From 11720696b38886d92ff00b33fc99842f8b438585 Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Thu, 24 Jun 2021 09:24:45 -0400
Subject: [PATCH] Prefer the FQDN as the deployment target for all node types
---
morph/grid/local/grid.nix | 4 ++--
morph/grid/production/grid.nix | 17 ++++++++++-------
morph/grid/testing/grid.nix | 10 ++++++----
morph/lib/customize-issuer.nix | 14 +++++++++++++-
morph/lib/customize-monitoring.nix | 11 ++++++++---
morph/lib/customize-storage.nix | 6 +++++-
6 files changed, 44 insertions(+), 18 deletions(-)
diff --git a/morph/grid/local/grid.nix b/morph/grid/local/grid.nix
index c7897997..0e10a533 100644
--- a/morph/grid/local/grid.nix
+++ b/morph/grid/local/grid.nix
@@ -47,8 +47,8 @@ let
gridlib.monitoring
(import ./virtual-hardware.nix ({ inherit publicIPv4; }))
(gridlib.customize-monitoring {
- inherit hostsMap publicIPv4 vpnClientIPs nodeExporterTargets;
- inherit (config) monitoringvpnKeyDir;
+ inherit hostsMap vpnClientIPs nodeExporterTargets;
+ inherit (config) domain monitoringvpnKeyDir;
monitoringvpnIPv4 = "172.23.23.1";
stateVersion = "19.09";
})
diff --git a/morph/grid/production/grid.nix b/morph/grid/production/grid.nix
index 7a8e29bb..ae51174b 100644
--- a/morph/grid/production/grid.nix
+++ b/morph/grid/production/grid.nix
@@ -21,25 +21,29 @@ let
];
};
- monitoring = let publicIPv4 = "monitoring.private.storage"; in {
+ monitoring = {
imports = [
gridlib.monitoring
gridlib.hardware-aws
(gridlib.customize-monitoring {
- inherit hostsMap publicIPv4 vpnClientIPs nodeExporterTargets;
- inherit (config) monitoringvpnKeyDir;
+ inherit hostsMap vpnClientIPs nodeExporterTargets;
+ inherit (config) domain monitoringvpnKeyDir;
monitoringvpnIPv4 = "172.23.23.1";
stateVersion = "19.09";
})
];
};
- defineStorageNode = name: { vpnIP, stateVersion }: let nodecfg = import "${./.}/${name}-config.nix"; in {
+ defineStorageNode = name: { vpnIP, stateVersion }:
+ let
+ nodecfg = import "${./.}/${name}-config.nix";
+ hardware ="${./.}/${name}-hardware.nix";
+ in {
imports = [
# Get some of the very lowest-level system configuration for this
# node. This isn't all *completely* hardware related. Maybe some
# more factoring is in order, someday.
- "${./.}/${name}-hardware.nix"
+ hardware
# Slightly awkwardly, enable some of our hardware / network / bootloader options.
../../../nixos/modules/100tb.nix
@@ -102,7 +106,6 @@ in {
network = {
description = "PrivateStorage.io Production Grid";
};
-
- "payments.privatestorage.io" = payments;
+ inherit payments;
inherit monitoring;
} // storageNodes
diff --git a/morph/grid/testing/grid.nix b/morph/grid/testing/grid.nix
index 67ba8303..c8f0e84a 100644
--- a/morph/grid/testing/grid.nix
+++ b/morph/grid/testing/grid.nix
@@ -32,13 +32,13 @@ let
];
};
- monitoring = let publicIPv4 = "18.156.171.217"; in {
+ monitoring = {
imports = [
gridlib.monitoring
gridlib.hardware-aws
(gridlib.customize-monitoring {
- inherit hostsMap publicIPv4 vpnClientIPs nodeExporterTargets;
- inherit (config) monitoringvpnKeyDir;
+ inherit hostsMap vpnClientIPs nodeExporterTargets;
+ inherit (config) domain monitoringvpnKeyDir;
monitoringvpnIPv4 = "172.23.23.1";
stateVersion = "19.09";
})
@@ -58,5 +58,7 @@ in {
network = {
description = "PrivateStorage.io Testing Grid";
};
- inherit payments monitoring storage001;
+ "payments.${config.domain}" = payments;
+ "monitoring.${config.domain}" = monitoring;
+ "storage001.${config.domain}" = storage001;
}
diff --git a/morph/lib/customize-issuer.nix b/morph/lib/customize-issuer.nix
index 7c8356a2..2a8faa5f 100644
--- a/morph/lib/customize-issuer.nix
+++ b/morph/lib/customize-issuer.nix
@@ -3,12 +3,22 @@
, monitoringvpnKeyDir
, monitoringvpnEndpoint
, monitoringvpnIPv4
+, domain
, sshUsers
, letsEncryptAdminEmail
, issuerDomains
, allowedChargeOrigins
, ...
-}: {
+}:
+{ config, ... }: {
+ # The morph default deployment target the name of the node in the network
+ # attrset. We don't always want to give the node its proper public address
+ # there (because it depends on which domain is associated with the grid
+ # being configured and using variable names complicates a lot of things).
+ # Instead, just tell morph how to reach the node here - by using its fully
+ # qualified domain name.
+ deployment.targetHost = "${config.networking.hostName}.${config.networking.domain}";
+
deployment.secrets = {
"ristretto-signing-key".source = ristrettoSigningKeyPath;
"stripe-secret-key".source = stripeSecretKeyPath;
@@ -16,6 +26,8 @@
"monitoringvpn-preshared-key".source = "${monitoringvpnKeyDir}/preshared.key";
};
+ networking.domain = domain;
+
services.private-storage.sshUsers = sshUsers;
services.private-storage.monitoring.vpn.client = {
enable = true;
diff --git a/morph/lib/customize-monitoring.nix b/morph/lib/customize-monitoring.nix
index c81a765f..208f5048 100644
--- a/morph/lib/customize-monitoring.nix
+++ b/morph/lib/customize-monitoring.nix
@@ -1,18 +1,23 @@
{ hostsMap
+, domain
, monitoringvpnKeyDir
-, publicIPv4
, monitoringvpnIPv4
, vpnClientIPs
, nodeExporterTargets
, nginxExporterTargets ? []
, stateVersion
, ...
-}: {
- deployment.targetHost = publicIPv4;
+}:
+{ config, ... }: {
+ # See customize-issuer.nix for an explanatoin of targetHost value.
+ deployment.targetHost = "${config.networking.hostName}.${config.networking.domain}";
+
deployment.secrets = {
"monitoringvpn-private-key".source = "${monitoringvpnKeyDir}/server.key";
"monitoringvpn-preshared-key".source = "${monitoringvpnKeyDir}/preshared.key";
};
+
+ networking.domain = domain;
networking.hosts = hostsMap;
services.private-storage.monitoring.vpn.server = {
diff --git a/morph/lib/customize-storage.nix b/morph/lib/customize-storage.nix
index 6a5766a3..3a9c8f6b 100644
--- a/morph/lib/customize-storage.nix
+++ b/morph/lib/customize-storage.nix
@@ -8,7 +8,11 @@
, monitoringvpnIPv4
, stateVersion
, ...
-}: {
+}:
+{ config, ... }: {
+ # See customize-issuer.nix for an explanatoin of targetHost value.
+ deployment.targetHost = "${config.networking.hostName}.${config.networking.domain}";
+
deployment.secrets = {
"ristretto-signing-key".source = ristrettoSigningKeyPath;
"monitoringvpn-secret-key".source = "${monitoringvpnKeyDir}/${monitoringvpnIPv4}.key";
--
GitLab