From 8d52252c231d151531b9747486e142d2e4b2505b Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Thu, 24 Jun 2021 10:29:21 -0400
Subject: [PATCH] Monitoring-related documentation and cleanups

---
 morph/lib/customize-monitoring.nix | 24 ++++++++++++++++++++++--
 morph/lib/monitoring.nix           | 20 ++------------------
 2 files changed, 24 insertions(+), 20 deletions(-)

diff --git a/morph/lib/customize-monitoring.nix b/morph/lib/customize-monitoring.nix
index c81a765f..8df7f458 100644
--- a/morph/lib/customize-monitoring.nix
+++ b/morph/lib/customize-monitoring.nix
@@ -1,10 +1,30 @@
-{ hostsMap
+# Define a function which returns a value which fills in all the holes left by
+# ``monitoring.nix``.
+{
+  # A set mapping VPN IP addresses as strings to lists of hostnames as
+  # strings.  The system's ``/etc/hosts`` will be populated with this
+  # information.
+  hostsMap
+
+  # See ``customize-issuer.nix``.
 , monitoringvpnKeyDir
-, publicIPv4
 , monitoringvpnIPv4
+
+  # XXX To be removed
+, publicIPv4
+
+  # A list of VPN IP addresses as strings indicating which clients will be
+  # allowed onto the VPN.
 , vpnClientIPs
+
+  # A list of VPN clients (IP addresses or hostnames) as strings indicating
+  # which nodes to scrape metrics from.
 , nodeExporterTargets
+
+  # ...
 , nginxExporterTargets ? []
+
+  # A string giving the NixOS state version for the system.
 , stateVersion
 , ...
 }: {
diff --git a/morph/lib/monitoring.nix b/morph/lib/monitoring.nix
index 2001dea8..b48820f0 100644
--- a/morph/lib/monitoring.nix
+++ b/morph/lib/monitoring.nix
@@ -1,8 +1,9 @@
+# Similar to ``issuer.nix`` but for a "monitoring"-type system.  Holes are
+# filled by ``customize-monitoring.nix``.
 rec {
   deployment = {
     secrets = {
       "monitoringvpn-private-key" = {
-        # source = ...;
         destination = "/run/keys/monitoringvpn/server.key";
         owner.user = "root";
         owner.group = "root";
@@ -10,7 +11,6 @@ rec {
         action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
       };
       "monitoringvpn-preshared-key" = {
-        # source = ...;
         destination = "/run/keys/monitoringvpn/preshared.key";
         owner.user = "root";
         owner.group = "root";
@@ -29,25 +29,9 @@ rec {
     # ../../nixos/modules/monitoring/server/loki.nix
   ];
 
-  services.private-storage.monitoring.vpn.server = {
-    # enable = ...;
-    # ip = ...;
-    # vpnClientIPs = ...;
-    # pubKeysPath = ...;
-  };
-
   services.private-storage.monitoring.grafana = {
     domain = "monitoring.private.storage";
     prometheusUrl = "http://localhost:9090/";
     lokiUrl = "http://localhost:3100/";
   };
-
-  services.private-storage.monitoring.prometheus = {
-    # nodeExporterTargets = ...;
-    # nginxExporterTargets = ...;
-  };
-
-  # system.stateVersion = ...;
-
-  # networking.hosts = ...;
 }
-- 
GitLab