Skip to content
Snippets Groups Projects
Select Git revision
  • 520ea7c87d3b5d2a4d8360b3633786e7732258bd
  • develop default protected
  • dont-use-etc-hosts
  • sec
  • simplify-grafana
  • simple-docs-build
  • local-test-grid
  • no-morph-on-nodes
  • stuff
  • arion
10 results

docs.nix

Blame
  • Forked from PrivateStorage / PrivateStorageio
    Source project has a limited visibility.
    storage.nix 1.93 KiB
    # This contains all of the NixOS system configuration necessary to specify an
    # "storage"-type system.
    { lib, config, ...} :
    let
      inherit (config.grid) privateKeyPath;
    in {
      # Any extra NixOS modules to load on this server.
      imports = [
        ./monitoringvpn-client.nix
        ./borgbackup.nix
      ];
    
      options.grid.storage = {
        passValue = lib.mkOption {
          type = lib.types.int;
          description = ''
            An integer giving the value of a single pass in byte×months.
          '';
        };
    
        publicStoragePort = lib.mkOption {
          type = lib.types.port;
          description = ''
            An integer giving the port number to include in Tahoe storage service
            advertisements and on which to listen for storage connections.
          '';
        };
      };
    
      config = {
        deployment = {
          secrets = {
            "ristretto-signing-key" = {
              destination = "/run/keys/ristretto.signing-key";
              source = "${privateKeyPath}/ristretto.signing-key";
              owner.user = "root";
              owner.group = "root";
              permissions = "0400";
              # Service name here matches the name defined by our tahoe-lafs nixos
              # module.  It would be nice to not have to hard-code it here.  Can we
              # extract it from the tahoe-lafs nixos module somehow?
              action = ["sudo" "systemctl" "restart" "tahoe.storage.service"];
            };
          };
        };
    
        services.private-storage.monitoring.exporters.node.enable = true;
        services.private-storage.monitoring.exporters.tahoe.enable = true;
    
        services.private-storage.borgbackup.enable = lib.mkDefault true;
    
        # Turn on the Private Storage (Tahoe-LAFS) service.
        services.private-storage = {
          # Yep.  Turn it on.
          enable = true;
          # Give it the Ristretto signing key to support authorization.
          ristrettoSigningKeyPath = config.deployment.secrets.ristretto-signing-key.destination;
          inherit (config.grid.storage) passValue publicStoragePort;
        };
      };
    }