diff --git a/morph/grid/local/grid.nix b/morph/grid/local/grid.nix index c8c2747715924d41578c6601b3f2452d14ddb5d6..e3c5752c63ef22b389fe8e58de841ab2665a4ec2 100644 --- a/morph/grid/local/grid.nix +++ b/morph/grid/local/grid.nix @@ -14,6 +14,7 @@ let ../../../nixos/modules/ssh.nix ]; services.private-storage.sshUsers = import ./public-keys/users.nix; + networking.domain = grid-config.domain; # Convert relative paths to absolute so library code can resolve names # correctly. grid = { @@ -68,7 +69,7 @@ let (gridlib.hardware-virtual ({ publicIPv4 = "192.168.67.24"; })) (gridlib.customize-monitoring { inherit hostsMap vpnClientIPs nodeExporterTargets paymentExporterTargets; - inherit (grid-config) domain letsEncryptAdminEmail; + inherit (grid-config) letsEncryptAdminEmail; googleOAuthClientID = grid-config.monitoringGoogleOAuthClientID; monitoringvpnIPv4 = "172.23.23.1"; stateVersion = "19.09"; diff --git a/morph/grid/production/grid.nix b/morph/grid/production/grid.nix index 91eec738fe8344728ed35564bacd3a57e94b9e5e..6009be84fb2a7ed7ca63e2e73b4f08f1f45ecb0d 100644 --- a/morph/grid/production/grid.nix +++ b/morph/grid/production/grid.nix @@ -15,6 +15,7 @@ let ../../../nixos/modules/ssh.nix ]; services.private-storage.sshUsers = import ./public-keys/users.nix; + networking.domain = grid-config.domain; # Convert relative paths to absolute so library code can resolve names # correctly. grid = { @@ -45,7 +46,7 @@ let gridlib.hardware-aws (gridlib.customize-monitoring { inherit hostsMap vpnClientIPs nodeExporterTargets paymentExporterTargets; - inherit (grid-config) domain letsEncryptAdminEmail; + inherit (grid-config) letsEncryptAdminEmail; googleOAuthClientID = grid-config.monitoringGoogleOAuthClientID; monitoringvpnIPv4 = "172.23.23.1"; stateVersion = "19.09"; diff --git a/morph/grid/testing/grid.nix b/morph/grid/testing/grid.nix index 3e15e5137194d2637a9637fecb61fb0a8d132f1c..18983f0b32d28f13981b56475d7691a8cb434808 100644 --- a/morph/grid/testing/grid.nix +++ b/morph/grid/testing/grid.nix @@ -15,6 +15,7 @@ let ../../../nixos/modules/ssh.nix ]; services.private-storage.sshUsers = import ./public-keys/users.nix; + networking.domain = grid-config.domain; # Convert relative paths to absolute so library code can resolve names # correctly. grid = { @@ -58,7 +59,7 @@ let gridlib.hardware-aws (gridlib.customize-monitoring { inherit hostsMap vpnClientIPs nodeExporterTargets paymentExporterTargets; - inherit (grid-config) domain letsEncryptAdminEmail; + inherit (grid-config) letsEncryptAdminEmail; googleOAuthClientID = grid-config.monitoringGoogleOAuthClientID; monitoringvpnIPv4 = "172.23.23.1"; stateVersion = "19.09"; diff --git a/morph/lib/base.nix b/morph/lib/base.nix index 809e3556c534c55890520d81d3e3383cc0b18f85..f167f54ad55baa65fa13fe2b7ac29b79333b8b90 100644 --- a/morph/lib/base.nix +++ b/morph/lib/base.nix @@ -19,4 +19,14 @@ ''; }; }; + + config = { + # The morph default deployment target the name of the node in the network + # attrset. We don't always want to give the node its proper public address + # there (because it depends on which domain is associated with the grid + # being configured and using variable names complicates a lot of things). + # Instead, just tell morph how to reach the node here - by using its fully + # qualified domain name. + deployment.targetHost = "${config.networking.hostName}.