2022-12-04 08:53:28 +01:00
|
|
|
{ zentralwerk, hostRegistry, config, lib, ... }:
|
2022-07-04 00:21:29 +02:00
|
|
|
let
|
|
|
|
inherit (config.networking) hostName;
|
|
|
|
|
|
|
|
# hydra does *not* use this module because it only runs a nomad
|
|
|
|
# server but no client and no microvms
|
2022-11-24 19:37:42 +01:00
|
|
|
servers = [ "server8" "server9" "server10" "hydra" ];
|
|
|
|
microvmServers = [ "server8" "server9" "server10" ];
|
2022-11-24 21:03:54 +01:00
|
|
|
storageServers = [ "server8" "server9" ];
|
2022-07-04 00:21:29 +02:00
|
|
|
|
|
|
|
serverNet = server:
|
|
|
|
builtins.foldl' (result: net:
|
|
|
|
if result == null &&
|
|
|
|
zentralwerk.lib.config.site.net.${net}.hosts4 ? ${server}
|
|
|
|
then net
|
|
|
|
else result
|
|
|
|
) null [ "cluster" "serv" ];
|
|
|
|
in {
|
|
|
|
# Open firewall between cluster members
|
|
|
|
networking.firewall.extraCommands = lib.concatMapStrings (server:
|
|
|
|
let
|
|
|
|
netConfig = zentralwerk.lib.config.site.net.${serverNet server};
|
|
|
|
in
|
|
|
|
lib.optionalString (server != hostName) ''
|
|
|
|
iptables -A nixos-fw --source ${netConfig.hosts4.${server}} -j ACCEPT
|
|
|
|
${lib.concatMapStrings (hosts6: ''
|
|
|
|
ip6tables -A nixos-fw --source ${hosts6.${server}} -j ACCEPT
|
|
|
|
'') (builtins.attrValues netConfig.hosts6)}
|
|
|
|
'') servers;
|
|
|
|
|
2022-11-01 02:36:25 +01:00
|
|
|
# Cluster configuration
|
|
|
|
skyflake = {
|
2022-12-18 03:20:13 +01:00
|
|
|
# debug = true;
|
2022-11-01 02:36:25 +01:00
|
|
|
nodes = builtins.listToAttrs (
|
|
|
|
map (name: {
|
|
|
|
inherit name;
|
2022-11-26 00:35:07 +01:00
|
|
|
value.address = hostRegistry.hosts.${name}.ip4;
|
2022-11-01 02:36:25 +01:00
|
|
|
}) servers
|
|
|
|
);
|
|
|
|
nomad = {
|
2022-07-04 00:21:29 +02:00
|
|
|
datacenter = "c3d2";
|
2022-12-04 08:53:28 +01:00
|
|
|
inherit servers;
|
2022-11-01 02:36:25 +01:00
|
|
|
# run tasks only on these:
|
|
|
|
client.enable = builtins.elem hostName microvmServers;
|
2022-11-25 23:04:27 +01:00
|
|
|
client.meta =
|
|
|
|
lib.optionalAttrs (builtins.elem hostName storageServers) {
|
|
|
|
"c3d2.storage" = "big";
|
|
|
|
};
|
2022-11-01 02:36:25 +01:00
|
|
|
};
|
|
|
|
microvmUid = 997;
|
2022-07-04 00:21:29 +02:00
|
|
|
|
2022-11-21 00:52:46 +01:00
|
|
|
users.c3d2 = {
|
|
|
|
uid = 1001;
|
|
|
|
sshKeys = config.users.users.root.openssh.authorizedKeys.keys;
|
|
|
|
};
|
2022-11-21 04:00:54 +01:00
|
|
|
users.leon = {
|
|
|
|
uid = 1002;
|
|
|
|
sshKeys = with import ../../users.nix;
|
|
|
|
leon.sshKeys ++
|
|
|
|
astro.sshKeys;
|
|
|
|
};
|
2022-11-06 13:52:37 +01:00
|
|
|
deploy.customizationModule = ./deployment.nix;
|
2022-07-04 00:21:29 +02:00
|
|
|
|
2022-11-01 02:36:25 +01:00
|
|
|
storage.glusterfs = {
|
|
|
|
fileSystems = [ {
|
|
|
|
servers = microvmServers;
|
|
|
|
mountPoint = "/glusterfs/fast";
|
|
|
|
source = "/var/glusterfs-fast";
|
2022-11-24 21:03:54 +01:00
|
|
|
} {
|
|
|
|
servers = storageServers;
|
|
|
|
mountPoint = "/glusterfs/big";
|
|
|
|
source = "/var/glusterfs-big";
|
2022-11-01 02:36:25 +01:00
|
|
|
} ];
|
2022-07-04 00:21:29 +02:00
|
|
|
};
|
|
|
|
};
|
2022-11-28 00:49:14 +01:00
|
|
|
|
|
|
|
systemd.tmpfiles.rules = [
|
|
|
|
# additional gcroots
|
|
|
|
"L+ /nix/var/nix/gcroots/skyflake-microvms-big - - - - /glusterfs/big/gcroots"
|
|
|
|
];
|
2022-07-04 00:21:29 +02:00
|
|
|
}
|