diff --git a/morph/grid/local/grid.nix b/morph/grid/local/grid.nix
index 14335526f2accfb46c3c8600926038fdd908555e..4ca69ef1c3d974c07218459bd4670c185a3320f4 100644
--- a/morph/grid/local/grid.nix
+++ b/morph/grid/local/grid.nix
@@ -46,16 +46,12 @@ in lib.make-grid {
];
};
- "monitoring" = lib.make-monitoring (cfg // rec {
- publicIPv4 = "192.168.67.24";
- monitoringvpnIPv4 = "172.23.23.1";
- inherit vpnClientIPs;
- inherit hostsMap;
- inherit nodeExporterTargets;
- hardware = import ./virtual-hardware.nix ({ inherit publicIPv4; });
- stateVersion = "19.09";
- inherit monitoringvpnKeyDir;
- inherit sshUsers;
- });
+ monitoring = let publicIPv4 = "192.168.67.24"; in {
+ imports = [
+ lib.monitoring
+ (import ./virtual-hardware.nix ({ inherit publicIPv4; }))
+ (lib.customize-monitoring hostsMap monitoringvpnKeyDir publicIPv4 "172.23.23.1" vpnClientIPs nodeExporterTargets [] "19.09")
+ ];
+ };
};
}
diff --git a/morph/grid/production/grid.nix b/morph/grid/production/grid.nix
index b2a4436325cdde21aa1f6e56f3fe8d0f54484081..f41fbcaeeed572913d2f3da9348d033f7086efc0 100644
--- a/morph/grid/production/grid.nix
+++ b/morph/grid/production/grid.nix
@@ -46,17 +46,13 @@ in lib.make-grid {
];
};
- "monitoring" = lib.make-monitoring (cfg // {
- publicIPv4 = "monitoring.private.storage";
- monitoringvpnIPv4 = "172.23.23.1";
- inherit monitoringvpnKeyDir;
- inherit vpnClientIPs;
- inherit hostsMap;
- inherit nodeExporterTargets;
- hardware = lib.hardware-aws;
- stateVersion = "19.09";
- inherit sshUsers;
- });
+ monitoring = let publicIPv4 = "monitoring.private.storage"; in {
+ imports = [
+ lib.monitoring
+ lib.hardware-aws
+ (lib.customize-monitoring hostsMap monitoringvpnKeyDir publicIPv4 "172.23.23.1" vpnClientIPs nodeExporterTargets [] "19.09")
+ ];
+ };
defineStorageNode = name: { vpnIP, stateVersion }: let nodecfg = import "${./.}/${name}-config.nix"; in {
imports = [
diff --git a/morph/grid/testing/grid.nix b/morph/grid/testing/grid.nix
index 0004a4694bf74aca5759364fa100273df184445b..e13f2f1259bfc75421dc5c4db911bc7778b33727 100644
--- a/morph/grid/testing/grid.nix
+++ b/morph/grid/testing/grid.nix
@@ -36,16 +36,12 @@ in lib.make-grid {
];
};
- "monitoring" = lib.make-monitoring (cfg // {
- publicIPv4 = "18.156.171.217";
- monitoringvpnIPv4 = "172.23.23.1";
- inherit monitoringvpnKeyDir;
- inherit vpnClientIPs;
- inherit hostsMap;
- inherit nodeExporterTargets;
- hardware = lib.hardware-aws;
- stateVersion = "19.09";
- inherit sshUsers;
- });
+ monitoring = let publicIPv4 = "18.156.171.217"; in {
+ imports = [
+ lib.monitoring
+ lib.hardware-aws
+ (lib.customize-monitoring hostsMap monitoringvpnKeyDir publicIPv4 "172.23.23.1" vpnClientIPs nodeExporterTargets [] "19.09")
+ ];
+ };
};
}
diff --git a/morph/lib/customize-monitoring.nix b/morph/lib/customize-monitoring.nix
new file mode 100644
index 0000000000000000000000000000000000000000..5bc55810ca1778dc3ec193f79297d7443a2010aa
--- /dev/null
+++ b/morph/lib/customize-monitoring.nix
@@ -0,0 +1,22 @@
+hostsMap: monitoringvpnKeyDir: publicIPv4: monitoringvpnIPv4: vpnClientIPs: nodeExporterTargets: nginxExporterTargets: stateVersion: {
+ deployment.targetHost = publicIPv4;
+ deployment.secrets = {
+ "monitoringvpn-private-key".source = "${monitoringvpnKeyDir}/server.key";
+ "monitoringvpn-preshared-key".source = "${monitoringvpnKeyDir}/preshared.key";
+ };
+ networking.hosts = hostsMap;
+
+ services.private-storage.monitoring.vpn.server = {
+ enable = true;
+ ip = monitoringvpnIPv4;
+ inherit vpnClientIPs;
+ pubKeysPath = monitoringvpnKeyDir;
+ };
+
+ services.private-storage.monitoring.prometheus = {
+ inherit nodeExporterTargets;
+ inherit nginxExporterTargets;
+ };
+
+ system.stateVersion = stateVersion;
+}
diff --git a/morph/lib/default.nix b/morph/lib/default.nix
index 97973b847e183c78812421ef162238f5a0561dd5..d08e17f2dfb5e78c2c132071db4ee3b288a4b217 100644
--- a/morph/lib/default.nix
+++ b/morph/lib/default.nix
@@ -1,12 +1,14 @@
rec {
- make-grid = import ./make-grid.nix;
- make-monitoring = import ./make-monitoring.nix;
-
hardware-aws = import ./issuer-aws.nix;
+ make-grid = import ./make-grid.nix;
+
issuer = import ./issuer.nix;