${config.networking.domain}"; + }; } diff --git a/morph/lib/customize-issuer.nix b/morph/lib/customize-issuer.nix index 4e0872b1315c4ce62d06832063f758522aacb585..0686556cdf6abe79f0ac9e16586c9c219f3cddb1 100644 --- a/morph/lib/customize-issuer.nix +++ b/morph/lib/customize-issuer.nix @@ -8,14 +8,6 @@ # A string giving the VPN IPv4 address for this system. , monitoringvpnIPv4 - # A string giving the domain name associated with this grid. This is meant - # to be combined with the hostname for this system to produce a - # fully-qualified domain name. For example, an issuer might have "payments" - # as its hostname and belong to a grid with the domain - # "example-grid.invalid". This ``domain`` parameter should have the value - # ``"example-grid.invalid"`` for the system figure out that - # ``payments.example-grid.invalid`` is the name of this system. -, domain # A string giving an email address to use for Let's Encrypt registration and # certificate issuance. , letsEncryptAdminEmail @@ -33,14 +25,6 @@ let inherit (config.grid) publicKeyPath privateKeyPath; in { - # The morph default deployment target the name of the node in the network - # attrset. We don't always want to give the node its proper public address - # there (because it depends on which domain is associated with the grid - # being configured and using variable names complicates a lot of things). - # Instead, just tell morph how to reach the node here - by using its fully - # qualified domain name. - deployment.targetHost = "${config.networking.hostName}.${config.networking.domain}"; - deployment.secrets = { # ``.../monitoringvpn`` is a path on the deployment system of a directory # containing a number of VPN-related secrets. This is expected to contain @@ -53,8 +37,6 @@ in { "monitoringvpn-preshared-key".source = "${privateKeyPath}/monitoringvpn/preshared.key"; }; - networking.domain = domain; - services.private-storage.monitoring.vpn.client = { enable = true; ip = monitoringvpnIPv4; diff --git a/morph/lib/customize-monitoring.nix b/morph/lib/customize-monitoring.nix index 324f99f2453938d46a7f17118a80e8c411d2acdf..19a800f1fa806c09f132f2bb2769869a30c65ec2 100644 --- a/morph/lib/customize-monitoring.nix +++ b/morph/lib/customize-monitoring.nix @@ -10,7 +10,6 @@ # See ``customize-issuer.nix``. , monitoringvpnIPv4 -, domain , letsEncryptAdminEmail # A list of VPN IP addresses as strings indicating which clients will be @@ -41,9 +40,6 @@ let inherit (config.grid) publicKeyPath privateKeyPath; in { - # See customize-issuer.nix for an explanatoin of targetHost value. - deployment.targetHost = "${config.networking.hostName}.${config.networking.domain}"; - deployment.secrets = let # When Grafana SSO is disabled there is not necessarily any client secret # available. Avoid telling morph that there is one in this case (so it @@ -82,7 +78,6 @@ in { in grafanaSSO // monitoringvpn; - networking.domain = domain; networking.hosts = hostsMap; services.private-storage.monitoring.vpn.server = { diff --git a/morph/lib/customize-storage.nix b/morph/lib/customize-storage.nix index be4c2a9322cf6d692d90778ffabfaefa02fd8706..6a288213c3f117309b697e44304be9a7d5620bcb 100644 --- a/morph/lib/customize-storage.nix +++ b/morph/lib/customize-storage.nix @@ -4,7 +4,6 @@ # See ``customize-issuer.nix`` monitoringvpnEndpoint , monitoringvpnIPv4 -, domain # An integer giving the value of a single pass in byte×months. , passValue @@ -21,16 +20,11 @@ let inherit (config.grid) publicKeyPath privateKeyPath; in { - # See customize-issuer.nix for an explanatoin of targetHost value. - deployment.targetHost = "${config.networking.hostName}.${config.networking.domain}"; - deployment.secrets = { "monitoringvpn-secret-key".source = "${privateKeyPath}/monitoringvpn/${monitoringvpnIPv4}.key"; "monitoringvpn-preshared-key".source = "${privateKeyPath}/monitoringvpn/preshared.key"; }; - networking.domain = domain; - services.private-storage = { inherit passValue publicStoragePort; };