diff --git a/morph/grid/production/.gitignore b/morph/grid/production/.gitignore
old mode 100644
new mode 100755
diff --git a/morph/grid/production/config.json b/morph/grid/production/config.json
index 8f81daf2464b07cd7fe646b95de29ddceb3aadb1..dca2b2ec9e37228753e7d3c0f5808eee0ee360a8 100644
--- a/morph/grid/production/config.json
+++ b/morph/grid/production/config.json
@@ -1,20 +1,18 @@
-{ "domain": "private.storage"
+{ "domain": "deerfield.leastauthority.com"
, "publicStoragePort": 8898
, "privateKeyPath": "./private-keys"
, "publicKeyPath": "./public-keys"
-, "monitoringvpnEndpoint": "monitoring.private.storage:51820"
+, "monitoringvpnEndpoint": "monitoring.deerfield.leastauthority.com:51820"
, "passValue": 1000000
, "issuerDomains": [
- "payments.private.storage"
- , "payments.privatestorage.io"
+ "payments.deerfield.leastauthority.com"
]
, "monitoringDomains": [
- "monitoring.private.storage"
- , "monitoring.privatestorage.io"
- ]
-, "letsEncryptAdminEmail": "jean-paul@privatestorage.io"
+ "monitoring.deerfield.leastauthority.com"
+]
+, "letsEncryptAdminEmail": "infrastructure@leastauthority.com"
, "allowedChargeOrigins": [
- "https://private.storage"
+ "https://leastauthority.com"
]
-, "monitoringGoogleOAuthClientID": "802959152038-klpkk38sfnqmknn1ucg7pvs4hcc2k8ae.apps.googleusercontent.com"
+, "monitoringGoogleOAuthClientID": ""
}
diff --git a/morph/grid/production/grid.nix b/morph/grid/production/grid.nix
old mode 100644
new mode 100755
index 06fe07f8277bf81e26e2f9f735783614c117a7b3..cbb1a03e3a416ad999b1ce4e1a9f9be783a94b66
--- a/morph/grid/production/grid.nix
+++ b/morph/grid/production/grid.nix
@@ -27,11 +27,10 @@ let
gridName = "production";
};
};
-
payments = {
imports = [
gridlib.issuer
- gridlib.hardware-aws
+ gridlib.hardware-payments-ovh
grid-module
];
config = {
@@ -45,7 +44,7 @@ let
monitoring = {
imports = [
gridlib.monitoring
- gridlib.hardware-aws
+ gridlib.hardware-monitoring-ovh
grid-module
];
config = {
@@ -54,7 +53,7 @@ let
inherit paymentExporterTargets blackboxExporterHttpsTargets;
inherit (grid-config) monitoringDomains;
googleOAuthClientID = grid-config.monitoringGoogleOAuthClientID;
- enableSlackAlert = true;
+ enableSlackAlert = false;
};
system.stateVersion = "19.09";
};
@@ -108,25 +107,19 @@ let
storage001 = { vpnIP = "172.23.23.21"; stateVersion = "19.09"; };
storage002 = { vpnIP = "172.23.23.22"; stateVersion = "19.09"; };
storage003 = { vpnIP = "172.23.23.23"; stateVersion = "19.09"; };
- storage004 = { vpnIP = "172.23.23.24"; stateVersion = "19.09"; };
- storage005 = { vpnIP = "172.23.23.25"; stateVersion = "19.03"; };
};
paymentExporterTargets = [ "payments.monitoringvpn" ];
blackboxExporterHttpsTargets = [
- "https://private.storage/"
- "https://www.private.storage/"
- "https://privatestorage.io/"
- "https://www.privatestorage.io/"
- "https://payments.private.storage/"
- "https://payments.privatestorage.io/"
- "https://monitoring.private.storage/"
- "https://monitoring.privatestorage.io/"
+ "https://deerfield.leastauthority.com/"
+ "https://www.deerfield.leastauthority.com/"
+ "https://payments.deerfield.leastauthority.com/"
