgbackup/storage002.repopath b/morph/grid/production/public-keys/borgbackup/storage002.repopath old mode 100644 new mode 100755 diff --git a/morph/grid/production/public-keys/borgbackup/storage003.repopath b/morph/grid/production/public-keys/borgbackup/storage003.repopath old mode 100644 new mode 100755 diff --git a/morph/grid/production/public-keys/borgbackup/storage004.repopath b/morph/grid/production/public-keys/borgbackup/storage004.repopath old mode 100644 new mode 100755 diff --git a/morph/grid/production/public-keys/borgbackup/storage005.repopath b/morph/grid/production/public-keys/borgbackup/storage005.repopath old mode 100644 new mode 100755 diff --git a/morph/grid/production/public-keys/deploy_key.pub b/morph/grid/production/public-keys/deploy_key.pub old mode 100644 new mode 100755 index 3d9ea022d26654ba7b18bd3426a464049b58c9ea..9338b184e6f67685f1a2a68d4338b8f755c2a473 --- a/morph/grid/production/public-keys/deploy_key.pub +++ b/morph/grid/production/public-keys/deploy_key.pub @@ -1 +1 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK50RwXncelNB4JAazoXEhCxXbJZ79qWcQMAWeX14H+W exarkun@baryon +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC2ME4kxDgS5KtwdITfq4hKuB6mQDv2zYsPcUlhXhZkS jehad@nixos \ No newline at end of file diff --git a/morph/grid/production/public-keys/monitoringvpn/172.23.23.1.pub b/morph/grid/production/public-keys/monitoringvpn/172.23.23.1.pub old mode 100644 new mode 100755 index 79248b8afc2e5d58ce0e2829c34266d377e2ffa5..5e1f8829e4ce978bbfb35c86ab5578c9bfedf971 --- a/morph/grid/production/public-keys/monitoringvpn/172.23.23.1.pub +++ b/morph/grid/production/public-keys/monitoringvpn/172.23.23.1.pub @@ -1 +1 @@ -f4PF38t1ZRneFCV+12irDbMuG81WK6jiH0Ba+P+XtXM= +An7g9oexXQizNu6PTNWuLHDprwd5GydHHd2fuImvhGs= diff --git a/morph/grid/production/public-keys/monitoringvpn/172.23.23.11.pub b/morph/grid/production/public-keys/monitoringvpn/172.23.23.11.pub old mode 100644 new mode 100755 index c085058430258c7c5a4c3fe6a2a2e87ebce56543..ca6afb607f2cb4197e2db5e087727a15e6e9baca --- a/morph/grid/production/public-keys/monitoringvpn/172.23.23.11.pub +++ b/morph/grid/production/public-keys/monitoringvpn/172.23.23.11.pub @@ -1 +1 @@ -yBdp154+SjyjTJM6ag1mbdnXORWrv/mJ01NJdkEe9VY= +mVXVGBpS/rHp5qQG8izNdP/Tpj5TXO9CA4CGJ5c0cXk= diff --git a/morph/grid/production/public-keys/monitoringvpn/172.23.23.21.pub b/morph/grid/production/public-keys/monitoringvpn/172.23.23.21.pub old mode 100644 new mode 100755 index 5c6351937d9d746d6c1e0ebca3439dc49a1f4574..ebd2e8f75964b0dec876a52022b2702e6361e48e --- a/morph/grid/production/public-keys/monitoringvpn/172.23.23.21.pub +++ b/morph/grid/production/public-keys/monitoringvpn/172.23.23.21.pub @@ -1 +1 @@ -G0//oetsCGa75x8rLsg98c9GT9a0ncf1yG9w2+5JV0M= +aKsdXaE+1YINE71pX2BLiaIrxeSXbr/F/lHo/gDSxG4= diff --git a/morph/grid/production/public-keys/monitoringvpn/172.23.23.22.pub b/morph/grid/production/public-keys/monitoringvpn/172.23.23.22.pub old mode 100644 new mode 100755 index 1ec8fbe3f88c3d126b1c7a19a3c80ff55cedbe0c..2f5ca047322a49b71c4451bba1c924477cf67239 --- a/morph/grid/production/public-keys/monitoringvpn/172.23.23.22.pub +++ b/morph/grid/production/public-keys/monitoringvpn/172.23.23.22.pub @@ -1 +1 @@ -Zq4OsMOTJ2NsVi00hB0x20mMqvoCrDUfleoI5rzIeEc= +GCnw0k/Y4HDkRCSpZ/hrpMIGQt6LViS7ub25cpbHm3Q= diff --git a/morph/grid/production/public-keys/monitoringvpn/172.23.23.23.pub b/morph/grid/production/public-keys/monitoringvpn/172.23.23.23.pub old mode 100644 new mode 100755 index