1
0
Fork 0
This commit is contained in:
Sandro - 2023-01-02 17:15:14 +01:00
parent 90fc1389e8
commit f8bccd8508
Signed by: sandro
GPG Key ID: 3AF5A43A3EECC2E5
1 changed files with 28 additions and 23 deletions

View File

@ -17,16 +17,19 @@ let
) null [ "cluster" "serv" ];
in {
# Open firewall between cluster members
networking.firewall.extraCommands = lib.concatMapStrings (server:
let
netConfig = zentralwerk.lib.config.site.net.${serverNet server};
in
lib.optionalString (server != hostName) ''
iptables -A nixos-fw --source ${netConfig.hosts4.${server}} -j ACCEPT
${lib.concatMapStrings (hosts6: ''
ip6tables -A nixos-fw --source ${hosts6.${server}} -j ACCEPT
'') (builtins.attrValues netConfig.hosts6)}
'') servers;
networking.firewall.extraCommands = lib.concatMapStrings
(server:
let
netConfig = zentralwerk.lib.config.site.net.${serverNet server};
in
lib.optionalString (server != hostName) ''
iptables -A nixos-fw --source ${netConfig.hosts4.${server}} -j ACCEPT
${lib.concatMapStrings (hosts6: ''
ip6tables -A nixos-fw --source ${hosts6.${server}} -j ACCEPT
'') (builtins.attrValues netConfig.hosts6)}
''
)
servers;
# Cluster configuration
skyflake = {
@ -42,23 +45,25 @@ in {
inherit servers;
# run tasks only on these:
client.enable = builtins.elem hostName microvmServers;
client.meta =
lib.optionalAttrs (builtins.elem hostName storageServers) {
"c3d2.storage" = "big";
};
client.meta = lib.optionalAttrs (builtins.elem hostName storageServers) {
"c3d2.storage" = "big";
};
};
microvmUid = 997;
users.c3d2 = {
uid = 1001;
sshKeys = config.users.users.root.openssh.authorizedKeys.keys;
};
users.leon = {
uid = 1002;
sshKeys = with (import ../../ssh-public-keys.nix).users;
leon ++
astro;
users = {
c3d2 = {
uid = 1001;
sshKeys = config.users.users.root.openssh.authorizedKeys.keys;
};
leon = {
uid = 1002;
sshKeys = with (import ../../ssh-public-keys.nix).users;
leon ++
astro;
};
};
deploy.customizationModule = ./deployment.nix;
storage.glusterfs = {