From 94331e5de237e183354029cbb771c2a003e1bc98 Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Thu, 3 Mar 2022 01:17:19 +0100
Subject: [PATCH] nixos-module/server/cluster: break out

---
 nix/nixos-module/default.nix         |  1 +
 nix/nixos-module/server/cluster.nix  | 56 +++++++++++++++++++++++++++
 nix/nixos-module/server/defaults.nix | 57 +---------------------------
 3 files changed, 59 insertions(+), 55 deletions(-)
 create mode 100644 nix/nixos-module/server/cluster.nix

diff --git a/nix/nixos-module/default.nix b/nix/nixos-module/default.nix
index cfe7cbb..ea35054 100644
--- a/nix/nixos-module/default.nix
+++ b/nix/nixos-module/default.nix
@@ -18,6 +18,7 @@ in {
   ] ++
   optionals (hostConfig.role == "server") [
     ./server/default.nix
+    ./server/cluster.nix
   ] ++
   optionals (hostConfig.role == "container") [
     ./container/defaults.nix
diff --git a/nix/nixos-module/server/cluster.nix b/nix/nixos-module/server/cluster.nix
new file mode 100644
index 000000000..d2d707d
--- /dev/null
+++ b/nix/nixos-module/server/cluster.nix
@@ -0,0 +1,56 @@
+{ config, lib, pkgs, ... }:
+{
+  environment.systemPackages =
+    with pkgs;
+    let
+      containers = builtins.attrNames (
+        lib.filterAttrs (_: { role, ... }:
+          role == "container"
+        ) config.site.hosts
+      );
+      resources = builtins.toFile "cib-resources.xml" ''
+        <resources>
+          ${lib.concatMapStrings (container: ''
+            <primitive id="lxc-${container}" class="systemd" type="lxc@${container}">
+              <operations>
+                <op id="stop-${container}" name="start" interval="0" timeout="10s"/>
+                <op id="start-${container}" name="start" interval="0" timeout="10s"/>
+                <op id="monitor-${container}" name="monitor" interval="10s" timeout="10s"/>
+              </operations>
+            </primitive>
+          '') containers}
+        </resources>
+      '';
+      cib-set-resources = writeScriptBin "cib-set-resources" ''
+        #! ${runtimeShell} -e
+
+        crm_attribute -t crm_config -n stonith-enabled -v false
+        cibadmin --replace --scope resources --xml-file ${resources}
+      '';
+    in [ cib-set-resources ];
+
+  services.corosync = {
+    enable = true;
+    clusterName = "zentralwerk-network";
+    nodelist =
+      lib.imap (n: hostName: {
+        nodeid = n;
+        name = hostName;
+        ring_addrs = map (net:
+          config.site.net.${net}.hosts4.${hostName}
+        ) [ "cluster" "mgmt" ];
+      }) (
+        builtins.filter (hostName:
+          config.site.hosts.${hostName}.role == "server"
+        ) (builtins.attrNames config.site.hosts)
+      );
+  };
+  environment.etc."corosync/authkey" = {
+    source = builtins.toFile "authkey" config.site.cluster.corosyncAuthKey;
+    mode = "0400";
+  };
+
+  services.pacemaker = {
+    enable = true;
+  };
+}
diff --git a/nix/nixos-module/server/defaults.nix b/nix/nixos-module/server/defaults.nix
index 5310c6e..0b9f34e 100644
--- a/nix/nixos-module/server/defaults.nix
+++ b/nix/nixos-module/server/defaults.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, nixpkgs-master, ... }:
+{ pkgs, nixpkgs-master, ... }:
 {
   boot.kernelModules = [ "kvm-intel" "pppoe" ];
   boot.kernelParams = [ "nomodeset" ];
@@ -7,37 +7,9 @@
 
   time.timeZone = "Europe/Berlin";
 
-  environment.systemPackages =
-    with pkgs;
-    let
-      containers = builtins.attrNames (
-        lib.filterAttrs (_: { role, ... }:
-          role == "container"
-        ) config.site.hosts
-      );
-      resources = builtins.toFile "cib-resources.xml" ''
-        <resources>
-          ${lib.concatMapStrings (container: ''
-            <primitive id="lxc-${container}" class="systemd" type="lxc@${container}">
-              <operations>
-                <op id="stop-${container}" name="start" interval="0" timeout="10s"/>
-                <op id="start-${container}" name="start" interval="0" timeout="10s"/>
-                <op id="monitor-${container}" name="monitor" interval="10s" timeout="10s"/>
-              </operations>
-            </primitive>
-          '') containers}
-        </resources>
-      '';
-      cib-set-resources = writeScriptBin "cib-set-resources" ''
-        #! ${runtimeShell} -e
-
-        crm_attribute -t crm_config -n stonith-enabled -v false
-        cibadmin --replace --scope resources --xml-file ${resources}
-      '';
-    in [
+  environment.systemPackages = with pkgs; [
       wget vim git screen
       ipmitool
-      cib-set-resources
     ];
   services.openssh.enable = true;
   services.openssh.permitRootLogin = "prohibit-password";
@@ -48,29 +20,4 @@
     # FIXME: IPMI is only available with nixpkgs-21.11 onwards
     package = nixpkgs-master.legacyPackages.${pkgs.system}.collectd;
   };
-
-  services.corosync = {
-    enable = true;
-    clusterName = "zentralwerk-network";
-    nodelist =
-      lib.imap (n: hostName: {
-        nodeid = n;
-        name = hostName;
-        ring_addrs = map (net:
-          config.site.net.${net}.hosts4.${hostName}
-        ) [ "cluster" "mgmt" ];
-      }) (
-        builtins.filter (hostName:
-          config.site.hosts.${hostName}.role == "server"
-        ) (builtins.attrNames config.site.hosts)
-      );
-  };
-  environment.etc."corosync/authkey" = {
-    source = builtins.toFile "authkey" config.site.cluster.corosyncAuthKey;
-    mode = "0400";
-  };
-
-  services.pacemaker = {
-    enable = true;
-  };
 }