+ "https://monitoring.deerfield.leastauthority.com/"
];
in {
network = {
- description = "PrivateStorage.io Production Grid";
+ description = "HRO Grid";
inherit (gridlib) pkgs;
};
inherit payments;
diff --git a/morph/grid/production/public-keys/borgbackup/storage001.repopath b/morph/grid/production/public-keys/borgbackup/storage001.repopath
old mode 100644
new mode 100755
diff --git a/morph/grid/production/public-keys/borgbackup/storage002.repopath b/morph/grid/production/public-keys/borgbackup/storage002.repopath
old mode 100644
new mode 100755
diff --git a/morph/grid/production/public-keys/borgbackup/storage003.repopath b/morph/grid/production/public-keys/borgbackup/storage003.repopath
old mode 100644
new mode 100755
diff --git a/morph/grid/production/public-keys/borgbackup/storage004.repopath b/morph/grid/production/public-keys/borgbackup/storage004.repopath
old mode 100644
new mode 100755
diff --git a/morph/grid/production/public-keys/borgbackup/storage005.repopath b/morph/grid/production/public-keys/borgbackup/storage005.repopath
old mode 100644
new mode 100755
diff --git a/morph/grid/production/public-keys/deploy_key.pub b/morph/grid/production/public-keys/deploy_key.pub
old mode 100644
new mode 100755
index 3d9ea022d26654ba7b18bd3426a464049b58c9ea..9338b184e6f67685f1a2a68d4338b8f755c2a473
--- a/morph/grid/production/public-keys/deploy_key.pub
+++ b/morph/grid/production/public-keys/deploy_key.pub
@@ -1 +1 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK50RwXncelNB4JAazoXEhCxXbJZ79qWcQMAWeX14H+W exarkun@baryon
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC2ME4kxDgS5KtwdITfq4hKuB6mQDv2zYsPcUlhXhZkS jehad@nixos
\ No newline at end of file
diff --git a/morph/grid/production/public-keys/monitoringvpn/172.23.23.1.pub b/morph/grid/production/public-keys/monitoringvpn/172.23.23.1.pub
old mode 100644
new mode 100755
index 79248b8afc2e5d58ce0e2829c34266d377e2ffa5..5e1f8829e4ce978bbfb35c86ab5578c9bfedf971
--- a/morph/grid/production/public-keys/monitoringvpn/172.23.23.1.pub
+++ b/morph/grid/production/public-keys/monitoringvpn/172.23.23.1.pub
@@ -1 +1 @@
-f4PF38t1ZRneFCV+12irDbMuG81WK6jiH0Ba+P+XtXM=
+An7g9oexXQizNu6PTNWuLHDprwd5GydHHd2fuImvhGs=
diff --git a/morph/grid/production/public-keys/monitoringvpn/172.23.23.11.pub b/morph/grid/production/public-keys/monitoringvpn/172.23.23.11.pub
old mode 100644
new mode 100755
index c085058430258c7c5a4c3fe6a2a2e87ebce56543..ca6afb607f2cb4197e2db5e087727a15e6e9baca
--- a/morph/grid/production/public-keys/monitoringvpn/172.23.23.11.pub
+++ b/morph/grid/production/public-keys/monitoringvpn/172.23.23.11.pub
@@ -1 +1 @@
-yBdp154+SjyjTJM6ag1mbdnXORWrv/mJ01NJdkEe9VY=
+mVXVGBpS/rHp5qQG8izNdP/Tpj5TXO9CA4CGJ5c0cXk=
diff --git a/morph/grid/production/public-keys/monitoringvpn/172.23.23.21.pub b/morph/grid/production/public-keys/monitoringvpn/172.23.23.21.pub
old mode 100644
new mode 100755
index 5c6351937d9d746d6c1e0ebca3439dc49a1f4574..ebd2e8f75964b0dec876a52022b2702e6361e48e
--- a/morph/grid/production/public-keys/monitoringvpn/172.23.23.21.pub
+++ b/morph/grid/production/public-keys/monitoringvpn/172.23.23.21.pub
