From 5a714b71be988de3e34ffdcc93440dfcde14e442 Mon Sep 17 00:00:00 2001
From: Tom Prince <tom.prince@private.storage>
Date: Thu, 2 Sep 2021 22:24:25 -0600
Subject: [PATCH] Simplify domain configuration.
---
morph/grid/local/grid.nix | 3 ++-
morph/grid/production/grid.nix | 3 ++-
morph/grid/testing/grid.nix | 3 ++-
morph/lib/base.nix | 10 ++++++++++
morph/lib/customize-issuer.nix | 18 ------------------
morph/lib/customize-monitoring.nix | 5 -----
morph/lib/customize-storage.nix | 6 ------
7 files changed, 16 insertions(+), 32 deletions(-)
diff --git a/morph/grid/local/grid.nix b/morph/grid/local/grid.nix
index c8c27477..e3c5752c 100644
--- a/morph/grid/local/grid.nix
+++ b/morph/grid/local/grid.nix
@@ -14,6 +14,7 @@ let
../../../nixos/modules/ssh.nix
];
services.private-storage.sshUsers = import ./public-keys/users.nix;
+ networking.domain = grid-config.domain;
# Convert relative paths to absolute so library code can resolve names
# correctly.
grid = {
@@ -68,7 +69,7 @@ let
(gridlib.hardware-virtual ({ publicIPv4 = "192.168.67.24"; }))
(gridlib.customize-monitoring {
inherit hostsMap vpnClientIPs nodeExporterTargets paymentExporterTargets;
- inherit (grid-config) domain letsEncryptAdminEmail;
+ inherit (grid-config) letsEncryptAdminEmail;
googleOAuthClientID = grid-config.monitoringGoogleOAuthClientID;
monitoringvpnIPv4 = "172.23.23.1";
stateVersion = "19.09";
diff --git a/morph/grid/production/grid.nix b/morph/grid/production/grid.nix
index 91eec738..6009be84 100644
--- a/morph/grid/production/grid.nix
+++ b/morph/grid/production/grid.nix
@@ -15,6 +15,7 @@ let
../../../nixos/modules/ssh.nix
];
services.private-storage.sshUsers = import ./public-keys/users.nix;
+ networking.domain = grid-config.domain;
# Convert relative paths to absolute so library code can resolve names
# correctly.
grid = {
@@ -45,7 +46,7 @@ let
gridlib.hardware-aws
(gridlib.customize-monitoring {
inherit hostsMap vpnClientIPs nodeExporterTargets paymentExporterTargets;
- inherit (grid-config) domain letsEncryptAdminEmail;
+ inherit (grid-config) letsEncryptAdminEmail;
googleOAuthClientID = grid-config.monitoringGoogleOAuthClientID;
monitoringvpnIPv4 = "172.23.23.1";
stateVersion = "19.09";
diff --git a/morph/grid/testing/grid.nix b/morph/grid/testing/grid.nix
index 3e15e513..18983f0b 100644
--- a/morph/grid/testing/grid.nix
+++ b/morph/grid/testing/grid.nix
@@ -15,6 +15,7 @@ let
../../../nixos/modules/ssh.nix
];
services.private-storage.sshUsers = import ./public-keys/users.nix;
+ networking.domain = grid-config.domain;
# Convert relative paths to absolute so library code can resolve names
# correctly.
grid = {
@@ -58,7 +59,7 @@ let
gridlib.hardware-aws
(gridlib.customize-monitoring {
inherit hostsMap vpnClientIPs nodeExporterTargets paymentExporterTargets;
- inherit (grid-config) domain letsEncryptAdminEmail;
+ inherit (grid-config) letsEncryptAdminEmail;
googleOAuthClientID = grid-config.monitoringGoogleOAuthClientID;
monitoringvpnIPv4 = "172.23.23.1";
stateVersion = "19.09";
diff --git a/morph/lib/base.nix b/morph/lib/base.nix
index 35f1182b..fc737d9d 100644
--- a/morph/lib/base.nix
+++ b/morph/lib/base.nix
@@ -18,4 +18,14 @@
'';
};
};
+
+ config = {
+ # The morph default deployment target the name of the node in the network
+ # attrset. We don't always want to give the node its proper public address
+ # there (because it depends on which domain is associated with the grid
+ # being configured and using variable names complicates a lot of things).
