diff --git a/morph/grid/local/grid.nix b/morph/grid/local/grid.nix
index c8c2747715924d41578c6601b3f2452d14ddb5d6..e3c5752c63ef22b389fe8e58de841ab2665a4ec2 100644
--- a/morph/grid/local/grid.nix
+++ b/morph/grid/local/grid.nix
@@ -14,6 +14,7 @@ let
../../../nixos/modules/ssh.nix
];
services.private-storage.sshUsers = import ./public-keys/users.nix;
+ networking.domain = grid-config.domain;
# Convert relative paths to absolute so library code can resolve names
# correctly.
grid = {
@@ -68,7 +69,7 @@ let
(gridlib.hardware-virtual ({ publicIPv4 = "192.168.67.24"; }))
(gridlib.customize-monitoring {
inherit hostsMap vpnClientIPs nodeExporterTargets paymentExporterTargets;
- inherit (grid-config) domain letsEncryptAdminEmail;
+ inherit (grid-config) letsEncryptAdminEmail;
googleOAuthClientID = grid-config.monitoringGoogleOAuthClientID;
monitoringvpnIPv4 = "172.23.23.1";
stateVersion = "19.09";
diff --git a/morph/grid/production/grid.nix b/morph/grid/production/grid.nix
index 91eec738fe8344728ed35564bacd3a57e94b9e5e..6009be84fb2a7ed7ca63e2e73b4f08f1f45ecb0d 100644
--- a/morph/grid/production/grid.nix
+++ b/morph/grid/production/grid.nix
@@ -15,6 +15,7 @@ let
../../../nixos/modules/ssh.nix
];
services.private-storage.sshUsers = import ./public-keys/users.nix;
+ networking.domain = grid-config.domain;
# Convert relative paths to absolute so library code can resolve names
# correctly.
grid = {
@@ -45,7 +46,7 @@ let
gridlib.hardware-aws
(gridlib.customize-monitoring {
inherit hostsMap vpnClientIPs nodeExporterTargets paymentExporterTargets;
- inherit (grid-config) domain letsEncryptAdminEmail;
+ inherit (grid-config) letsEncryptAdminEmail;
googleOAuthClientID = grid-config.monitoringGoogleOAuthClientID;
monitoringvpnIPv4 = "172.23.23.1";
stateVersion = "19.09";
diff --git a/morph/grid/testing/grid.nix b/morph/grid/testing/grid.nix
index 3e15e5137194d2637a9637fecb61fb0a8d132f1c..18983f0b32d28f13981b56475d7691a8cb434808 100644
--- a/morph/grid/testing/grid.nix
+++ b/morph/grid/testing/grid.nix
@@ -15,6 +15,7 @@ let
../../../nixos/modules/ssh.nix
];
services.private-storage.sshUsers = import ./public-keys/users.nix;
+ networking.domain = grid-config.domain;
# Convert relative paths to absolute so library code can resolve names
# correctly.
grid = {
@@ -58,7 +59,7 @@ let
gridlib.hardware-aws
(gridlib.customize-monitoring {
inherit hostsMap vpnClientIPs nodeExporterTargets paymentExporterTargets;
- inherit (grid-config) domain letsEncryptAdminEmail;
+ inherit (grid-config) letsEncryptAdminEmail;
googleOAuthClientID = grid-config.monitoringGoogleOAuthClientID;
monitoringvpnIPv4 = "172.23.23.1";
stateVersion = "19.09";
diff --git a/morph/lib/base.nix b/morph/lib/base.nix
index 809e3556c534c55890520d81d3e3383cc0b18f85..f167f54ad55baa65fa13fe2b7ac29b79333b8b90 100644
--- a/morph/lib/base.nix
+++ b/morph/lib/base.nix
@@ -19,4 +19,14 @@
'';
};
};
+
+ config = {
+ # The morph default deployment target the name of the node in the network
+ # attrset. We don't always want to give the node its proper public address
+ # there (because it depends on which domain is associated with the grid
+ # being configured and using variable names complicates a lot of things).
+ # Instead, just tell morph how to reach the node here - by using its fully
+ # qualified domain name.
