diff --git a/arion.nix b/arion.nix
index 7c079a663cc41b010fcfbd569de238ee57ac3d5b..44ada78e6686fa549bd099124b394ec809e435d3 100644
--- a/arion.nix
+++ b/arion.nix
@@ -1,20 +1,23 @@
-{ pkgs ? import ./nixpkgs-2105.nix {}
-, configuration ? ./morph/grid/local/configuration.nix
+{ self ? ./.
+, pkgs ? import ./nixpkgs-2105.nix {}
+, lib ? pkgs.lib
, includeStorePaths ? false
-}:
-let
- inherit (pkgs) lib;
- nixpkgs = import <nixpkgs> {};
- local-grid = "${./.}/morph/grid/local";
- arion-src = nixpkgs.fetchFromGitHub {
+, ourpkgs ? import ./nixpkgs-ps.nix {}
+, arion-src ? pkgs.fetchFromGitHub {
owner = "tp-la";
repo = "arion";
rev = "hack";
sha256 = "0wv4wbzzd926qm81h78v10wyhiaayx2jggpb1ijzk118a543sz84";
- };
+ }
+}: rec {
+ inherit pkgs lib ourpkgs arion-src;
+ local-grid = "${self}/morph/grid/local";
arion-eval = args@{...}: import "${arion-src}/src/nix/eval-composition.nix" ({ inherit pkgs; } // args);
arion = arion-eval {
- modules = [ "${local-grid}/arion-compose.nix" ];
+ modules = [
+ "${local-grid}/arion-compose.nix"
+ { config._module.args = { inherit ourpkgs; } ; }
+ ];
};
systems = pkgs.runCommand "systems"
{ preferLocalBuild = true; allowSubstitutes = false; }
@@ -53,5 +56,4 @@ let
morph-output = morph.machines {
argsFile = pkgs.writeText "" (builtins.toJSON { Names = lib.attrNames morph.nodes; });
};
-in
- {inherit pkgs arion local-grid bundle arion-eval arion-src docker-yaml package pause systems morph morph-output;}
+}
diff --git a/morph/grid/local/arion-compose.nix b/morph/grid/local/arion-compose.nix
index 9d56530b440f9628c7802472219518654af3ac65..3b17e403265110a14761a2b27f0cfd6fe4702f1b 100644
--- a/morph/grid/local/arion-compose.nix
+++ b/morph/grid/local/arion-compose.nix
@@ -1,4 +1,4 @@
-{lib, ...}:
+{lib, ourpkgs, ...}:
let
gridlib = import ../../lib;
@@ -14,12 +14,14 @@ let
# Configure deployment management authorization for all systems in the grid.
grid-config = {
+ _module.args = { inherit ourpkgs; };
+ imports = [ gridlib.base ];
services.private-storage.deployment = {
authorizedKey = builtins.readFile "${config.publicKeyPath}/deploy_key.pub";
gridName = "local";
};
services.private-storage.sshUsers = config.sshUsers;
- deployment = {
+ grid = {
inherit (config) publicKeyPath privateKeyPath;
};
};
@@ -78,7 +80,7 @@ in
environment.etc = {
"secrets/payments-localdev-ssl" = {
mode = "direct-symlink";
- source = "${config.deployment.privateKeyPath}/payments-localdev-ssl";
+ source = "${config.grid.privateKeyPath}/payments-localdev-ssl";
};
"stripe/config.toml" = let
toml = pkgs.formats.toml {};
diff --git a/morph/grid/local/grid.nix b/morph/grid/local/grid.nix
index 0bb378d454871f3f5d14fce9abd75852e4716815..a91d63bfd27de548f96aba31fd8f1184a8028312 100644
--- a/morph/grid/local/grid.nix
+++ b/morph/grid/local/grid.nix
@@ -87,6 +87,7 @@ let
in {
network = {
description = "PrivateStorage.io LocalDev Grid";
+ inherit pkgs;
};
inherit payments monitoring storage1 storage2;
}
diff --git a/morph/grid/production/grid.nix b/morph/grid/production/grid.nix
index 7d43a0ce2c59bbb6ddee005aba9393836d2329c1..7da2ea4ea72d7b5525a7ce2c4ed46dfb97b72c35 100644
--- a/morph/grid/production/grid.nix
+++ b/morph/grid/production/grid.nix
@@ -105,6 +105,7 @@ let
in {
network = {
description = "PrivateStorage.io Production Grid";
+ inherit pkgs;
};
inherit payments;
inherit monitoring;
diff --git a/morph/grid/testing/grid.nix b/morph/grid/testing/grid.nix
index 5eeb43938c5c2df5a30df3d605fec26090dc4e0c..7a810435c71d499eb433de69de3cf819a074d4cb 100644
--- a/morph/grid/testing/grid.nix
+++ b/morph/grid/testing/grid.nix
@@ -72,6 +72,7 @@ let
in {
network = {
description = "PrivateStorage.io Testing Grid";
+ inherit pkgs;
};
inherit payments monitoring storage001;
}
diff --git a/nixos/modules/issuer.nix b/nixos/modules/issuer.nix
index 3a8d05bfb8afbaad63fac0ee52f0bdf3d3cbb956..344249a43a11668c4c49d04dba5f7512db8526a9 100644
--- a/nixos/modules/issuer.nix
+++ b/nixos/modules/issuer.nix
@@ -1,9 +1,9 @@
# A NixOS module which can run a Ristretto-based issuer for PrivateStorage
# ZKAPs.
-{ lib, pkgs, config, ... }: let
+{ lib, pkgs, config, ... }@args: let
cfg = config.services.private-storage-issuer;
# Our own nixpkgs fork:
- ourpkgs = import ../../nixpkgs-ps.nix {};
+ ourpkgs = args.ourpkgs or import ../../nixpkgs-ps.nix {};
in {
options = {
services.private-storage-issuer.enable = lib.mkEnableOption "PrivateStorage ZKAP Issuer Service";
diff --git a/nixos/modules/private-storage.nix b/nixos/modules/private-storage.nix
index d3bc9e61bb8a805d4432edf7d37d51a9501ecc1e..a483edb77a3a3c9a7916c0cba8731bc4fef20f9a 100644
--- a/nixos/modules/private-storage.nix
+++ b/nixos/modules/private-storage.nix
@@ -1,6 +1,6 @@
# A NixOS module which can instantiate a Tahoe-LAFS storage server in the
# preferred configuration for the Private Storage grid.
-{ pkgs, lib, config, ... }:
+{ pkgs, lib, config, ... }@args:
let
# Grab the configuration for this module for convenient access below.
cfg = config.services.private-storage;
@@ -9,7 +9,7 @@ let
tahoe-base = "/var/db/tahoe-lafs";
# Our own nixpkgs fork:
- ourpkgs = import ../../nixpkgs-ps.nix {};
+ ourpkgs = args.ourpkgs or import ../../nixpkgs-ps.nix {};
# The full path to the directory where the storage server will write
# incident reports.