@@ -1 +1 @@
-G0//oetsCGa75x8rLsg98c9GT9a0ncf1yG9w2+5JV0M=
+aKsdXaE+1YINE71pX2BLiaIrxeSXbr/F/lHo/gDSxG4=
diff --git a/morph/grid/production/public-keys/monitoringvpn/172.23.23.22.pub b/morph/grid/production/public-keys/monitoringvpn/172.23.23.22.pub
old mode 100644
new mode 100755
index 1ec8fbe3f88c3d126b1c7a19a3c80ff55cedbe0c..2f5ca047322a49b71c4451bba1c924477cf67239
--- a/morph/grid/production/public-keys/monitoringvpn/172.23.23.22.pub
+++ b/morph/grid/production/public-keys/monitoringvpn/172.23.23.22.pub
@@ -1 +1 @@
-Zq4OsMOTJ2NsVi00hB0x20mMqvoCrDUfleoI5rzIeEc=
+GCnw0k/Y4HDkRCSpZ/hrpMIGQt6LViS7ub25cpbHm3Q=
diff --git a/morph/grid/production/public-keys/monitoringvpn/172.23.23.23.pub b/morph/grid/production/public-keys/monitoringvpn/172.23.23.23.pub
old mode 100644
new mode 100755
index a5ce0ad526a0a0b949488304c05f0cc055695634..07cf3a9af3a8d9fcd708ddbab6dfd049c0409a7e
--- a/morph/grid/production/public-keys/monitoringvpn/172.23.23.23.pub
+++ b/morph/grid/production/public-keys/monitoringvpn/172.23.23.23.pub
@@ -1 +1 @@
-9ThSUgSNrykQEULj70QQyjlvtvGTmMPqsRMz8hc9xHA=
+8xMB69/yQDyjfXbPWn3VWqXKqRT/yCZ/RGjy1hLBE2Y=
diff --git a/morph/grid/production/public-keys/monitoringvpn/172.23.23.24.pub b/morph/grid/production/public-keys/monitoringvpn/172.23.23.24.pub
old mode 100644
new mode 100755
diff --git a/morph/grid/production/public-keys/monitoringvpn/172.23.23.25.pub b/morph/grid/production/public-keys/monitoringvpn/172.23.23.25.pub
old mode 100644
new mode 100755
diff --git a/morph/grid/production/public-keys/users.nix b/morph/grid/production/public-keys/users.nix
old mode 100644
new mode 100755
index f01fa8a8c4aacab521032b38c5cfc7a93f532cbe..953c20d152299043eaf302db3c260cceba069047
--- a/morph/grid/production/public-keys/users.nix
+++ b/morph/grid/production/public-keys/users.nix
@@ -1,8 +1,6 @@
let
- jcalderone = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGN4VQm3BIQKEFTw6aPrEwNuShf640N+Py2LOKznFCRT exarkun@bottom"];
- flo = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII6EUU/KNDr7y3m5OVWBZAuPiMJ4us3YOBEhxpG29yPN flo@la"];
+ jbaeth = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC2ME4kxDgS5KtwdITfq4hKuB6mQDv2zYsPcUlhXhZkS jehad@nixos"];
in {
- "root" = jcalderone ++ flo;
- "jcalderone" = jcalderone;
- "flo" = flo;
+ "root" = jbaeth;
+ "jbaeth" = jbaeth;
}
diff --git a/morph/grid/production/storage001-config.nix b/morph/grid/production/storage001-config.nix
old mode 100644
new mode 100755
index 63b0e876c32995e10e24e7afa5b9aa9c41025b51..d4f4082cf2ee5fc2548ada730d67fa6d0e1e6210
--- a/morph/grid/production/storage001-config.nix
+++ b/morph/grid/production/storage001-config.nix
@@ -1,8 +1,14 @@
+#100tb
{ "hostId" = "00000001";
"interface" = "eno1";
- "publicIPv4" = "176.113.72.38";
- "prefixLength" = 30;
- "gateway" = "176.113.72.37";
+ "publicIPv4" = "185.225.209.174";
+ "prefixLength" = 24;
+ "gateway" = "185.225.209.173";
"gatewayInterface" = "eno1";
- "grubDeviceID" = "wwn-0x5000cca25cc08d27";
+ "grubDeviceID" = "nodev"; #might be wrong
+ "efiSupport" = true;
+ #"efiInstallAsRemovable" = true;
