diff --git a/nix/nixos-module/default.nix b/nix/nixos-module/default.nix
index cfe7cbb..ea35054 100644
--- a/nix/nixos-module/default.nix
+++ b/nix/nixos-module/default.nix
@@ -18,6 +18,7 @@ in {
] ++
optionals (hostConfig.role == "server") [
./server/default.nix
+ ./server/cluster.nix
] ++
optionals (hostConfig.role == "container") [
./container/defaults.nix
diff --git a/nix/nixos-module/server/cluster.nix b/nix/nixos-module/server/cluster.nix
new file mode 100644
index 000000000..d2d707d
--- /dev/null
+++ b/nix/nixos-module/server/cluster.nix
@@ -0,0 +1,56 @@
+{ config, lib, pkgs, ... }:
+{
+ environment.systemPackages =
+ with pkgs;
+ let
+ containers = builtins.attrNames (
+ lib.filterAttrs (_: { role, ... }:
+ role == "container"
+ ) config.site.hosts
+ );
+ resources = builtins.toFile "cib-resources.xml" ''
+
+ ${lib.concatMapStrings (container: ''
+
+
+
+
+
+
+
+ '') containers}
+
+ '';
+ cib-set-resources = writeScriptBin "cib-set-resources" ''
+ #! ${runtimeShell} -e
+
+ crm_attribute -t crm_config -n stonith-enabled -v false
+ cibadmin --replace --scope resources --xml-file ${resources}
+ '';
+ in [ cib-set-resources ];
+
+ services.corosync = {
+ enable = true;
+ clusterName = "zentralwerk-network";
+ nodelist =
+ lib.imap (n: hostName: {
+ nodeid = n;
+ name = hostName;
+ ring_addrs = map (net:
+ config.site.net.${net}.hosts4.${hostName}
+ ) [ "cluster" "mgmt" ];
+ }) (
+ builtins.filter (hostName:
+ config.site.hosts.${hostName}.role == "server"
+ ) (builtins.attrNames config.site.hosts)
+ );
+ };
+ environment.etc."corosync/authkey" = {
+ source = builtins.toFile "authkey" config.site.cluster.corosyncAuthKey;
+ mode = "0400";
+ };
+
+ services.pacemaker = {
+ enable = true;
+ };
+}
diff --git a/nix/nixos-module/server/defaults.nix b/nix/nixos-module/server/defaults.nix
index 5310c6e..0b9f34e 100644
--- a/nix/nixos-module/server/defaults.nix
+++ b/nix/nixos-module/server/defaults.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, nixpkgs-master, ... }:
+{ pkgs, nixpkgs-master, ... }:
{
boot.kernelModules = [ "kvm-intel" "pppoe" ];
boot.kernelParams = [ "nomodeset" ];
@@ -7,37 +7,9 @@
time.timeZone = "Europe/Berlin";
- environment.systemPackages =
- with pkgs;
- let
- containers = builtins.attrNames (
- lib.filterAttrs (_: { role, ... }:
- role == "container"
- ) config.site.hosts
- );
- resources = builtins.toFile "cib-resources.xml" ''
-
- ${lib.concatMapStrings (container: ''
-
-
-
-
-
-
-
- '') containers}
-
- '';
- cib-set-resources = writeScriptBin "cib-set-resources" ''
- #! ${runtimeShell} -e
-
- crm_attribute -t crm_config -n stonith-enabled -v false
- cibadmin --replace --scope resources --xml-file ${resources}
- '';
- in [
+ environment.systemPackages = with pkgs; [
wget vim git screen
ipmitool
- cib-set-resources
];
services.openssh.enable = true;
services.openssh.permitRootLogin = "prohibit-password";
@@ -48,29 +20,4 @@
# FIXME: IPMI is only available with nixpkgs-21.11 onwards
package = nixpkgs-master.legacyPackages.${pkgs.system}.collectd;
};
-
- services.corosync = {
- enable = true;
- clusterName = "zentralwerk-network";
- nodelist =
- lib.imap (n: hostName: {
- nodeid = n;
- name = hostName;
- ring_addrs = map (net:
- config.site.net.${net}.hosts4.${hostName}
- ) [ "cluster" "mgmt" ];
- }) (
- builtins.filter (hostName:
- config.site.hosts.${hostName}.role == "server"
- ) (builtins.attrNames config.site.hosts)
- );
- };
- environment.etc."corosync/authkey" = {
- source = builtins.toFile "authkey" config.site.cluster.corosyncAuthKey;
- mode = "0400";
- };
-
- services.pacemaker = {
- enable = true;
- };
}