nix-config/modules/cluster/default.nix

{ zentralwerk, hostRegistry, config, lib, ... }:
let
  inherit (config.networking) hostName;

  # hydra does *not* use this module because it only runs a nomad
  # server but no client and no microvms
  servers = [ "server8" "server9" "server10" "hydra" ];
  microvmServers = [ "server8" "server9" "server10" ];
  storageServers = [ "server8" "server9" ];

  serverNet = server:
    builtins.foldl' (result: net:
      if result == null &&
         zentralwerk.lib.config.site.net.${net}.hosts4 ? ${server}
      then net
      else result
    ) null [ "cluster" "serv" ];
in {
  # Open firewall between cluster members
  networking.firewall.extraCommands = lib.concatMapStrings
    (server:
      let
        netConfig = zentralwerk.lib.config.site.net.${serverNet server};
      in
        lib.optionalString (server != hostName) ''
          iptables -A nixos-fw --source ${netConfig.hosts4.${server}} -j ACCEPT
          ${lib.concatMapStrings (hosts6: ''
            ip6tables -A nixos-fw --source ${hosts6.${server}} -j ACCEPT
          '') (builtins.attrValues netConfig.hosts6)}
        ''
      )
    servers;

  # Cluster configuration
  skyflake = {
    # debug = true;
    nodes = builtins.listToAttrs (
      map (name: {
        inherit name;
        value.address = hostRegistry.${name}.ip4;
      }) servers
    );
    nomad = {
      datacenter = "c3d2";
      inherit servers;
      # run tasks only on these:
      client.enable = builtins.elem hostName microvmServers;
      client.meta = lib.optionalAttrs (builtins.elem hostName storageServers) {
        "c3d2.storage" = "big";
      };
    };
    microvmUid = 997;

    users = {
      c3d2 = {
        uid = 1001;
        sshKeys = config.users.users.root.openssh.authorizedKeys.keys;
      };
      leon = {
        uid = 1002;
        sshKeys = with (import ../../ssh-public-keys.nix).users;
          leon ++
          astro;
      };
    };

    deploy.customizationModule = ./deployment.nix;

    storage.glusterfs = {
      fileSystems = [ {
        servers = microvmServers;
        mountPoint = "/glusterfs/fast";
        source = "/var/glusterfs-fast";
      } {
        servers = storageServers;
        mountPoint = "/glusterfs/big";
        source = "/var/glusterfs-big";
      } ];
    };
  };

  systemd.tmpfiles.rules = [
    # additional gcroots
    "L+ /nix/var/nix/gcroots/skyflake-microvms-big - - - - /glusterfs/big/gcroots"
  ];
}