+ "fsIdentifier" = "label";
+ #"canTouchEfiVariables" = false;
+ "systemd-boot" = false;
}
diff --git a/morph/grid/production/storage001-hardware.nix b/morph/grid/production/storage001-hardware.nix
old mode 100644
new mode 100755
index b2ca97c1db1b9721b93f2662d6e8d34189d5a0ab..80608f1a16fa2a41e8f576eaecc85657aaec0cfb
--- a/morph/grid/production/storage001-hardware.nix
+++ b/morph/grid/production/storage001-hardware.nix
@@ -8,35 +8,29 @@
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
- boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "ehci_pci" "megaraid_sas" "usbhid" "sd_mod" ];
+ boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
- boot.kernel.sysctl = { "vm.swappiness" = 0; };
fileSystems."/" =
- { device = "/dev/disk/by-uuid/f72c1f46-6723-45bf-9ef7-92f31cc37589";
+ { device = "/dev/disk/by-uuid/d0837e6f-72cb-4ffa-85ba-fd57bbbd9a97";
fsType = "ext4";
};
fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/cb3a16e1-d811-4659-be42-15e5e35cd37a";
- fsType = "ext4";
+ { device = "/dev/disk/by-uuid/915E-08F9";
+ fsType = "vfat";
};
- # Manually created using:
- # zpool create -f -m legacy -o ashift=12 root raidz /dev/disk/by-id/{wwn-0x5000cca25cc06670,wwn-0x5000cca244c94a41,wwn-0x5000cca24ceb8bb4,wwn-0x500003983bd01315,wwn-0x500003983bd812b2,wwn-0x5000cca25cc09d0c,wwn-0x5000c500921dd6b6}
- fileSystems."/storage" =
+ fileSystems."/storage" =
{ device = "root";
fsType = "zfs";
};
- swapDevices = [ {
- device = "/var/swapfile";
- size = 8192; # megabytes
- randomEncryption = true;
- } ];
-
+ swapDevices =
+ [ { device = "/dev/disk/by-uuid/45eb994e-0d1b-4903-9412-920f0ba017c9"; }
+ ];
nix.maxJobs = lib.mkDefault 24;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
diff --git a/morph/grid/production/storage002-config.nix b/morph/grid/production/storage002-config.nix
old mode 100644
new mode 100755
index d74a99ec1824d798564cd4c469684af1dcf989d4..270160fd5a279bed88b85eb1a6933c14075c17ef
--- a/morph/grid/production/storage002-config.nix
+++ b/morph/grid/production/storage002-config.nix
@@ -1,8 +1,14 @@
+#Servermania
{ "hostId" = "00000002";
"interface" = "eno1";
- "publicIPv4" = "37.120.214.110";
- "prefixLength" = 30;
- "gateway" = "37.120.214.109";
+ "publicIPv4" = "104.144.74.50";
+ "prefixLength" = 29;
+ "gateway" = "104.144.74.49";
"gatewayInterface" = "eno1";
- "grubDeviceID" = "wwn-0x5000cca25dccb3dc";
+ "grubDeviceID" = "nodev"; #nodev if we want to use efi (double check)
+ #"canTouchEfiVariables" = false;
+ "efiSupport" = true;
+ #"efiInstallAsRemovable" = true;
+ "fsIdentifier" = "label";
+ "systemd-boot" = false;
}
diff --git a/morph/grid/production/storage002-hardware.nix b/morph/grid/production/storage002-hardware.nix
old mode 100644
new mode 100755
index 2f354ad29930f048f7eb20b54a1504ed87db85a1..c011e02f86e5da2e0f17c356e4e7507f6af97376
--- a/morph/grid/production/storage002-hardware.nix
+++ b/morph/grid/production/storage002-hardware.nix
@@ -15,7 +15,7 @@
boot.kernel.sysctl = { "vm.swappiness" = 0; };
fileSystems."/" =
- { device = "/dev/disk/by-uuid/0e92ada9-effb-42e2-a26a-9cdb529bcdc7";
