77 lines
2.3 KiB
Nix
77 lines
2.3 KiB
Nix
{ config, lib, pkgs, nixpkgs-master, ... }:
|
|
{
|
|
boot.kernelModules = [ "kvm-intel" "pppoe" ];
|
|
boot.kernelParams = [ "nomodeset" ];
|
|
|
|
hardware.cpu.intel.updateMicrocode = true;
|
|
|
|
time.timeZone = "Europe/Berlin";
|
|
|
|
environment.systemPackages =
|
|
with pkgs;
|
|
let
|
|
containers = builtins.attrNames (
|
|
lib.filterAttrs (_: { role, ... }:
|
|
role == "container"
|
|
) config.site.hosts
|
|
);
|
|
resources = builtins.toFile "cib-resources.xml" ''
|
|
<resources>
|
|
${lib.concatMapStrings (container: ''
|
|
<primitive id="lxc-${container}" class="systemd" type="lxc@${container}">
|
|
<operations>
|
|
<op id="stop-${container}" name="start" interval="0" timeout="10s"/>
|
|
<op id="start-${container}" name="start" interval="0" timeout="10s"/>
|
|
<op id="monitor-${container}" name="monitor" interval="10s" timeout="10s"/>
|
|
</operations>
|
|
</primitive>
|
|
'') containers}
|
|
</resources>
|
|
'';
|
|
cib-set-resources = writeScriptBin "cib-set-resources" ''
|
|
#! ${runtimeShell} -e
|
|
|
|
crm_attribute -t crm_config -n stonith-enabled -v false
|
|
cibadmin --replace --scope resources --xml-file ${resources}
|
|
'';
|
|
in [
|
|
wget vim git screen
|
|
ipmitool
|
|
cib-set-resources
|
|
];
|
|
services.openssh.enable = true;
|
|
services.openssh.permitRootLogin = "prohibit-password";
|
|
|
|
# additional config for bare metal
|
|
services.collectd = {
|
|
plugins.ipmi = "";
|
|
# FIXME: IPMI is only available with nixpkgs-21.11 onwards
|
|
package = nixpkgs-master.legacyPackages.${pkgs.system}.collectd;
|
|
};
|
|
|
|
services.corosync = {
|
|
enable = true;
|
|
clusterName = "zentralwerk-network";
|
|
nodelist =
|
|
lib.imap (n: hostName: {
|
|
nodeid = n;
|
|
name = hostName;
|
|
ring_addrs = map (net:
|
|
config.site.net.${net}.hosts4.${hostName}
|
|
) [ "cluster" "mgmt" ];
|
|
}) (
|
|
builtins.filter (hostName:
|
|
config.site.hosts.${hostName}.role == "server"
|
|
) (builtins.attrNames config.site.hosts)
|
|
);
|
|
};
|
|
environment.etc."corosync/authkey" = {
|
|
source = builtins.toFile "authkey" config.site.cluster.corosyncAuthKey;
|
|
mode = "0400";
|
|
};
|
|
|
|
services.pacemaker = {
|
|
enable = true;
|
|
};
|
|
}
|