a5ce0ad526a0a0b949488304c05f0cc055695634..07cf3a9af3a8d9fcd708ddbab6dfd049c0409a7e --- a/morph/grid/production/public-keys/monitoringvpn/172.23.23.23.pub +++ b/morph/grid/production/public-keys/monitoringvpn/172.23.23.23.pub @@ -1 +1 @@ -9ThSUgSNrykQEULj70QQyjlvtvGTmMPqsRMz8hc9xHA= +8xMB69/yQDyjfXbPWn3VWqXKqRT/yCZ/RGjy1hLBE2Y= diff --git a/morph/grid/production/public-keys/monitoringvpn/172.23.23.24.pub b/morph/grid/production/public-keys/monitoringvpn/172.23.23.24.pub old mode 100644 new mode 100755 diff --git a/morph/grid/production/public-keys/monitoringvpn/172.23.23.25.pub b/morph/grid/production/public-keys/monitoringvpn/172.23.23.25.pub old mode 100644 new mode 100755 diff --git a/morph/grid/production/public-keys/users.nix b/morph/grid/production/public-keys/users.nix old mode 100644 new mode 100755 index f01fa8a8c4aacab521032b38c5cfc7a93f532cbe..953c20d152299043eaf302db3c260cceba069047 --- a/morph/grid/production/public-keys/users.nix +++ b/morph/grid/production/public-keys/users.nix @@ -1,8 +1,6 @@ let - jcalderone = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGN4VQm3BIQKEFTw6aPrEwNuShf640N+Py2LOKznFCRT exarkun@bottom"]; - flo = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII6EUU/KNDr7y3m5OVWBZAuPiMJ4us3YOBEhxpG29yPN flo@la"]; + jbaeth = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC2ME4kxDgS5KtwdITfq4hKuB6mQDv2zYsPcUlhXhZkS jehad@nixos"]; in { - "root" = jcalderone ++ flo; - "jcalderone" = jcalderone; - "flo" = flo; + "root" = jbaeth; + "jbaeth" = jbaeth; } diff --git a/morph/grid/production/storage001-config.nix b/morph/grid/production/storage001-config.nix old mode 100644 new mode 100755 index 63b0e876c32995e10e24e7afa5b9aa9c41025b51..d4f4082cf2ee5fc2548ada730d67fa6d0e1e6210 --- a/morph/grid/production/storage001-config.nix +++ b/morph/grid/production/storage001-config.nix @@ -1,8 +1,14 @@ +#100tb { "hostId" = "00000001"; "interface" = "eno1"; - "publicIPv4" = "176.113.72.38"; - "prefixLength" = 30; - "gateway" = "176.113.72.37"; + "publicIPv4" = "185.225.209.174"; + "prefixLength" = 24; + "gateway" = "185.225.209.173"; "gatewayInterface" = "eno1"; - "grubDeviceID" = "wwn-0x5000cca25cc08d27"; + "grubDeviceID" = "nodev"; #might be wrong + "efiSupport" = true; + #"efiInstallAsRemovable" = true; + "fsIdentifier" = "label"; + #"canTouchEfiVariables" = false; + "systemd-boot" = false; } diff --git a/morph/grid/production/storage001-hardware.nix b/morph/grid/production/storage001-hardware.nix old mode 100644 new mode 100755 index b2ca97c1db1b9721b93f2662d6e8d34189d5a0ab..80608f1a16fa2a41e8f576eaecc85657aaec0cfb --- a/morph/grid/production/storage001-hardware.nix +++ b/morph/grid/production/storage001-hardware.nix @@ -8,35 +8,29 @@ [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ]; - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "ehci_pci" "megaraid_sas" "usbhid" "sd_mod" ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - boot.kernel.sysctl = { "vm.swappiness" = 0; }; fileSystems."/" = - { device = "/dev/disk/by-uuid/f72c1f46-6723-45bf-9ef7-92f31cc37589"; + { device = "/dev/disk/by-uuid/d0837e6f-72cb-4ffa-85ba-fd57bbbd9a97"; fsType = "ext4"; }; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/cb3a16e1-d811-4659-be42-15e5e35cd37a"; - fsType = "ext4"; + { device = "/dev/disk/by-uuid/915E-08F9"; + fsType = "vfat"; }; - # Manually created using: - # zpool create -f -m legacy -o ashift=12 root raidz /dev/disk/by-id/{wwn-0x5000cca25cc06670,wwn-0x5000cca244c94a41,wwn-0x5000cca24ceb8bb4,wwn-0x500003983bd01315,wwn-0x500003983bd812b2,wwn-0x5000cca25cc09d0c,wwn-0x5000c500921dd6b6} - fileSystems."