leon/nix-config
leon
/
nix-config
forked from c3d2/nix-config
1
0
Fork 0
Code Pull Requests Activity

Format

This commit is contained in:
Sandro - 2023-01-02 17:15:14 +01:00
parent 90fc1389e8
commit f8bccd8508
Signed by: sandro
GPG Key ID: 3AF5A43A3EECC2E5
1 changed files with 28 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
modules/cluster/default.nix
View File

@ -17,16 +17,19 @@ let
) null [ "cluster" "serv" ]; ) null [ "cluster" "serv" ];
in { in {
# Open firewall between cluster members # Open firewall between cluster members
networking.firewall.extraCommands = lib.concatMapStrings (server: networking.firewall.extraCommands = lib.concatMapStrings
let (server:
netConfig = zentralwerk.lib.config.site.net.${serverNet server}; let
in netConfig = zentralwerk.lib.config.site.net.${serverNet server};
lib.optionalString (server != hostName) '' in
iptables -A nixos-fw --source ${netConfig.hosts4.${server}} -j ACCEPT lib.optionalString (server != hostName) ''
${lib.concatMapStrings (hosts6: '' iptables -A nixos-fw --source ${netConfig.hosts4.${server}} -j ACCEPT
ip6tables -A nixos-fw --source ${hosts6.${server}} -j ACCEPT ${lib.concatMapStrings (hosts6: ''
'') (builtins.attrValues netConfig.hosts6)} ip6tables -A nixos-fw --source ${hosts6.${server}} -j ACCEPT
'') servers; '') (builtins.attrValues netConfig.hosts6)}
''
)
servers;
# Cluster configuration # Cluster configuration
skyflake = { skyflake = {
@ -42,23 +45,25 @@ in {
inherit servers; inherit servers;
# run tasks only on these: # run tasks only on these:
client.enable = builtins.elem hostName microvmServers; client.enable = builtins.elem hostName microvmServers;
client.meta = client.meta = lib.optionalAttrs (builtins.elem hostName storageServers) {
lib.optionalAttrs (builtins.elem hostName storageServers) { "c3d2.storage" = "big";
"c3d2.storage" = "big"; };
};
}; };
microvmUid = 997; microvmUid = 997;
users.c3d2 = { users = {
uid = 1001; c3d2 = {
sshKeys = config.users.users.root.openssh.authorizedKeys.keys; uid = 1001;
}; sshKeys = config.users.users.root.openssh.authorizedKeys.keys;
users.leon = { };
uid = 1002; leon = {
sshKeys = with (import ../../ssh-public-keys.nix).users; uid = 1002;
leon ++ sshKeys = with (import ../../ssh-public-keys.nix).users;
astro; leon ++
astro;
};
}; };
deploy.customizationModule = ./deployment.nix; deploy.customizationModule = ./deployment.nix;
storage.glusterfs = { storage.glusterfs = {