+ { device = "/dev/disk/by-uuid/c8d29070-c5d3-4cfb-9bb2-c14d3727c45b";
fsType = "ext4";
};
@@ -27,15 +27,13 @@
};
fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/50b73d78-12cd-4599-a774-57af14e6d9f7";
- fsType = "ext4";
+ { device = "/dev/disk/by-uuid/3648-C8F5";
+ fsType = "vfat";
};
- swapDevices = [ {
- device = "/var/swapfile";
- size = 8192; # megabytes
- randomEncryption = true;
- } ];
+ swapDevices =
+ [ { device = "/dev/disk/by-uuid/51e0652f-46c9-4150-95a1-223f37154d4f"; }
+ ];
nix.maxJobs = lib.mkDefault 24;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
diff --git a/morph/grid/production/storage003-config.nix b/morph/grid/production/storage003-config.nix
old mode 100644
new mode 100755
index 5b3f5adf969317322b2c39014e6500294b5f3c02..6abce610529bbac5ff022f7950c1fcfae1060beb
--- a/morph/grid/production/storage003-config.nix
+++ b/morph/grid/production/storage003-config.nix
@@ -1,8 +1,11 @@
-{ "hostId" = "00000003";
- "interface" = "eno1";
- "publicIPv4" = "45.83.89.186";
- "prefixLength" = 30;
- "gateway" = "45.83.89.185";
- "gatewayInterface" = "eno1";
- "grubDeviceID" = "wwn-0x5000039a8bc00766";
+#OVH
+{ "hostId" = "00000001";
+ "interface" = "eno3";
+ "publicIPv4" = "151.80.28.108";
+ "prefixLength" = 24;
+ "gateway" = "151.80.28.254";
+ "gatewayInterface" = "eno3";
+ "grubDeviceID" = "nodev";
+ #"grubDeviceID" = "nvme-eui.e8238fa6bf530001001b448b463b77bf";
+ "systemd-boot" = true;
}
diff --git a/morph/grid/production/storage003-hardware.nix b/morph/grid/production/storage003-hardware.nix
old mode 100644
new mode 100755
index d8ffe5d59fb39ba4a9c6b1b73313f199a2ed980b..3ff5509088b942ad99fe7997db835ba9b96427f2
--- a/morph/grid/production/storage003-hardware.nix
+++ b/morph/grid/production/storage003-hardware.nix
@@ -16,13 +16,13 @@
boot.kernel.sysctl = { "vm.swappiness" = 0; };
fileSystems."/" =
- { device = "/dev/disk/by-uuid/240fc1f6-cd55-48a3-ac80-5b3550a32ef5";
+ { device = "/dev/disk/by-uuid/56a050e2-daee-40e2-becb-17d1f7908ceb";
fsType = "ext4";
};
fileSystems."/boot" =
- { device = "/dev/disk/by-label/boot";
- fsType = "ext4";
+ { device = "/dev/disk/by-uuid/B89B-F110";
+ fsType = "vfat";
};
# Manually created using:
@@ -32,11 +32,9 @@
fsType = "zfs";
};
- swapDevices = [ {
- device = "/var/swapfile";
- size = 8192; # megabytes
- randomEncryption = true;
- } ];
+ swapDevices =
+ [ { device = "/dev/disk/by-uuid/e47cfddc-485c-46fb-9004-c9b8619b81ff"; }
+ ];
nix.maxJobs = lib.mkDefault 24;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
diff --git a/morph/grid/production/storage004-config.nix b/morph/grid/production/storage004-config.nix
deleted file mode 100644
index 8201391c433281092044a284fb5c15a9933929cb..0000000000000000000000000000000000000000
--- a/morph/grid/production/storage004-config.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{ "hostId" = "00000004";
- "interface" = "eno1";
- "publicIPv4" = "87.101.93.198";
- "prefixLength" = 30;
- "gateway" = "87.101.93.197";
- "gatewayInterface" = "eno1";
- "grubDeviceID" = "wwn-0x5000cca249d45533";
-}
diff --git a/morph/grid/production/storage004-hardware.nix b/morph/grid/production/storage004-hardware.nix
