{ ristrettoSigningKeyPath , stripeSecretKeyPath , monitoringvpnKeyDir , monitoringvpnEndpoint , monitoringvpnIPv4 , domain , sshUsers , letsEncryptAdminEmail , issuerDomains , allowedChargeOrigins , ... }: { config, ... }: { # The morph default deployment target the name of the node in the network # attrset. We don't always want to give the node its proper public address # there (because it depends on which domain is associated with the grid # being configured and using variable names complicates a lot of things). # Instead, just tell morph how to reach the node here - by using its fully # qualified domain name. deployment.targetHost = "${config.networking.hostName}.${config.networking.domain}"; deployment.secrets = { "ristretto-signing-key".source = ristrettoSigningKeyPath; "stripe-secret-key".source = stripeSecretKeyPath; "monitoringvpn-secret-key".source = "${monitoringvpnKeyDir}/${monitoringvpnIPv4}.key"; "monitoringvpn-preshared-key".source = "${monitoringvpnKeyDir}/preshared.key"; }; networking.domain = domain; services.private-storage.sshUsers = sshUsers; services.private-storage.monitoring.vpn.client = { enable = true; ip = monitoringvpnIPv4; endpoint = monitoringvpnEndpoint; endpointPublicKeyFile = "${monitoringvpnKeyDir}/server.pub"; }; services.private-storage-issuer = { letsEncryptAdminEmail = letsEncryptAdminEmail; domains = issuerDomains; allowedChargeOrigins = allowedChargeOrigins; }; system.stateVersion = "19.03"; }