+ deployment.targetHost = "${config.networking.hostName}.${config.networking.domain}";
+ };
}
diff --git a/morph/lib/customize-issuer.nix b/morph/lib/customize-issuer.nix
index 4e0872b1315c4ce62d06832063f758522aacb585..0686556cdf6abe79f0ac9e16586c9c219f3cddb1 100644
--- a/morph/lib/customize-issuer.nix
+++ b/morph/lib/customize-issuer.nix
@@ -8,14 +8,6 @@
# A string giving the VPN IPv4 address for this system.
, monitoringvpnIPv4
- # A string giving the domain name associated with this grid. This is meant
- # to be combined with the hostname for this system to produce a
- # fully-qualified domain name. For example, an issuer might have "payments"
- # as its hostname and belong to a grid with the domain
- # "example-grid.invalid". This ``domain`` parameter should have the value
- # ``"example-grid.invalid"`` for the system figure out that
- # ``payments.example-grid.invalid`` is the name of this system.
-, domain
# A string giving an email address to use for Let's Encrypt registration and
# certificate issuance.
, letsEncryptAdminEmail
@@ -33,14 +25,6 @@
let
inherit (config.grid) publicKeyPath privateKeyPath;
in {
- # The morph default deployment target the name of the node in the network
- # attrset. We don't always want to give the node its proper public address
- # there (because it depends on which domain is associated with the grid
- # being configured and using variable names complicates a lot of things).
- # Instead, just tell morph how to reach the node here - by using its fully
- # qualified domain name.
- deployment.targetHost = "${config.networking.hostName}.${config.networking.domain}";
-
deployment.secrets = {
# ``.../monitoringvpn`` is a path on the deployment system of a directory
# containing a number of VPN-related secrets. This is expected to contain
@@ -53,8 +37,6 @@ in {
"monitoringvpn-preshared-key".source = "${privateKeyPath}/monitoringvpn/preshared.key";
};
- networking.domain = domain;
-
services.private-storage.monitoring.vpn.client = {
enable = true;
ip = monitoringvpnIPv4;
diff --git a/morph/lib/customize-monitoring.nix b/morph/lib/customize-monitoring.nix
index 324f99f2453938d46a7f17118a80e8c411d2acdf..19a800f1fa806c09f132f2bb2769869a30c65ec2 100644
--- a/morph/lib/customize-monitoring.nix
+++ b/morph/lib/customize-monitoring.nix
@@ -10,7 +10,6 @@
# See ``customize-issuer.nix``.
, monitoringvpnIPv4
-, domain
, letsEncryptAdminEmail
# A list of VPN IP addresses as strings indicating which clients will be
@@ -41,9 +40,6 @@
let
inherit (config.grid) publicKeyPath privateKeyPath;
in {
- # See customize-issuer.nix for an explanatoin of targetHost value.
- deployment.targetHost = "${config.networking.hostName}.${config.networking.domain}";
-
deployment.secrets = let
# When Grafana SSO is disabled there is not necessarily any client secret
# available. Avoid telling morph that there is one in this case (so it
@@ -82,7 +78,6 @@ in {
in
grafanaSSO // monitoringvpn;
- networking.domain = domain;
networking.hosts = hostsMap;
services.private-storage.monitoring.vpn.server = {
diff --git a/morph/lib/customize-storage.nix b/morph/lib/customize-storage.nix
index be4c2a9322cf6d692d90778ffabfaefa02fd8706..6a288213c3f117309b697e44304be9a7d5620bcb 100644
--- a/morph/lib/customize-storage.nix
+++ b/morph/lib/customize-storage.nix
@@ -4,7 +4,6 @@
# See ``customize-issuer.nix``
monitoringvpnEndpoint
, monitoringvpnIPv4
-, domain
# An integer giving the value of a single pass in byte×months.
, passValue
@@ -21,16 +20,11 @@
let
inherit (config.grid) publicKeyPath privateKeyPath;
in {
- # See customize-issuer.nix for an explanatoin of targetHost value.
- deployment.targetHost = "${config.networking.hostName}.${config.networking.domain}";
-
deployment.secrets = {
"monitoringvpn-secret-key".source = "${privateKeyPath}/monitoringvpn/${monitoringvpnIPv4}.key";
"monitoringvpn-preshared-key".source = "${privateKeyPath}/monitoringvpn/preshared.key";
};
- networking.domain = domain;
-
services.private-storage = {
inherit passValue publicStoragePort;
};