/storage" = + fileSystems."/storage" = { device = "root"; fsType = "zfs"; }; - swapDevices = [ { - device = "/var/swapfile"; - size = 8192; # megabytes - randomEncryption = true; - } ]; - + swapDevices = + [ { device = "/dev/disk/by-uuid/45eb994e-0d1b-4903-9412-920f0ba017c9"; } + ]; nix.maxJobs = lib.mkDefault 24; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; diff --git a/morph/grid/production/storage002-config.nix b/morph/grid/production/storage002-config.nix old mode 100644 new mode 100755 index d74a99ec1824d798564cd4c469684af1dcf989d4..270160fd5a279bed88b85eb1a6933c14075c17ef --- a/morph/grid/production/storage002-config.nix +++ b/morph/grid/production/storage002-config.nix @@ -1,8 +1,14 @@ +#Servermania { "hostId" = "00000002"; "interface" = "eno1"; - "publicIPv4" = "37.120.214.110"; - "prefixLength" = 30; - "gateway" = "37.120.214.109"; + "publicIPv4" = "104.144.74.50"; + "prefixLength" = 29; + "gateway" = "104.144.74.49"; "gatewayInterface" = "eno1"; - "grubDeviceID" = "wwn-0x5000cca25dccb3dc"; + "grubDeviceID" = "nodev"; #nodev if we want to use efi (double check) + #"canTouchEfiVariables" = false; + "efiSupport" = true; + #"efiInstallAsRemovable" = true; + "fsIdentifier" = "label"; + "systemd-boot" = false; } diff --git a/morph/grid/production/storage002-hardware.nix b/morph/grid/production/storage002-hardware.nix old mode 100644 new mode 100755 index 2f354ad29930f048f7eb20b54a1504ed87db85a1..c011e02f86e5da2e0f17c356e4e7507f6af97376 --- a/morph/grid/production/storage002-hardware.nix +++ b/morph/grid/production/storage002-hardware.nix @@ -15,7 +15,7 @@ boot.kernel.sysctl = { "vm.swappiness" = 0; }; fileSystems."/" = - { device = "/dev/disk/by-uuid/0e92ada9-effb-42e2-a26a-9cdb529bcdc7"; + { device = "/dev/disk/by-uuid/c8d29070-c5d3-4cfb-9bb2-c14d3727c45b"; fsType = "ext4"; }; @@ -27,15 +27,13 @@ }; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/50b73d78-12cd-4599-a774-57af14e6d9f7"; - fsType = "ext4"; + { device = "/dev/disk/by-uuid/3648-C8F5"; + fsType = "vfat"; }; - swapDevices = [ { - device = "/var/swapfile"; - size = 8192; # megabytes - randomEncryption = true; - } ]; + swapDevices = + [ { device = "/dev/disk/by-uuid/51e0652f-46c9-4150-95a1-223f37154d4f"; } + ]; nix.maxJobs = lib.mkDefault 24; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; diff --git a/morph/grid/production/storage003-config.nix b/morph/grid/production/storage003-config.nix old mode 100644 new mode 100755 index 5b3f5adf969317322b2c39014e6500294b5f3c02..6abce610529bbac5ff022f7950c1fcfae1060beb --- a/morph/grid/production/storage003-config.nix +++ b/morph/grid/production/storage003-config.nix @@ -1,8 +1,11 @@ -{ "hostId" = "00000003"; - "interface" = "eno1"; - "publicIPv4" = "45.83.89.186"; - "prefixLength" = 30; - "gateway" = "45.83.89.185"; - "gatewayInterface" = "eno1"; - "grubDeviceID" = "wwn-0x5000039a8bc00766"; +#OVH +{ "hostId" = "00000001"; + "interface" = "eno3"; + "publicIPv4" = "151.80.28.108"; + "prefixLength" = 24; + "gateway" = "151.80.28.254"; + "gatewayInterface" = "eno3"; + "grubDeviceID" = "nodev"; + #"grubDeviceID" = "nvme-eui.e8238fa6bf530001001b448b463b77bf"; + "systemd-boot" = true; } diff --git a/morph/grid/production/storage003-hardware.nix b/morph/grid/production/storage003-hardware.nix old mode 100644 new mode 100755 index d8ffe5d59fb39ba4a9c6b1b73313f199a2ed980b..3ff5509088b942ad99fe7997db835ba9b96427f2 --- a/morph/grid/production/storage003-hardware.nix +++ b/morph/grid/production/storage003-hardware.nix @@ -16,13 +16,13 @@ boot.kernel.sysctl = { "vm.swappiness" = 0; }; fileSystems."