Do some name resolution for those poor computers

Improve factoring by removing those `/etc/hosts` entries

And avoid the infinite loop @tomprince was encountering in !258

morph offers an auto-passed `nodes` parameter from which we can read all of
the nodes in the morph "network".  We can dig around in this to find the
monitoring node and then read its configured IP address.

It may be worth noting that this address appears in at least two places in the
configuration.  It appears in our "input" configuration which grid.nix
defines.  This change reads it from there.  We also have a NixOS module
`nixos/modules/monitoring/vpn/server.nix` which reads this "input" and uses it
to configure `networking.wireguard.interfaces.monitoringvpn`.  This is fed
onwards to <nixos> to generate actual system configuration.

It seems better to use the former than the latter because we have more direct
control over it and if we consider the whole configuration system a function
then it is more like an argument we are supplying rather than an obscure
implementation detail.

Should be pure refactoring

This is my latest version of this, updated to work with the
packages in NixOS 21.05.

Note that changing the origin repository in the on-node deployment checkout
is also required.

See https://whetstone.private.storage/privatestorage/privatestorageops/-/merge_requests/197#note_19071

So perhaps it is impossible for anyone to approach the payment server from
these other domains now.

Mostly though I want to force CI to run because whetstone is not currently
showing the pipeline status for this MR...

Florian Sesser authored 3 years ago and Jean-Paul Calderone committed 3 years ago

... just because I like to be consistent.

Florian Sesser authored 3 years ago and Jean-Paul Calderone committed 3 years ago

... to make private.storage the default above privatestorage.io.
Before this the privatestorage.io could be seen in the TLS cert.

Source: https://whetstone.privatestorage.io/privatestorage/PrivateStorageio/-/merge_requests/237#note_18712

The current code evaluates our custom packages once for each node, which adds
signifcant amount of time to evaluate a grid. We can reduce this, by adding the
custom package set as an attribute to the nixpkgs set we pass to morph.

This doesn't change how we refer to those packages, as we continue to expose the
custom package set as a module attribute.

These are the times to evaluate all three grids (on a partially loaded system),
when there was nothing new to build:

```
before:
real	2m27.837s
user	3m35.528s
sys	0m3.722s

after:
real	1m12.748s
user	1m34.047s
sys	0m3.346s
```

For some reason this had eluded my earlier grepping.

Grafana 8 on NixOS 21.11 fails harder than 7.x on 21.05 when its
`grafana-admin.password` file is missing.  Provide it regardless
whether Google auth is configured or not.

Also strip that domain component from the labels collected.

The VirtualBox documentation says this is the network to use for host-only
networking.

mkfs silently truncates "zkapissuer-database" to "zkapissuer-datab" and
everything falls apart.

The point is this is where PaymentServer's persistent state goes.  That
includes vouchers but might include more stuff too.

The hardware modules can now configure this fileSystem in a way appropriate
for themselves and the issuer module can enable that configuration when it is
enabled itself.

now all nodes load the issuer module so we can always supply issuer
configuration, where it makes sense to do so, even on systems where the issuer
is not going to be enabled.

if that sounds silly read the comment in default.nix

Thanks @tomprince!

Copy everything from how the issuer does it.