+ # Instead, just tell morph how to reach the node here - by using its fully
+ # qualified domain name.
+ deployment.targetHost = "${config.networking.hostName}.${config.networking.domain}";
+ };
}
diff --git a/morph/lib/customize-issuer.nix b/morph/lib/customize-issuer.nix
index 4e0872b1..0686556c 100644
--- a/morph/lib/customize-issuer.nix
+++ b/morph/lib/customize-issuer.nix
@@ -8,14 +8,6 @@
# A string giving the VPN IPv4 address for this system.
, monitoringvpnIPv4
- # A string giving the domain name associated with this grid. This is meant
- # to be combined with the hostname for this system to produce a
- # fully-qualified domain name. For example, an issuer might have "payments"
- # as its hostname and belong to a grid with the domain
- # "example-grid.invalid". This ``domain`` parameter should have the value
- # ``"example-grid.invalid"`` for the system figure out that
- # ``payments.example-grid.invalid`` is the name of this system.
-, domain
# A string giving an email address to use for Let's Encrypt registration and
# certificate issuance.
, letsEncryptAdminEmail
@@ -33,14 +25,6 @@
let
inherit (config.grid) publicKeyPath privateKeyPath;
in {
- # The morph default deployment target the name of the node in the network
- # attrset. We don't always want to give the node its proper public address
- # there (because it depends on which domain is associated with the grid
- # being configured and using variable names complicates a lot of things).
- # Instead, just tell morph how to reach the node here - by using its fully
- # qualified domain name.
- deployment.targetHost = "${config.networking.hostName}.${config.networking.domain}";
-
deployment.secrets = {
# ``.../monitoringvpn`` is a path on the deployment system of a directory
# containing a number of VPN-related secrets. This is expected to contain
@@ -53,8 +37,6 @@ in {
"monitoringvpn-preshared-key".source = "${privateKeyPath}/monitoringvpn/preshared.key";
};
- networking.domain = domain;
-
services.private-storage.monitoring.vpn.client = {
enable = true;
ip = monitoringvpnIPv4;
diff --git a/morph/lib/customize-monitoring.nix b/morph/lib/customize-monitoring.nix
index 324f99f2..19a800f1 100644
--- a/morph/lib/customize-monitoring.nix
+++ b/morph/lib/customize-monitoring.nix
@@ -10,7 +10,6 @@
# See ``customize-issuer.nix``.
, monitoringvpnIPv4
-, domain
, letsEncryptAdminEmail
# A list of VPN IP addresses as strings indicating which clients will be
@@ -41,9 +40,6 @@
let
inherit (config.grid) publicKeyPath privateKeyPath;
in {
- # See customize-issuer.nix for an explanatoin of targetHost value.
- deployment.targetHost = "${config.networking.hostName}.${config.networking.domain}";
-
deployment.secrets = let
# When Grafana SSO is disabled there is not necessarily any client secret
# available. Avoid telling morph that there is one in this case (so it
@@ -82,7 +78,6 @@ in {
in
grafanaSSO // monitoringvpn;
- networking.domain = domain;
networking.hosts = hostsMap;
services.private-storage.monitoring.vpn.server = {
diff --git a/morph/lib/customize-storage.nix b/morph/lib/customize-storage.nix
index be4c2a93..6a288213 100644
--- a/morph/lib/customize-storage.nix
+++ b/morph/lib/customize-storage.nix
@@ -4,7 +4,6 @@
# See ``customize-issuer.nix``
monitoringvpnEndpoint
, monitoringvpnIPv4
-, domain
# An integer giving the value of a single pass in byte×months.
, passValue
@@ -21,16 +20,11 @@
let
inherit (config.grid) publicKeyPath privateKeyPath;
in {
- # See customize-issuer.nix for an explanatoin of targetHost value.
- deployment.targetHost = "${config.networking.hostName}.${config.networking.domain}";
-
deployment.secrets = {
"monitoringvpn-secret-key".source = "${privateKeyPath}/monitoringvpn/${monitoringvpnIPv4}.key";
"monitoringvpn-preshared-key".source = "${privateKeyPath}/monitoringvpn/preshared.key";
};
- networking.domain = domain;
-
services.private-storage = {
inherit passValue publicStoragePort;
};
--
GitLab