diff --git a/arion.nix b/arion.nix index 7c079a663cc41b010fcfbd569de238ee57ac3d5b..44ada78e6686fa549bd099124b394ec809e435d3 100644 --- a/arion.nix +++ b/arion.nix @@ -1,20 +1,23 @@ -{ pkgs ? import ./nixpkgs-2105.nix {} -, configuration ? ./morph/grid/local/configuration.nix +{ self ? ./. +, pkgs ? import ./nixpkgs-2105.nix {} +, lib ? pkgs.lib , includeStorePaths ? false -}: -let - inherit (pkgs) lib; - nixpkgs = import <nixpkgs> {}; - local-grid = "${./.}/morph/grid/local"; - arion-src = nixpkgs.fetchFromGitHub { +, ourpkgs ? import ./nixpkgs-ps.nix {} +, arion-src ? pkgs.fetchFromGitHub { owner = "tp-la"; repo = "arion"; rev = "hack"; sha256 = "0wv4wbzzd926qm81h78v10wyhiaayx2jggpb1ijzk118a543sz84"; - }; + } +}: rec { + inherit pkgs lib ourpkgs arion-src; + local-grid = "${self}/morph/grid/local"; arion-eval = args@{...}: import "${arion-src}/src/nix/eval-composition.nix" ({ inherit pkgs; } // args); arion = arion-eval { - modules = [ "${local-grid}/arion-compose.nix" ]; + modules = [ + "${local-grid}/arion-compose.nix" + { config._module.args = { inherit ourpkgs; } ; } + ]; }; systems = pkgs.runCommand "systems" { preferLocalBuild = true; allowSubstitutes = false; } @@ -53,5 +56,4 @@ let morph-output = morph.machines { argsFile = pkgs.writeText "" (builtins.toJSON { Names = lib.attrNames morph.nodes; }); }; -in - {inherit pkgs arion local-grid bundle arion-eval arion-src docker-yaml package pause systems morph morph-output;} +} diff --git a/morph/grid/local/arion-compose.nix b/morph/grid/local/arion-compose.nix index 9d56530b440f9628c7802472219518654af3ac65..3b17e403265110a14761a2b27f0cfd6fe4702f1b 100644 --- a/morph/grid/local/arion-compose.nix +++ b/morph/grid/local/arion-compose.nix @@ -1,4 +1,4 @@ -{lib, ...}: +{lib, ourpkgs, ...}: let gridlib = import ../../lib; @@ -14,12 +14,14 @@ let # Configure deployment management authorization for all systems in the grid. grid-config = { + _module.args = { inherit ourpkgs; }; + imports = [ gridlib.base ]; services.private-storage.deployment = { authorizedKey = builtins.readFile "${config.publicKeyPath}/deploy_key.pub"; gridName = "local"; }; services.private-storage.sshUsers = config.sshUsers; - deployment = { + grid = { inherit (config) publicKeyPath privateKeyPath; }; }; @@ -78,7 +80,7 @@ in environment.etc = { "secrets/payments-localdev-ssl" = { mode = "direct-symlink"; - source = "${config.deployment.privateKeyPath}/payments-localdev-ssl"; + source = "${config.grid.privateKeyPath}/payments-localdev-ssl"; }; "stripe/config.toml" = let toml = pkgs.formats.toml {}; diff --git a/morph/grid/local/grid.nix b/morph/grid/local/grid.nix index 0bb378d454871f3f5d14fce9abd75852e4716815..a91d63bfd27de548f96aba31fd8f1184a8028312 100644 --- a/morph/grid/local/grid.nix +++ b/morph/grid/local/grid.nix @@ -87,6 +87,7 @@ let in { network = { description = "PrivateStorage.io LocalDev Grid"; + inherit pkgs; }; inherit payments monitoring storage1 storage2; } diff --git a/morph/grid/production/grid.nix b/morph/grid/production/grid.nix index 7d43a0ce2c59bbb6ddee005aba9393836d2329c1..7da2ea4ea72d7b5525a7ce2c4ed46dfb97b72c35 100644 --- a/morph/grid/production/grid.nix +++ b/morph/grid/production/grid.nix @@ -105,6 +105,7 @@ let in { network = { description = "PrivateStorage.io Production Grid"; + inherit pkgs; }; inherit payments; inherit monitoring; diff --git a/morph/grid/testing/grid.nix b/morph/grid/testing/grid.nix index 5eeb43938c5c2df5a30df3d605fec26090dc4e0c..7a810435c71d499eb433de69de3cf819a074d4cb 100644 --- a/morph/grid/testing/grid.nix +++ b/morph/grid/testing/grid.nix @@ -72,6 +72,7 @@ let in { network = { description = "PrivateStorage.io Testing Grid"; + inherit pkgs; }; inherit payments monitoring storage001; } diff --git a/nixos/modules/issuer.nix b/nixos/modules/issuer.nix index 3a8d05bfb8afbaad63fac0ee52f0bdf3d3cbb956..344249a43a11668c4c49d04dba5f7512db8526a9 100644 --- a/nixos/modules/issuer.nix +++ b/nixos/modules/issuer.nix @@ -1,9 +1,9 @@ # A NixOS module which can run a Ristretto-based issuer for PrivateStorage # ZKAPs. -{ lib, pkgs, config, ... }: let +{ lib, pkgs, config, ... }@args: let cfg = config.services.private-storage-issuer; # Our own nixpkgs fork: - ourpkgs = import ../../nixpkgs-ps.nix {}; + ourpkgs = args.ourpkgs or import ../../nixpkgs-ps.nix {}; in { options = { services.private-storage-issuer.enable = lib.mkEnableOption "PrivateStorage ZKAP Issuer Service"; diff --git a/nixos/modules/private-storage.nix b/nixos/modules/private-storage.nix index d3bc9e61bb8a805d4432edf7d37d51a9501ecc1e..a483edb77a3a3c9a7916c0cba8731bc4fef20f9a 100644 --- a/nixos/modules/private-storage.nix +++ b/nixos/modules/private-storage.nix @@ -1,6 +1,6 @@ # A NixOS module which can instantiate a Tahoe-LAFS storage server in the # preferred configuration for the Private Storage grid. -{ pkgs, lib, config, ... }: +{ pkgs, lib, config, ... }@args: let # Grab the configuration for this module for convenient access below. cfg = config.services.private-storage; @@ -9,7 +9,7 @@ let tahoe-base = "/var/db/tahoe-lafs"; # Our own nixpkgs fork: - ourpkgs = import ../../nixpkgs-ps.nix {}; + ourpkgs = args.ourpkgs or import ../../nixpkgs-ps.nix {}; # The full path to the directory where the storage server will write # incident reports.