Merge develop in ourpkgs.

d95ebcea · Tom Prince · 8eb23fd6 · 63f72cee · d95ebcea · d95ebcea
Commit d95ebcea authored 3 years ago by Tom Prince
--- a/morph/grid/local/grid.nix
+++ b/morph/grid/local/grid.nix
@@ -14,6 +14,7 @@ let
      ../../../nixos/modules/ssh.nix
    ];
    services.private-storage.sshUsers = import ./public-keys/users.nix;
+    networking.domain = grid-config.domain;
    # Convert relative paths to absolute so library code can resolve names
    # correctly.
    grid = {
@@ -68,7 +69,7 @@ let
      (gridlib.hardware-virtual ({ publicIPv4 = "192.168.67.24"; }))
      (gridlib.customize-monitoring {
        inherit hostsMap vpnClientIPs nodeExporterTargets paymentExporterTargets;
-        inherit (grid-config) domain letsEncryptAdminEmail;
+        inherit (grid-config) letsEncryptAdminEmail;
        googleOAuthClientID = grid-config.monitoringGoogleOAuthClientID;
        monitoringvpnIPv4 = "172.23.23.1";
        stateVersion = "19.09";

--- a/morph/grid/production/grid.nix
+++ b/morph/grid/production/grid.nix
@@ -15,6 +15,7 @@ let
      ../../../nixos/modules/ssh.nix
    ];
    services.private-storage.sshUsers = import ./public-keys/users.nix;
+    networking.domain = grid-config.domain;
    # Convert relative paths to absolute so library code can resolve names
    # correctly.
    grid = {
@@ -45,7 +46,7 @@ let
      gridlib.hardware-aws
      (gridlib.customize-monitoring {
        inherit hostsMap vpnClientIPs nodeExporterTargets paymentExporterTargets;
-        inherit (grid-config) domain letsEncryptAdminEmail;
+        inherit (grid-config) letsEncryptAdminEmail;
        googleOAuthClientID = grid-config.monitoringGoogleOAuthClientID;
        monitoringvpnIPv4 = "172.23.23.1";
        stateVersion = "19.09";

--- a/morph/grid/testing/grid.nix
+++ b/morph/grid/testing/grid.nix
@@ -15,6 +15,7 @@ let
      ../../../nixos/modules/ssh.nix
    ];
    services.private-storage.sshUsers = import ./public-keys/users.nix;
+    networking.domain = grid-config.domain;
    # Convert relative paths to absolute so library code can resolve names
    # correctly.
    grid = {
@@ -58,7 +59,7 @@ let
      gridlib.hardware-aws
      (gridlib.customize-monitoring {
        inherit hostsMap vpnClientIPs nodeExporterTargets paymentExporterTargets;
-        inherit (grid-config) domain letsEncryptAdminEmail;
+        inherit (grid-config) letsEncryptAdminEmail;
        googleOAuthClientID = grid-config.monitoringGoogleOAuthClientID;
        monitoringvpnIPv4 = "172.23.23.1";
        stateVersion = "19.09";

--- a/morph/lib/base.nix
+++ b/morph/lib/base.nix
@@ -23,4 +23,14 @@
  imports = [
    ../../nixos/modules/packages.nix
  ];
+
+  config = {
+    # The morph default deployment target the name of the node in the network
+    # attrset.  We don't always want to give the node its proper public address
+    # there (because it depends on which domain is associated with the grid
+    # being configured and using variable names complicates a lot of things).
+    # Instead, just tell morph how to reach the node here - by using its fully
+    # qualified domain name.
+    deployment.targetHost = "${config.networking.hostName}.${config.networking.domain}";
+  };
 }
--- a/morph/lib/customize-issuer.nix
+++ b/morph/lib/customize-issuer.nix
@@ -8,14 +8,6 @@
  # A string giving the VPN IPv4 address for this system.
 , monitoringvpnIPv4

-  # A string giving the domain name associated with this grid.  This is meant
-  # to be combined with the hostname for this system to produce a
-  # fully-qualified domain name.  For example, an issuer might have "payments"
-  # as its hostname and belong to a grid with the domain
-  # "example-grid.invalid".  This ``domain`` parameter should have the value
-  # ``"example-grid.invalid"`` for the system figure out that
-  # ``payments.example-grid.invalid`` is the name of this system.
-, domain
  # A string giving an email address to use for Let's Encrypt registration and
  # certificate issuance.
 , letsEncryptAdminEmail
@@ -33,14 +25,6 @@
 let
  inherit (config.grid) publicKeyPath privateKeyPath;
 in {
-  # The morph default deployment target the name of the node in the network
-  # attrset.  We don't always want to give the node its proper public address
-  # there (because it depends on which domain is associated with the grid
-  # being configured and using variable names complicates a lot of things).
-  # Instead, just tell morph how to reach the node here - by using its fully
-  # qualified domain name.
-  deployment.targetHost = "${config.networking.hostName}.${config.networking.domain}";
-
  deployment.secrets = {
    # ``.../monitoringvpn`` is a path on the deployment system of a directory
    # containing a number of VPN-related secrets.  This is expected to contain
@@ -53,8 +37,6 @@ in {
    "monitoringvpn-preshared-key".source = "${privateKeyPath}/monitoringvpn/preshared.key";
  };

-  networking.domain = domain;
-
  services.private-storage.monitoring.vpn.client = {
    enable = true;
    ip = monitoringvpnIPv4;

--- a/morph/lib/customize-monitoring.nix
+++ b/morph/lib/customize-monitoring.nix
@@ -10,7 +10,6 @@

  # See ``customize-issuer.nix``.
 , monitoringvpnIPv4
-, domain
 , letsEncryptAdminEmail

  # A list of VPN IP addresses as strings indicating which clients will be
@@ -41,9 +40,6 @@
 let
  inherit (config.grid) publicKeyPath privateKeyPath;
 in {
-  # See customize-issuer.nix for an explanatoin of targetHost value.
-  deployment.targetHost = "${config.networking.hostName}.${config.networking.domain}";
-
  deployment.secrets = let
    # When Grafana SSO is disabled there is not necessarily any client secret
    # available.  Avoid telling morph that there is one in this case (so it
@@ -82,7 +78,6 @@ in {
    in
      grafanaSSO // monitoringvpn;

-  networking.domain = domain;
  networking.hosts = hostsMap;

  services.private-storage.monitoring.vpn.server = {

--- a/morph/lib/customize-storage.nix
+++ b/morph/lib/customize-storage.nix
@@ -4,7 +4,6 @@
  # See ``customize-issuer.nix``
  monitoringvpnEndpoint
 , monitoringvpnIPv4
-, domain

  # An integer giving the value of a single pass in byte×months.
 , passValue
@@ -21,16 +20,11 @@
 let
  inherit (config.grid) publicKeyPath privateKeyPath;
 in {
-  # See customize-issuer.nix for an explanatoin of targetHost value.
-  deployment.targetHost = "${config.networking.hostName}.${config.networking.domain}";
-
  deployment.secrets = {
    "monitoringvpn-secret-key".source = "${privateKeyPath}/monitoringvpn/${monitoringvpnIPv4}.key";
    "monitoringvpn-preshared-key".source = "${privateKeyPath}/monitoringvpn/preshared.key";
  };

-  networking.domain = domain;
-
  services.private-storage = {
    inherit passValue publicStoragePort;
  };