forked from c3d2/nix-config
Format
This commit is contained in:
parent
90fc1389e8
commit
f8bccd8508
|
@ -17,16 +17,19 @@ let
|
||||||
) null [ "cluster" "serv" ];
|
) null [ "cluster" "serv" ];
|
||||||
in {
|
in {
|
||||||
# Open firewall between cluster members
|
# Open firewall between cluster members
|
||||||
networking.firewall.extraCommands = lib.concatMapStrings (server:
|
networking.firewall.extraCommands = lib.concatMapStrings
|
||||||
let
|
(server:
|
||||||
netConfig = zentralwerk.lib.config.site.net.${serverNet server};
|
let
|
||||||
in
|
netConfig = zentralwerk.lib.config.site.net.${serverNet server};
|
||||||
lib.optionalString (server != hostName) ''
|
in
|
||||||
iptables -A nixos-fw --source ${netConfig.hosts4.${server}} -j ACCEPT
|
lib.optionalString (server != hostName) ''
|
||||||
${lib.concatMapStrings (hosts6: ''
|
iptables -A nixos-fw --source ${netConfig.hosts4.${server}} -j ACCEPT
|
||||||
ip6tables -A nixos-fw --source ${hosts6.${server}} -j ACCEPT
|
${lib.concatMapStrings (hosts6: ''
|
||||||
'') (builtins.attrValues netConfig.hosts6)}
|
ip6tables -A nixos-fw --source ${hosts6.${server}} -j ACCEPT
|
||||||
'') servers;
|
'') (builtins.attrValues netConfig.hosts6)}
|
||||||
|
''
|
||||||
|
)
|
||||||
|
servers;
|
||||||
|
|
||||||
# Cluster configuration
|
# Cluster configuration
|
||||||
skyflake = {
|
skyflake = {
|
||||||
|
@ -42,23 +45,25 @@ in {
|
||||||
inherit servers;
|
inherit servers;
|
||||||
# run tasks only on these:
|
# run tasks only on these:
|
||||||
client.enable = builtins.elem hostName microvmServers;
|
client.enable = builtins.elem hostName microvmServers;
|
||||||
client.meta =
|
client.meta = lib.optionalAttrs (builtins.elem hostName storageServers) {
|
||||||
lib.optionalAttrs (builtins.elem hostName storageServers) {
|
"c3d2.storage" = "big";
|
||||||
"c3d2.storage" = "big";
|
};
|
||||||
};
|
|
||||||
};
|
};
|
||||||
microvmUid = 997;
|
microvmUid = 997;
|
||||||
|
|
||||||
users.c3d2 = {
|
users = {
|
||||||
uid = 1001;
|
c3d2 = {
|
||||||
sshKeys = config.users.users.root.openssh.authorizedKeys.keys;
|
uid = 1001;
|
||||||
};
|
sshKeys = config.users.users.root.openssh.authorizedKeys.keys;
|
||||||
users.leon = {
|
};
|
||||||
uid = 1002;
|
leon = {
|
||||||
sshKeys = with (import ../../ssh-public-keys.nix).users;
|
uid = 1002;
|
||||||
leon ++
|
sshKeys = with (import ../../ssh-public-keys.nix).users;
|
||||||
astro;
|
leon ++
|
||||||
|
astro;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
deploy.customizationModule = ./deployment.nix;
|
deploy.customizationModule = ./deployment.nix;
|
||||||
|
|
||||||
storage.glusterfs = {
|
storage.glusterfs = {
|
||||||
|
|
Loading…
Reference in New Issue