deleted file mode 100644
index 1fe78a76e813605d8e181d5a858062f77114ba38..0000000000000000000000000000000000000000
--- a/morph/grid/production/storage004-hardware.nix
+++ /dev/null
@@ -1,37 +0,0 @@
-# Do not modify this file! It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations. Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, ... }:
-
-{
- imports =
- [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
-
- boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "ehci_pci" "megaraid_sas" "usbhid" "sd_mod" ];
- boot.initrd.kernelModules = [ ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
- boot.kernel.sysctl = { "vm.swappiness" = 0; };
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/d628122e-05d9-4212-b6a5-4b9516d85dbe";
- fsType = "ext4";
- };
-
- # Manually created using:
- # zpool create -f -m legacy -o ashift=12 root raidz /dev/disk/by-id/{wwn-0x5000cca25cc0b6f9,wwn-0x5000cca25cc073af,wwn-0x5000cca25dcca3b5,wwn-0x5000cca25cc0addc,wwn-0x5000cca25cc08772,wwn-0x5000cca25dcc6f5f,wwn-0x5000cca25dcc4491}
- fileSystems."/storage" =
- { device = "root";
- fsType = "zfs";
- };
-
- swapDevices = [ {
- device = "/var/swapfile";
- size = 8192; # megabytes
- randomEncryption = true;
- } ];
-
- nix.maxJobs = lib.mkDefault 32;
- powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-}
diff --git a/morph/grid/production/storage005-config.nix b/morph/grid/production/storage005-config.nix
deleted file mode 100644
index 42ac495af0064b52acdd0cbd287d84aba1f0bd0c..0000000000000000000000000000000000000000
--- a/morph/grid/production/storage005-config.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{ "hostId" = "00000005";
- "interface" = "eno1";
- "publicIPv4" = "193.148.18.206";
- "prefixLength" = 30;
- "gateway" = "193.148.18.205";
- "gatewayInterface" = "eno1";
- "grubDeviceID" = "wwn-0x5000cca25dcc78b5";
-}
diff --git a/morph/grid/production/storage005-hardware.nix b/morph/grid/production/storage005-hardware.nix
deleted file mode 100644
index e8f7b6391b4cb1c8d3e6059c1fd09512a0cc370b..0000000000000000000000000000000000000000
--- a/morph/grid/production/storage005-hardware.nix
+++ /dev/null
@@ -1,42 +0,0 @@
-# Do not modify this file! It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations. Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, ... }:
-
-{
- imports =
- [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
-
- boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "ehci_pci" "megaraid_sas" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
- boot.initrd.kernelModules = [ ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
- boot.kernel.sysctl = { "vm.swappiness" = 0; };
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/2653c6bb-396f-4911-b9ff-b68de8f9715d";
- fsType = "ext4";
- };
-
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/68edb827-6750-483d-891e-462333f2dbc1";
- fsType = "ext4";
- };
-
- # Manually created using:
- # zpool create -m legacy -o ashift=12 root raidz /dev/disk/by-id/{wwn-0x5000cca25dcc7721,wwn-0x5000cca25dcb2ebe,wwn-0x5000cca25dcb1184,scsi-35000cca25dcca2bd,wwn-0x5000cca244c977af,wwn-0x5000cca244c97e6e,wwn-0x5000cca25cc0a136}
