Dustin Frisch
1 year ago
No known key found for this signature in database
GPG Key ID: B4C3BF012D9B26BE
23 changed files with 305 additions and 106 deletions
-
3.gitignore
-
8.sops.yaml
-
16flake.lock
-
6flake.nix
-
45machines.nix
-
5machines/manager/autoinstall.nix
-
2machines/manager/cache.nix
-
23machines/manager/default.nix
-
27machines/manager/disk.nix
-
34machines/manager/hardware.nix
-
17machines/manager/ldap.nix
-
29machines/manager/netinstall.nix
-
13machines/manager/network.nix
-
4machines/manager/nfs.nix
-
16machines/node/default.nix
-
29machines/node/disk.nix
-
35machines/node/hardware.nix
-
13machines/node/network.nix
-
31secrets.yaml
-
11secrets/cache-priv-key.pem
-
9shared/default.nix
-
13shared/network.nix
-
0shared/users.nix
@ -0,0 +1,3 @@ |
|||||
|
/.pre-commit-config.yaml |
||||
|
.gcroots |
||||
|
.direnv |
@ -1,5 +1,11 @@ |
|||||
|
keys: |
||||
|
- &admin_fooker 3237CA7A1744B4DCE96B409FB4C3BF012D9B26BE |
||||
|
- &server_manager age1ys5pskgkjsgqfy2lr0afcnl2edry8jmryhymkwtked2se74e9g4s23gunn |
||||
|
|
||||
creation_rules: |
creation_rules: |
||||
- key_groups: |
- key_groups: |
||||
- pgp: |
- pgp: |
||||
- 3237CA7A1744B4DCE96B409FB4C3BF012D9B26BE |
|
||||
|
- *admin_fooker |
||||
|
age: |
||||
|
- *server_manager |
||||
path_regex: ^(secrets\.yaml|secrets/.+)$ |
path_regex: ^(secrets\.yaml|secrets/.+)$ |
@ -1,5 +0,0 @@ |
|||||
# TFTP boot with shared image |
|
||||
# Requests store path to install from master |
|
||||
# Runs disko and nixos-install |
|
||||
|
|
||||
{} |
|
@ -0,0 +1,34 @@ |
|||||
|
{ lib, pkgs, config, modulesPath, ... }: |
||||
|
|
||||
|
with lib; |
||||
|
|
||||
|
{ |
||||
|
imports = [ |
||||
|
"${modulesPath}/installer/scan/not-detected.nix" |
||||
|
]; |
||||
|
|
||||
|
boot.loader.systemd-boot.enable = true; |
||||
|
boot.loader.efi.canTouchEfiVariables = true; |
||||
|
|
||||
|
boot.initrd.systemd.enable = true; |
||||
|
|
||||
|
boot.initrd.availableKernelModules = [ |
||||
|
"uhci_hcd" |
||||
|
"ehci_pci" |
||||
|
"ata_piix" |
||||
|
"mptsas" |
||||
|
"usb_storage" |
||||
|
"usbhid" |
||||
|
"sd_mod" |
||||
|
"sr_mod" |
||||
|
]; |
||||
|
boot.initrd.kernelModules = [ ]; |
||||
|
|
||||
|
boot.kernelModules = [ "kvm-intel" ]; |
||||
|
boot.extraModulePackages = [ ]; |
||||
|
|
||||
|
nixpkgs.hostPlatform = "x86_64-linux"; |
||||
|
|
||||
|
hardware.enableRedistributableFirmware = true; |
||||
|
hardware.cpu.intel.updateMicrocode = true; |
||||
|
} |
@ -0,0 +1,29 @@ |
|||||
|
# TFTP boot with shared image |
||||
|
# Requests store path to install from master |
||||
|
# Runs disko and nixos-install |
||||
|
|
||||
|
{ pkgs, lib, config, ... }: |
||||
|
|
||||
|
{ |
||||
|
services.pixiecore = { |
||||
|
enable = true; |
||||
|
mode = "api"; |
||||
|
dhcpNoBind = true; |
||||
|
debug = true; |
||||
|
statusPort = 6080; |
||||
|
apiServer = "http://boot.${config.networking.domain}/pixiecore"; |
||||
|
}; |
||||
|
|
||||
|
services.nginx = { |
||||
|
enable = true; |
||||
|
recommendedProxySettings = true; |
||||
|
virtualHosts = { |
||||
|
"boot.${config.networking.domain}" = { |
||||
|
locations."/status".proxyPass = "http://localhost:${toString config.services.pixiecore.statusPort}"; |
||||
|
locations."/pixiecore" = { |
||||
|
