diff --git a/morph/grid/local/grid.nix b/morph/grid/local/grid.nix
index c7897997f574f1711057d64d71c376abb4478bde..0e10a533b91d2c526ceefeccc71f99726681db2a 100644
--- a/morph/grid/local/grid.nix
+++ b/morph/grid/local/grid.nix
@@ -47,8 +47,8 @@ let
gridlib.monitoring
(import ./virtual-hardware.nix ({ inherit publicIPv4; }))
(gridlib.customize-monitoring {
- inherit hostsMap publicIPv4 vpnClientIPs nodeExporterTargets;
- inherit (config) monitoringvpnKeyDir;
+ inherit hostsMap vpnClientIPs nodeExporterTargets;
+ inherit (config) domain monitoringvpnKeyDir;
monitoringvpnIPv4 = "172.23.23.1";
stateVersion = "19.09";
})
diff --git a/morph/grid/production/grid.nix b/morph/grid/production/grid.nix
index 7a8e29bb58da584d07660663912a1c993146787b..ae51174b4f15a72ca0c1d1798b067ecb1db64bb3 100644
--- a/morph/grid/production/grid.nix
+++ b/morph/grid/production/grid.nix
@@ -21,25 +21,29 @@ let
];
};
- monitoring = let publicIPv4 = "monitoring.private.storage"; in {
+ monitoring = {
imports = [
gridlib.monitoring
gridlib.hardware-aws
(gridlib.customize-monitoring {
- inherit hostsMap publicIPv4 vpnClientIPs nodeExporterTargets;
- inherit (config) monitoringvpnKeyDir;
+ inherit hostsMap vpnClientIPs nodeExporterTargets;
+ inherit (config) domain monitoringvpnKeyDir;
monitoringvpnIPv4 = "172.23.23.1";
stateVersion = "19.09";
})
];
};
- defineStorageNode = name: { vpnIP, stateVersion }: let nodecfg = import "${./.}/${name}-config.nix"; in {
+ defineStorageNode = name: { vpnIP, stateVersion }:
+ let
+ nodecfg = import "${./.}/${name}-config.nix";
+ hardware ="${./.}/${name}-hardware.nix";
+ in {
imports = [
# Get some of the very lowest-level system configuration for this
# node. This isn't all *completely* hardware related. Maybe some
# more factoring is in order, someday.
- "${./.}/${name}-hardware.nix"
+ hardware
# Slightly awkwardly, enable some of our hardware / network / bootloader options.
../../../nixos/modules/100tb.nix
@@ -102,7 +106,6 @@ in {
network = {
description = "PrivateStorage.io Production Grid";
};
-
- "payments.privatestorage.io" = payments;
+ inherit payments;
inherit monitoring;
} // storageNodes
diff --git a/morph/grid/testing/grid.nix b/morph/grid/testing/grid.nix
index 67ba83039791d066067e619f29807ee64b891c62..c8f0e84a06e364791eae09d8dd42d93ba5bc6aa0 100644
--- a/morph/grid/testing/grid.nix
+++ b/morph/grid/testing/grid.nix
@@ -32,13 +32,13 @@ let
];
};
- monitoring = let publicIPv4 = "18.156.171.217"; in {
+ monitoring = {
imports = [
gridlib.monitoring
gridlib.hardware-aws
(gridlib.customize-monitoring {
- inherit hostsMap publicIPv4 vpnClientIPs nodeExporterTargets;
- inherit (config) monitoringvpnKeyDir;
+ inherit hostsMap vpnClientIPs nodeExporterTargets;
+ inherit (config) domain monitoringvpnKeyDir;
monitoringvpnIPv4 = "172.23.23.1";
stateVersion = "19.09";
})
@@ -58,5 +58,7 @@ in {
network = {
description = "PrivateStorage.io Testing Grid";
};
- inherit payments monitoring storage001;
+ "payments.${config.domain}" = payments;
+ "monitoring.${config.domain}" = monitoring;
+ "storage001.${config.domain}" = storage001;
}
diff --git a/morph/lib/customize-issuer.nix b/morph/lib/customize-issuer.nix
index 7c8356a210cf5f3193efe2272c92d640e7158988..2a8faa5fe8a83a39207aedca313e42a17f702163 100644
--- a/morph/lib/customize-issuer.nix
+++ b/morph/lib/customize-issuer.nix
@@ -3,12 +3,22 @@
, monitoringvpnKeyDir
, monitoringvpnEndpoint
, monitoringvpnIPv4
+, domain
, sshUsers
, letsEncryptAdminEmail
, issuerDomains
, allowedChargeOrigins
, ...
-}: {
+}:
+{ config, ... }: {
+ # The morph default deployment target the name of the node in the network
+ # attrset. We don't always want to give the node its proper public address
+ # there (because it depends on which domain is associated with the grid
+ # being configured and using variable names complicates a lot of things).
+ # Instead, just tell morph how to reach the node here - by using its fully
+ # qualified domain name.
+ deployment.targetHost = "${config.networking.hostName}.${config.networking.domain}";
+
deployment.secrets = {
"ristretto-signing-key".source = ristrettoSigningKeyPath;
"stripe-secret-key".source = stripeSecretKeyPath;
@@ -16,6 +26,8 @@
"monitoringvpn-preshared-key".source = "${monitoringvpnKeyDir}/preshared.key";
};
+ networking.domain = domain;
+
services.private-storage.sshUsers = sshUsers;
services.private-storage.monitoring.vpn.client = {
enable = true;
diff --git a/morph/lib/customize-monitoring.nix b/morph/lib/customize-monitoring.nix
index c81a765f2a9cd1465d062cd64d4955cdfcc743eb..208f5048efe5645d59f148fcf5967f5e3ea69935 100644
--- a/morph/lib/customize-monitoring.nix
+++ b/morph/lib/customize-monitoring.nix
@@ -1,18 +1,23 @@
{ hostsMap
+, domain
, monitoringvpnKeyDir
-, publicIPv4
, monitoringvpnIPv4
, vpnClientIPs
, nodeExporterTargets
, nginxExporterTargets ? []
, stateVersion
, ...
-}: {
- deployment.targetHost = publicIPv4;
+}:
+{ config, ... }: {
+ # See customize-issuer.nix for an explanatoin of targetHost value.
+ deployment.targetHost = "${config.networking.hostName}.${config.networking.domain}";
+
deployment.secrets = {
"monitoringvpn-private-key".source = "${monitoringvpnKeyDir}/server.key";
"monitoringvpn-preshared-key".source = "${monitoringvpnKeyDir}/preshared.key";
};
+
+ networking.domain = domain;
networking.hosts = hostsMap;
services.private-storage.monitoring.vpn.server = {
diff --git a/morph/lib/customize-storage.nix b/morph/lib/customize-storage.nix
index 6a5766a3d27d8bc4a820bb02ab7141f9995f84a6..3a9c8f6b9988999c194afc2fa253d83e1eb0b76a 100644
--- a/morph/lib/customize-storage.nix
+++ b/morph/lib/customize-storage.nix
@@ -8,7 +8,11 @@
, monitoringvpnIPv4
, stateVersion
, ...
-}: {
+}:
+{ config, ... }: {
+ # See customize-issuer.nix for an explanatoin of targetHost value.
+ deployment.targetHost = "${config.networking.hostName}.${config.networking.domain}";
+
deployment.secrets = {
"ristretto-signing-key".source = ristrettoSigningKeyPath;
"monitoringvpn-secret-key".source = "${monitoringvpnKeyDir}/${monitoringvpnIPv4}.key";