- fileSystems."/storage" = {
- device = "root";
- fsType = "zfs";
- };
-
- swapDevices = [ {
- device = "/var/swapfile";
- size = 8192; # megabytes
- randomEncryption = true;
- } ];
-
- nix.maxJobs = lib.mkDefault 32;
- powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-}
diff --git a/morph/lib/default.nix b/morph/lib/default.nix
old mode 100644
new mode 100755
index c99c19a57e45a27e585830a8dfff95fa3d9d2efb..6b91aab9cb4cdd4a632745b0c09c13b3dca062c9
--- a/morph/lib/default.nix
+++ b/morph/lib/default.nix
@@ -6,6 +6,8 @@
hardware-aws = import ./issuer-aws.nix;
hardware-vagrant = import ./hardware-vagrant.nix;
+ hardware-monitoring-ovh = import ./issuer-monitoring-ovh.nix;
+ hardware-payments-ovh = import ./issuer-payments-ovh.nix;
issuer = import ./issuer.nix;
storage = import ./storage.nix;
diff --git a/morph/lib/issuer-monitoring-ovh.nix b/morph/lib/issuer-monitoring-ovh.nix
new file mode 100755
index 0000000000000000000000000000000000000000..51a51afdfa913744a0bbe9116e6ed3c8786250a3
--- /dev/null
+++ b/morph/lib/issuer-monitoring-ovh.nix
@@ -0,0 +1,40 @@
+{ modulesPath, name, lib, ... }: {
+
+ imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+ boot.loader.grub.device = "/dev/sda";
+ boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ];
+ boot.initrd.kernelModules = [ "nvme" ];
+ fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
+
+
+
+ swapDevices = [ {
+ device = "/var/swapfile";
+ size = 4096; # megabytes
+ randomEncryption = true;
+ } ];
+
+ # Break the tie between AWS and morph for the hostname by forcing the
+ # morph-supplied name. See also
+ # <https://github.com/DBCDK/morph/issues/146>.
+ networking.hostName = name;
+
+ # Mount a dedicated filesystem (ideally on a dedicated volume, but that's
+ # beyond control of this particular part of the system) for the
+ # PaymentServer voucher database. This makes it easier to manage for
+ # tasks like backup/recovery and encryption.
+ services.private-storage-issuer.databaseFileSystem = {
+ label = "zkapissuer-data";
+ };
+
+ # Clean up packages after a while
+ nix.gc = {
+ automatic = true;
+ dates = "weekly";
+ options = "--delete-older-than 30d";
+ };
+
+ # Turn on automatic optimization of nix store
+ # https://nixos.wiki/wiki/Storage_optimization
+ nix.autoOptimiseStore = true;
+}
diff --git a/morph/lib/issuer-payments-ovh.nix b/morph/lib/issuer-payments-ovh.nix
new file mode 100755
index 0000000000000000000000000000000000000000..73c606f62d3a81184ffd8469ed5b7733fa03c525
--- /dev/null
+++ b/morph/lib/issuer-payments-ovh.nix
@@ -0,0 +1,36 @@
+{ modulesPath, name, lib, ... }: {
+
+ imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+ boot.loader.grub.device = "/dev/sda";
+ fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
+
+ swapDevices = [ {
+ device = "/var/swapfile";
+ size = 4096; # megabytes
+ randomEncryption = true;
+ } ];
+
+ # Break the tie between AWS and morph for the hostname by forcing the
+ # morph-supplied name. See also
+ # <https://github.com/DBCDK/morph/issues/146>.