customize-issuer = import ./customize-issuer.nix;
storage = import ./storage.nix;
customize-storage = import ./customize-storage.nix;
+
+ monitoring = import ./monitoring.nix;
+ customize-monitoring = import ./customize-monitoring.nix;
}
diff --git a/morph/lib/make-monitoring.nix b/morph/lib/make-monitoring.nix
deleted file mode 100644
index 592a859657e624e8fdf5632f8144c5acc6919e8c..0000000000000000000000000000000000000000
--- a/morph/lib/make-monitoring.nix
+++ /dev/null
@@ -1,77 +0,0 @@
-{ publicIPv4
-, hardware
-, publicStoragePort
-, ristrettoSigningKeyPath
-, passValue
-, sshUsers
-, stateVersion
-, monitoringvpnIPv4 ? null
-, monitoringvpnKeyDir ? null
-, vpnClientIPs ? null
-, nodeExporterTargets ? []
-, nginxExporterTargets ? []
-, hostsMap ? {}
-, ... }: let
-
- enableVpn = monitoringvpnKeyDir != null &&
- monitoringvpnIPv4 != null &&
- vpnClientIPs != null;
-
- vpnSecrets = if !enableVpn then {} else {
- "monitoringvpn-private-key" = {
- source = monitoringvpnKeyDir + "/server.key";
- destination = "/run/keys/monitoringvpn/server.key";
- owner.user = "root";
- owner.group = "root";
- permissions = "0400";
- action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
- };
- "monitoringvpn-preshared-key" = {
- source = monitoringvpnKeyDir + "/preshared.key";
- destination = "/run/keys/monitoringvpn/preshared.key";
- owner.user = "root";
- owner.group = "root";
- permissions = "0400";
- action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
- };
- };
-
-in rec {
-
- deployment = {
- targetHost = publicIPv4;
- secrets = vpnSecrets;
- };
-
- imports = [
- hardware
- ../../nixos/modules/monitoring/vpn/server.nix
- ../../nixos/modules/monitoring/server/grafana.nix
- ../../nixos/modules/monitoring/server/prometheus.nix
- ../../nixos/modules/monitoring/exporters/node.nix
- # Loki 0.3.0 from Nixpkgs 19.09 is too old and does not work:
- # ../../nixos/modules/monitoring/server/loki.nix
- ];
-
- services.private-storage.monitoring.vpn.server = if !enableVpn then {} else {
- enable = true;
- ip = monitoringvpnIPv4;
- inherit vpnClientIPs;
- pubKeysPath = monitoringvpnKeyDir;
- };
-
- services.private-storage.monitoring.grafana = {
- domain = "monitoring.private.storage";
- prometheusUrl = "http://localhost:9090/";
- lokiUrl = "http://localhost:3100/";
- };
-
- services.private-storage.monitoring.prometheus = {
- inherit nodeExporterTargets;
- inherit nginxExporterTargets;
- };
-
- system.stateVersion = stateVersion;
-
- networking.hosts = hostsMap;
-}
diff --git a/morph/lib/monitoring.nix b/morph/lib/monitoring.nix
new file mode 100644
index 0000000000000000000000000000000000000000..2001dea8637a1dfa32b7789dea2d3ea2063773eb
--- /dev/null
+++ b/morph/lib/monitoring.nix
@@ -0,0 +1,53 @@
+rec {
+ deployment = {
+ secrets = {
+ "monitoringvpn-private-key" = {
+ # source = ...;
+ destination = "/run/keys/monitoringvpn/server.key";
+ owner.user = "root";
+ owner.group = "root";
+ permissions = "0400";
+ action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
+ };
+ "monitoringvpn-preshared-key" = {
+ # source = ...;
+ destination = "/run/keys/monitoringvpn/preshared.key";
+ owner.user = "root";
+ owner.group = "root";
+ permissions = "0400";
+ action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
+ };
+ };
+ };
+
+ imports = [
+ ../../nixos/modules/monitoring/vpn/server.nix
+ ../../nixos/modules/monitoring/server/grafana.nix
+ ../../nixos/modules/monitoring/server/prometheus.nix
+ ../../nixos/modules/monitoring/exporters/node.nix
+ # Loki 0.3.0 from Nixpkgs 19.09 is too old and does not work:
+ # ../../nixos/modules/monitoring/server/loki.nix
+ ];
+
+ services.private-storage.monitoring.vpn.server = {
+ # enable = ...;
+ # ip = ...;
+ # vpnClientIPs = ...;
+ # pubKeysPath = ...;
+ };
+
+ services.private-storage.monitoring.grafana = {
+ domain = "monitoring.private.storage";
+ prometheusUrl = "http://localhost:9090/";
+ lokiUrl = "http://localhost:3100/";
+ };
+
+ services.private-storage.monitoring.prometheus = {
+ # nodeExporterTargets = ...;
+ # nginxExporterTargets = ...;
+ };
+
+ # system.stateVersion = ...;
+
+ # networking.hosts = ...;
+}