root = "/srv/pixieboot"; |
||||
|
}; |
||||
|
}; |
||||
|
}; |
||||
|
}; |
||||
|
} |
@ -0,0 +1,13 @@ |
|||||
|
{ |
||||
|
networking.interfaces."enp11s0f0" = { |
||||
|
ipv4.addresses = [{ |
||||
|
address = "10.32.30.93"; |
||||
|
prefixLength = 24; |
||||
|
}]; |
||||
|
}; |
||||
|
|
||||
|
networking.defaultGateway = { |
||||
|
address = "10.32.30.1"; |
||||
|
interface = "enp11s0f0"; |
||||
|
}; |
||||
|
} |
@ -1,8 +1,8 @@ |
|||||
{ |
|
||||
|
{ config, ... }: { |
||||
services.nfs.server = { |
services.nfs.server = { |
||||
enable = true; |
enable = true; |
||||
exports = '' |
exports = '' |
||||
/home node*.hpc.informatik.hs-fulda.de(rw) |
|
||||
|
/home node*.${config.networking.domain}(rw) |
||||
''; |
''; |
||||
}; |
}; |
||||
} |
} |
@ -1,24 +1,30 @@ |
|||||
{ id, ... }: |
{ id, ... }: |
||||
{ lib, ... }: |
|
||||
|
{ lib, config, ... }: |
||||
|
|
||||
with lib; |
with lib; |
||||
|
|
||||
{ |
{ |
||||
imports = [ |
imports = [ |
||||
|
./hardware.nix |
||||
./disk.nix |
./disk.nix |
||||
|
./network.nix |
||||
]; |
]; |
||||
|
|
||||
boot.loader.systemd-boot.enable = true; |
|
||||
boot.loader.efi.canTouchEfiVariables = true; |
|
||||
|
deployment = { |
||||
|
targetHost = "10.32.30.94"; |
||||
|
targetUser = "root"; |
||||
|
|
||||
|
tags = [ "node" ]; |
||||
|
}; |
||||
|
|
||||
networking.hostName = "node-${fixedWidthNumber 2 id}"; |
networking.hostName = "node-${fixedWidthNumber 2 id}"; |
||||
|
|
||||
nix.settings = { |
nix.settings = { |
||||
substituters = [ |
substituters = [ |
||||
"http://cache.hpc.informatik.hs-fulda.de" |
|
||||
|
"http://cache.${config.networking.domain}" |
||||
]; |
]; |
||||
trusted-public-keys = [ |
trusted-public-keys = [ |
||||
"cache.hpc.informatik.hs-fulda.de:dc2abEGJAQfaZiBXhjvjPU0jx/wosQwAOQoz48/G6cA=" |
|
||||
|
"cache.${config.networking.domain}:dc2abEGJAQfaZiBXhjvjPU0jx/wosQwAOQoz48/G6cA=" |
||||
]; |
]; |
||||
}; |
}; |
||||
} |
} |
@ -0,0 +1,35 @@ |
|||||
|
{ lib, pkgs, config, modulesPath, ... }: |
||||
|
|
||||
|
with lib; |
||||
|
|
||||
|
{ |
||||
|
imports = [ |
||||
|
"${modulesPath}/installer/scan/not-detected.nix" |
||||
|
]; |
||||
|
|
||||
|
boot.loader.grub.enable = true; |
||||
|
boot.loader.grub.version = 2; |
||||
|
boot.loader.grub.device = "/dev/sda"; |
||||
|
|
||||
|
boot.initrd.systemd.enable = true; |
||||
|
|
||||
|
boot.initrd.availableKernelModules = [ |
||||
|
"ahci" |
||||
|
"ohci_pci" |
||||
|
"ehci_pci" |
||||
|
"pata_atiixp" |
||||
|
"usbhid" |
||||
|
"usb_storage" |
||||
|
"sd_mod" |
||||
|
"sr_mod" |
||||
|
]; |
||||
|
boot.initrd.kernelModules = [ ]; |
||||
|
|
||||
|
boot.kernelModules = [ "kvm-amd" ]; |
||||
|
boot.extraModulePackages = [ ]; |
||||
|
|
||||
|
nixpkgs.hostPlatform = "x86_64-linux"; |
||||
|
|
||||
|
hardware.enableRedistributableFirmware = true; |
||||
|
hardware.cpu.amd.updateMicrocode = true; |
||||
|
} |
@ -0,0 +1,13 @@ |
|||||
|
{ |
||||
|
networking.interfaces."enp2s0f0" = { |
||||
|
ipv4.addresses = [{ |
||||
|
address = "10.32.30.94"; |
||||
|
prefixLength = 24; |
||||
|
}]; |
||||
|
}; |
||||
|
|
||||
|
networking.defaultGateway = { |
||||
|
address = "10.32.30.1"; |
||||
|
interface = "enp2s0f0"; |
||||
|
}; |
||||
|
} |
Write
Preview
Loading…
Cancel
Save
Reference in new issue