+ networking.hostName = name;
+
+ # Mount a dedicated filesystem (ideally on a dedicated volume, but that's
+ # beyond control of this particular part of the system) for the
+ # PaymentServer voucher database. This makes it easier to manage for
+ # tasks like backup/recovery and encryption.
+ services.private-storage-issuer.databaseFileSystem = {
+ label = "zkapissuer-data";
+ };
+
+ # Clean up packages after a while
+ nix.gc = {
+ automatic = true;
+ dates = "weekly";
+ options = "--delete-older-than 30d";
+ };
+
+ # Turn on automatic optimization of nix store
+ # https://nixos.wiki/wiki/Storage_optimization
+ nix.autoOptimiseStore = true;
+}
diff --git a/morph/lib/storage.nix b/morph/lib/storage.nix
old mode 100644
new mode 100755
index 1fd8c26ce3db81ae405025d97abe6068ce2a6903..6555fad503da84ee3154164a17e617751b937b1b
--- a/morph/lib/storage.nix
+++ b/morph/lib/storage.nix
@@ -47,7 +47,7 @@ in {
services.private-storage.monitoring.exporters.node.enable = true;
services.private-storage.monitoring.exporters.tahoe.enable = true;
- services.private-storage.borgbackup.enable = true;
+ services.private-storage.borgbackup.enable = false;
# Turn on the Private Storage (Tahoe-LAFS) service.
services.private-storage = {
diff --git a/nixos/modules/100tb.nix b/nixos/modules/100tb.nix
old mode 100644
new mode 100755
index 87554ef316b3c25076260d0f43aa8008941580e2..ef57324c9d7255dfc8d08cd20f7653f0470070cd
--- a/nixos/modules/100tb.nix
+++ b/nixos/modules/100tb.nix
@@ -69,6 +69,32 @@ let
example = "wwn-0x5000c500936410b9";
description = "The ID of the disk on which to install grub.";
};
+ fsIdentifier = lib.mkOption
+ { type = lib.types.str;
+ example = "nixos";
+ description = "Determines how GRUB will identify devices when generating the configuration file";
+ };
+ efiInstallAsRemovable = lib.mkOption
+ { type = lib.types.bool;
+ example = false;
+ description = "Whether to invoke grub-install with --removable";
+ };
+ efiSupport = lib.mkOption
+ { type = lib.types.bool;
+ example = false;
+ description = "Whether GRUB should be built with EFI support. EFI support is only available for GRUB v2.";
+ };
+ canTouchEfiVariables = lib.mkOption
+ { type = lib.types.bool;
+ example = false;
+ description = "Fill later";
+ };
+ systemd-boot = lib.mkOption
+ { type = lib.types.bool;
+ example = false;
+ description = "Fill later";
+ };
+
};
in {
# Here we actually define the module's options. They're what we said they
@@ -103,8 +129,8 @@ in {
config =
{ boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
- boot.loader.grub.device = "/dev/disk/by-id/${cfg.grubDeviceID}";
-
+ boot.loader.grub.device = if cfg.grubDeviceID == "nodev" then "nodev" else "/dev/disk/by-id/${cfg.grubDeviceID}";
+ boot.loader.systemd-boot.enable = if cfg.systemd-boot == "" then false else cfg.systemd-boot;
boot.loader.timeout = 10;
networking.firewall.enable = false;
diff --git a/tools/get-vpn-config.nix b/tools/get-vpn-config.nix
old mode 100644
new mode 100755
index 11fb9ba349ad329d8fe27746d1b8eeb411332120..2e94e8df6b86b37932f7f0fad688612c52abc77e
--- a/tools/get-vpn-config.nix
+++ b/tools/get-vpn-config.nix
@@ -15,3 +15,4 @@ in rec
serverIP = vpnIP grid.monitoring;
clientIPs = builtins.filter (x: x != serverIP && x != null) (map vpnIP (builtins.attrValues grid));
}
+