/" = - { device = "/dev/disk/by-uuid/240fc1f6-cd55-48a3-ac80-5b3550a32ef5"; + { device = "/dev/disk/by-uuid/56a050e2-daee-40e2-becb-17d1f7908ceb"; fsType = "ext4"; }; fileSystems."/boot" = - { device = "/dev/disk/by-label/boot"; - fsType = "ext4"; + { device = "/dev/disk/by-uuid/B89B-F110"; + fsType = "vfat"; }; # Manually created using: @@ -32,11 +32,9 @@ fsType = "zfs"; }; - swapDevices = [ { - device = "/var/swapfile"; - size = 8192; # megabytes - randomEncryption = true; - } ]; + swapDevices = + [ { device = "/dev/disk/by-uuid/e47cfddc-485c-46fb-9004-c9b8619b81ff"; } + ]; nix.maxJobs = lib.mkDefault 24; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; diff --git a/morph/grid/production/storage004-config.nix b/morph/grid/production/storage004-config.nix deleted file mode 100644 index 8201391c433281092044a284fb5c15a9933929cb..0000000000000000000000000000000000000000 --- a/morph/grid/production/storage004-config.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ "hostId" = "00000004"; - "interface" = "eno1"; - "publicIPv4" = "87.101.93.198"; - "prefixLength" = 30; - "gateway" = "87.101.93.197"; - "gatewayInterface" = "eno1"; - "grubDeviceID" = "wwn-0x5000cca249d45533"; -} diff --git a/morph/grid/production/storage004-hardware.nix b/morph/grid/production/storage004-hardware.nix deleted file mode 100644 index 1fe78a76e813605d8e181d5a858062f77114ba38..0000000000000000000000000000000000000000 --- a/morph/grid/production/storage004-hardware.nix +++ /dev/null @@ -1,37 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: - -{ - imports = - [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> - ]; - - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "ehci_pci" "megaraid_sas" "usbhid" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - boot.kernel.sysctl = { "vm.swappiness" = 0; }; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/d628122e-05d9-4212-b6a5-4b9516d85dbe"; - fsType = "ext4"; - }; - - # Manually created using: - # zpool create -f -m legacy -o ashift=12 root raidz /dev/disk/by-id/{wwn-0x5000cca25cc0b6f9,wwn-0x5000cca25cc073af,wwn-0x5000cca25dcca3b5,wwn-0x5000cca25cc0addc,wwn-0x5000cca25cc08772,wwn-0x5000cca25dcc6f5f,wwn-0x5000cca25dcc4491} - fileSystems."/storage" = - { device = "root"; - fsType = "zfs"; - }; - - swapDevices = [ { - device = "/var/swapfile"; - size = 8192; # megabytes - randomEncryption = true; - } ]; - - nix.maxJobs = lib.mkDefault 32; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; -} diff --git a/morph/grid/production/storage005-config.nix b/morph/grid/production/storage005-config.nix deleted file mode 100644 index 42ac495af0064b52acdd0cbd287d84aba1f0bd0c..0000000000000000000000000000000000000000 --- a/morph/grid/production/storage005-config.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ "hostId" = "00000005"; - "interface" = "eno1"; - "publicIPv4" = "193.148.18.206"; - "prefixLength" = 30; - "gateway" = "193.148.18.205"; - "gatewayInterface" = "eno1"; - "grubDeviceID" = "wwn-0x5000cca25dcc78b5"; -} diff --git a/morph/grid/production/storage005-hardware.nix b/morph/grid/production/storage005-hardware.nix deleted file mode 100644 index e8f7b6391b4cb1c8d3e6059c1fd09512a0cc370b..0000000000000000000000000000000000000000 --- a/morph/grid/production/storage005-hardware.nix +++ /dev/null @@ -1,42 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: - -{ - imports = - [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> - ]; - - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "ehci_pci" "megaraid_sas" "usbhid" "usb_storage" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - boot.kernel.sysctl = { "vm.swappiness" = 0; }; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/2653c6bb-396f-4911-b9ff-b68de8f9715d"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/68edb827-6750-483d-891e-462333f2dbc1"; - fsType = "ext4"; - }; - - # Manually created using: - # zpool create -m legacy -o ashift=12 root raidz /dev/disk/by-id/{wwn-0x5000cca25dcc7721,wwn-0x5000cca25dcb2ebe,wwn-0x5000cca25dcb1184,scsi-35000cca25dcca2bd,wwn-0x5000cca244c977af,wwn-0x5000cca244c97e6e,wwn-0x5000cca25cc0a136} - fileSystems."/storage" = { - device = "root"; - fsType = "zfs"; - }; - - swapDevices = [ { - device = "/var/swapfile"; - size = 8192; # megabytes - randomEncryption = true; - } ]; - - nix.maxJobs = lib.mkDefault 32; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; -} diff --git a/morph/lib/default.nix b/morph/lib/default.nix old mode 100644 new mode 100755 index c99c19a57e45a27e585830a8dfff95fa3d9d2efb..6b91aab9cb4cdd4a632745b0c09c13b3dca062c9 --- a/morph/lib/default.nix +++ b/morph/lib/default.nix @@ -6,6 +6,8 @@ hardware-aws = import ./issuer-aws.nix; hardware-vagrant = import ./hardware-vagrant.nix; + hardware-monitoring-ovh = import ./issuer-monitoring-ovh.nix; + hardware-payments-ovh = import ./issuer-payments-ovh.nix; issuer = import ./issuer.nix; storage = import ./storage.nix; diff --git a/morph/lib/issuer-monitoring-ovh.nix b/morph/lib/issuer-monitoring-ovh.nix new file mode 100755 index 0000000000000000000000000000000000000000..51a51afdfa913744a0bbe9116e6ed3c8786250a3 --- /dev/null +++ b/morph/lib/issuer-monitoring-ovh.nix @@ -0,0 +1,40 @@ +{ modulesPath, name, lib, ... }: { + + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + boot.loader.grub.device = "/dev/sda"; + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ]; + boot.initrd.kernelModules = [ "nvme" ]; + fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; + + + + swapDevices = [ { + device = "/var/swapfile"; + size = 4096; # megabytes + randomEncryption = true; + } ]; + + # Break the tie between AWS and morph for the hostname by forcing the + # morph-supplied name. See also + # <https://github.com/DBCDK/morph/issues/146>. + networking.hostName = name; + + # Mount a dedicated filesystem (ideally on a dedicated volume, but that's + # beyond control of this particular part of the system) for the + # PaymentServer voucher database. This makes it easier to manage for + # tasks like backup/recovery and encryption. + services.private-storage-issuer.databaseFileSystem = { + label = "zkapissuer-data"; + }; + + # Clean up packages after a while + nix.gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 30d"; + }; + + # Turn on automatic optimization of nix store + # https://nixos.wiki/wiki/Storage_optimization + nix.autoOptimiseStore = true; +} diff --git a/morph/lib/issuer-payments-ovh.nix b/morph/lib/issuer-payments-ovh.nix new file mode 100755 index 0000000000000000000000000000000000000000..73c606f62d3a81184ffd8469ed5b7733fa03c525 --- /dev/null +++ b/morph/lib/issuer-payments-ovh.nix @@ -0,0 +1,36 @@ +{ modulesPath, name, lib, ... }: { + + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + boot.loader.grub.device = "/dev/sda"; + fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; + + swapDevices = [ { + device = "/var/swapfile"; + size = 4096; # megabytes + randomEncryption = true; + } ]; + + # Break the tie between AWS and morph for the hostname by forcing the + # morph-supplied name. See also + # <https://github.com/DBCDK/morph/issues/146>. + networking.hostName = name; + + # Mount a dedicated filesystem (ideally on a dedicated volume, but that's + # beyond control of this particular part of the system) for the + # PaymentServer voucher database. This makes it easier to manage for + # tasks like backup/recovery and encryption. + services.private-storage-issuer.databaseFileSystem = { + label = "zkapissuer-data"; + }; + + # Clean up packages after a while + nix.gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 30d"; + }; + + # Turn on automatic optimization of nix store + # https://nixos.wiki/wiki/Storage_optimization + nix.autoOptimiseStore = true; +} diff --git a/morph/lib/storage.nix b/morph/lib/storage.nix old mode 100644 new mode 100755 index 1fd8c26ce3db81ae405025d97abe6068ce2a6903..6555fad503da84ee3154164a17e617751b937b1b --- a/morph/lib/storage.nix +++ b/morph/lib/storage.nix @@ -47,7 +47,7 @@ in { services.private-storage.monitoring.exporters.node.enable = true; services.private-storage.monitoring.exporters.tahoe.enable = true; - services.private-storage.borgbackup.enable = true; + services.private-storage.borgbackup.enable = false; # Turn on the Private Storage (Tahoe-LAFS) service. services.private-storage = { diff --git a/nixos/modules/100tb.nix b/nixos/modules/100tb.nix old mode 100644 new mode 100755 index 87554ef316b3c25076260d0f43aa8008941580e2..ef57324c9d7255dfc8d08cd20f7653f0470070cd --- a/nixos/modules/100tb.nix +++ b/nixos/modules/100tb.nix @@ -69,6 +69,32 @@ let example = "wwn-0x5000c500936410b9"; description = "The ID of the disk on which to install grub."; }; + fsIdentifier = lib.mkOption + { type = lib.types.str; + example = "nixos"; + description = "Determines how GRUB will identify devices when generating the configuration file"; + }; + efiInstallAsRemovable = lib.mkOption + { type = lib.types.bool; + example = false; + description = "Whether to invoke grub-install with --removable"; + }; + efiSupport = lib.mkOption + { type = lib.types.bool; + example = false; + description = "Whether GRUB should be built with EFI support. EFI support is only available for GRUB v2."; + }; + canTouchEfiVariables = lib.mkOption + { type = lib.types.bool; + example = false; + description = "Fill later"; + }; + systemd-boot = lib.mkOption + { type = lib.types.bool; + example = false; + description = "Fill later"; + }; + }; in { # Here we actually define the module's options. They're what we said they @@ -103,8 +129,8 @@ in { config = { boot.loader.grub.enable = true; boot.loader.grub.version = 2; - boot.loader.grub.device = "/dev/disk/by-id/${cfg.grubDeviceID}"; - + boot.loader.grub.device = if cfg.grubDeviceID == "nodev" then "nodev" else "/dev/disk/by-id/${cfg.grubDeviceID}"; + boot.loader.systemd-boot.enable = if cfg.systemd-boot == "" then false else cfg.systemd-boot; boot.loader.timeout = 10; networking.firewall.enable = false; diff --git a/tools/get-vpn-config.nix b/tools/get-vpn-config.nix old mode 100644 new mode 100755 index 11fb9ba349ad329d8fe27746d1b8eeb411332120..2e94e8df6b86b37932f7f0fad688612c52abc77e --- a/tools/get-vpn-config.nix +++ b/tools/get-vpn-config.nix @@ -15,3 +15,4 @@ in rec serverIP = vpnIP grid.monitoring; clientIPs = builtins.filter (x: x != serverIP && x != null) (map vpnIP (builtins.attrValues grid)); } +