Set up the voucher-database fileSystem in just the right place

The hardware modules can now configure this fileSystem in a way appropriate for themselves and the issuer module can enable that configuration when it is enabled itself.

Set up the voucher-database fileSystem in just the right place
6deadb95 · Jean-Paul Calderone · b06aa0c9 · 6deadb95 · 6deadb95 · 6deadb95
Commit 6deadb95 authored 3 years ago by Jean-Paul Calderone
--- a/morph/lib/hardware-vagrant.nix
+++ b/morph/lib/hardware-vagrant.nix
@@ -37,12 +37,15 @@
    # (maybe it could?  but why bother?) we do a bind-mount here so there is a
    # configured value readable.  The database won't really have a dedicated
    # volume but it will sort of appear as if it does.
-    fileSystems."voucher-database" = {
+    services.private-storage-issuer.voucherFileSystem = {
      device = "/var/lib/origin-zkapissuer-vouchers";
-      mountPoint = "/var/lib/zkapissuer-vouchers";
      options = ["bind"];
    };
+
+    # XXX This should be handled by the storage module like voucher-database
+    # is handled by the issuer module.
    fileSystems."/storage" = { fsType = "tmpfs"; };
+
    fileSystems."/" =
      { device = "/dev/sda1";
        fsType = "ext4";

--- a/morph/lib/issuer-aws.nix
+++ b/morph/lib/issuer-aws.nix
@@ -18,15 +18,12 @@
  # <https://github.com/DBCDK/morph/issues/146>.
  networking.hostName = name;

-  fileSystems = {
-    # Mount a dedicated filesystem (ideally on a dedicated volume, but that's
-    # beyond control of this particular part of the system) for the
-    # PaymentServer voucher database.  This makes it easier to manage for
-    # tasks like backup/recovery and encryption.
-    "voucher-database" = {
-      label = "voucher-database";
-      mountPoint = "/var/lib/zkapissuer-vouchers";
-    };
+  # Mount a dedicated filesystem (ideally on a dedicated volume, but that's
+  # beyond control of this particular part of the system) for the
+  # PaymentServer voucher database.  This makes it easier to manage for
+  # tasks like backup/recovery and encryption.
+  services.private-storage-issuer.voucherFileSystem = {
+    label = "voucher-database";
  };

  # Clean up packages after a while

--- a/nixos/modules/issuer.nix
+++ b/nixos/modules/issuer.nix
@@ -81,6 +81,15 @@ in {
        The kind of voucher database to use.
      '';
    };
+    services.private-storage-issuer.voucherFileSystem = lib.mkOption {
+      # Logically, the type is the type of an entry in fileSystems - but we'll
+      # just let the type system enforce that when we pass the value on to
+      # fileSystems.
+      description = ''
+        Configuration for a filesystem to mount which will hold the voucher
+        database.
+      '';
+    };
    services.private-storage-issuer.databasePath = lib.mkOption {
      default = null;
      type = lib.types.str;
@@ -115,6 +124,17 @@ in {
      internalHttpPort = "1061";

    in lib.mkIf cfg.enable {
+    # Make sure the voucher database filesystem is mounted.
+    fileSystems = {
+      "voucher-database" = cfg.voucherFileSystem // {
+        # Note that this path coincides with the StateDirectory we configure
+        # the systemd service with and the database path we configure
+        # PaymentServer with.  It is probably possible to have less repetition
+        # and more value sharing here.
+        mountPoint = "/var/lib/zkapissuer-vouchers";
+      };
+    };
+
    # Add a systemd service to run PaymentServer.
    systemd.services.zkapissuer = {
      enable = true;