fc-ceph.conf: refactor to enable it on non-ceph client hosts for fc-luks

flyingcircusio · Aug 22, 2024 · eee1ace · eee1ace
1 parent 241ad12
commit eee1ace
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 18 deletions.
diff --git a/nixos/platform/full-disk-encryption.nix b/nixos/platform/full-disk-encryption.nix
@@ -29,8 +29,7 @@ let
 
       exit 0
     '';
-  cephPkgs = fclib.ceph.mkPkgs "nautilus";  # FIXME: just a workaround
-  check_luks_cmd = "${cephPkgs.fc-ceph}/bin/fc-luks check";
+  check_luks_cmd = "${config.flyingcircus.services.ceph.fc-ceph.package}/bin/fc-luks check";
 in
 {
 
@@ -49,14 +48,17 @@ in
   };
 
   config = lib.mkIf (config.flyingcircus.infrastructureModule == "flyingcircus-physical" ||
+    # TODO: When merging nixos-hardware with our regular VM branch, we need to refine this
+    # to avoid that all regular VM tests (e.g. PHP) get fc-luks cruft added.
     config.flyingcircus.infrastructureModule == "testing"
     )
   {
-      environment.systemPackages = with pkgs; [
-        cryptsetup
-        # FIXME: isolate fc-luks tooling into separate package
-        cephPkgs.fc-ceph
-      ];
+    environment.systemPackages = with pkgs; [
+      cryptsetup
+    ];
+
+    # FIXME: isolate fc-luks tooling into separate package
+    flyingcircus.services.ceph.fc-ceph.enable = true;
 
       flyingcircus.services.sensu-client.checks = {
         keystickMounted = {

diff --git a/nixos/services/ceph/client.nix b/nixos/services/ceph/client.nix
@@ -114,11 +114,15 @@ in
       };
 
       fc-ceph = {
+        enable = lib.mkEnableOption "enable fc-ceph command and supporting infrastracture (also contains fc-luks)";
         settings = lib.mkOption {
           type = with lib.types; attrsOf (attrsOf (oneOf [ bool int str package ]));
-          default = { };
           description = "Configuration for the fc-ceph utility, will be turned into the contents of /etc/ceph/fc-ceph.conf";
         };
+        package = lib.mkOption {
+          type = lib.types.package;
+          default = cephPkgs.fc-ceph;
+        };
       };
 
       client = {
@@ -152,7 +156,8 @@ in
     };
   };
 
-  config = lib.mkIf cfg.client.enable {
+  config = lib.mkMerge [
+    (lib.mkIf cfg.client.enable {
 
     assertions = [
       {
@@ -161,14 +166,7 @@ in
       }
     ];
 
-    # config file to be read by fc-ceph
-    environment.etc."ceph/fc-ceph.conf".text = lib.generators.toINI { } cfg.fc-ceph.settings;
 
-    # build a default binary path for fc-ceph
-    flyingcircus.services.ceph.fc-ceph.settings.default = {
-      release = cfg.client.cephRelease;
-      path = cephPkgs.fc-ceph-path;
-    };
     environment.systemPackages = [ cfg.client.package ];
 
     boot.kernelModules = [ "rbd" ];
@@ -220,6 +218,22 @@ in
       }
     '';
 
-  };
+  })
+  # fc-ceph can be enabled separately from the whole ceph (client)
+  # infrastructure, as it contains `fc-luks` for now which might be required on
+  # non-ceph hosts.
+  (lib.mkIf cfg.fc-ceph.enable {
+
+    # config file to be read by fc-ceph
+    environment.etc."ceph/fc-ceph.conf".text = lib.generators.toINI { } cfg.fc-ceph.settings;
+
+    # build a default binary path for fc-ceph
+    flyingcircus.services.ceph.fc-ceph.settings.default = {
+      release = cfg.client.cephRelease;
+      path = cephPkgs.fc-ceph-path;
+    };
+    environment.systemPackages = [ cfg.fc-ceph.package ];
+
+  })];
 
 }
diff --git a/nixos/services/ceph/server.nix b/nixos/services/ceph/server.nix
@@ -107,8 +107,11 @@ in
       }
     ];
 
+    flyingcircus.services.ceph.fc-ceph = {
+      enable = true;
+      package = cephPkgs.fc-ceph;
+    };
     environment.systemPackages = with pkgs; [
-      cephPkgs.fc-ceph
       fc.blockdev
 
       # tools like radosgw-admin and crushtool are only included in the full ceph package, but are necessary admin tools