Skip to content
Snippets Groups Projects
Select Git revision
  • restricted-sqlite-strategies
  • compare-structured-sql-dumps
  • main default protected
  • 235.backup-and-recovery.recovery
  • mypy
  • real-spender
  • github/fork/tp-la/real-spender
  • 260.metric-rejected-zkaps
  • implicit-lease-renewal-problems
  • mach-nix
  • github/fork/tp-la/deep-traverse
  • v0.0
12 results

schema.py

Blame
    • make-testing.nix NaN GiB
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37 
    

    

    

    { publicIPv4, hardware, publicStoragePort, ristrettoSigningKeyPath, passValue, sshUsers, stateVersion, ... }: rec {

  deployment = {
    targetHost = publicIPv4;

    secrets = {
      "ristretto-signing-key" = {
        source = ristrettoSigningKeyPath;
        destination = "/run/keys/ristretto.signing-key";
        owner.user = "root";
        owner.group = "root";
        permissions = "0400";
        # Service name here matches the name defined by our tahoe-lafs nixos
        # module.  It would be nice to not have to hard-code it here.  Can we
        # extract it from the tahoe-lafs nixos module somehow?
        action = ["sudo" "systemctl" "restart" "tahoe.storage.service"];
      };
    };
  };

  imports = [
    hardware
    ../../nixos/modules/private-storage.nix
  ];

  services.private-storage =
  { enable = true;
    inherit publicIPv4;
    inherit publicStoragePort;
    ristrettoSigningKeyPath = deployment.secrets.ristretto-signing-key.destination;
    inherit passValue;
    inherit sshUsers;
  };

  system.stateVersion = stateVersion;
}