zentralwerk/network
zentralwerk
/
network
12
4
Fork 2
Code Issues 4 Pull Requests 1 Releases Wiki Activity

nixos-module/server/cluster: break out

This commit is contained in:
Astro 2022-03-03 01:17:19 +01:00
parent e2bd1439e1
commit 94331e5de2
3 changed files with 59 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
nix/nixos-module/default.nix
View File

@ -18,6 +18,7 @@ in {
] ++
optionals (hostConfig.role == "server") [
./server/default.nix
./server/cluster.nix
] ++
optionals (hostConfig.role == "container") [
./container/defaults.nix

56
nix/nixos-module/server/cluster.nix Normal file
View File

@ -0,0 +1,56 @@
{ config, lib, pkgs, ... }:
{
environment.systemPackages =
with pkgs;
let
containers = builtins.attrNames (
lib.filterAttrs (_: { role, ... }:
role == "container"
) config.site.hosts
);
resources = builtins.toFile "cib-resources.xml" ''
<resources>
${lib.concatMapStrings (container: ''
<primitive id="lxc-${container}" class="systemd" type="lxc@${container}">
<operations>
<op id="stop-${container}" name="start" interval="0" timeout="10s"/>
<op id="start-${container}" name="start" interval="0" timeout="10s"/>
<op id="monitor-${container}" name="monitor" interval="10s" timeout="10s"/>
</operations>
</primitive>
'') containers}
</resources>
'';
cib-set-resources = writeScriptBin "cib-set-resources" ''
#! ${runtimeShell} -e
crm_attribute -t crm_config -n stonith-enabled -v false
cibadmin --replace --scope resources --xml-file ${resources}
'';
in [ cib-set-resources ];
services.corosync = {
enable = true;
clusterName = "zentralwerk-network";
nodelist =
lib.imap (n: hostName: {
nodeid = n;
name = hostName;
ring_addrs = map (net:
config.site.net.${net}.hosts4.${hostName}
) [ "cluster" "mgmt" ];
}) (
builtins.filter (hostName:
config.site.hosts.${hostName}.role == "server"
) (builtins.attrNames config.site.hosts)
);
};
environment.etc."corosync/authkey" = {
source = builtins.toFile "authkey" config.site.cluster.corosyncAuthKey;
mode = "0400";
};
services.pacemaker = {
enable = true;
};
}

57
nix/nixos-module/server/defaults.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, nixpkgs-master, ... }:
{ pkgs, nixpkgs-master, ... }:
{
boot.kernelModules = [ "kvm-intel" "pppoe" ];
boot.kernelParams = [ "nomodeset" ];
@ -7,37 +7,9 @@
time.timeZone = "Europe/Berlin";
environment.systemPackages =
with pkgs;
let
containers = builtins.attrNames (
lib.filterAttrs (_: { role, ... }:
role == "container"
) config.site.hosts
);
resources = builtins.toFile "cib-resources.xml" ''
<resources>
${lib.concatMapStrings (container: ''
<primitive id="lxc-${container}" class="systemd" type="lxc@${container}">
<operations>
<op id="stop-${container}" name="start" interval="0" timeout="10s"/>
<op id="start-${container}" name="start" interval="0" timeout="10s"/>
<op id="monitor-${container}" name="monitor" interval="10s" timeout="10s"/>
</operations>
</primitive>
'') containers}
</resources>
'';
cib-set-resources = writeScriptBin "cib-set-resources" ''
#! ${runtimeShell} -e
crm_attribute -t crm_config -n stonith-enabled -v false
cibadmin --replace --scope resources --xml-file ${resources}
'';
in [
environment.systemPackages = with pkgs; [
wget vim git screen
ipmitool
cib-set-resources
];
services.openssh.enable = true;
services.openssh.permitRootLogin = "prohibit-password";
@ -48,29 +20,4 @@
# FIXME: IPMI is only available with nixpkgs-21.11 onwards
package = nixpkgs-master.legacyPackages.${pkgs.system}.collectd;
};
services.corosync = {
enable = true;
clusterName = "zentralwerk-network";
nodelist =
lib.imap (n: hostName: {
nodeid = n;
name = hostName;
ring_addrs = map (net:
config.site.net.${net}.hosts4.${hostName}
) [ "cluster" "mgmt" ];
}) (
builtins.filter (hostName:
config.site.hosts.${hostName}.role == "server"
) (builtins.attrNames config.site.hosts)
);
};
environment.etc."corosync/authkey" = {
source = builtins.toFile "authkey" config.site.cluster.corosyncAuthKey;
mode = "0400";
};
services.pacemaker = {
enable = true;
};
}