hpc
/
nixcfg
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Progress

main
Dustin Frisch 2 years ago
parent
ce8862bf37
commit
1df1e88f79
No known key found for this signature in database GPG Key ID: B4C3BF012D9B26BE
23 changed files with 305 additions and 106 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      .gitignore
  2. 8
      .sops.yaml
  3. 16
      flake.lock
  4. 6
      flake.nix
  5. 45
      machines.nix
  6. 5
      machines/manager/autoinstall.nix
  7. 2
      machines/manager/cache.nix
  8. 23
      machines/manager/default.nix
  9. 27
      machines/manager/disk.nix
  10. 34
      machines/manager/hardware.nix
  11. 17
      machines/manager/ldap.nix
  12. 29
      machines/manager/netinstall.nix
  13. 13
      machines/manager/network.nix
  14. 4
      machines/manager/nfs.nix
  15. 16
      machines/node/default.nix
  16. 29
      machines/node/disk.nix
  17. 35
      machines/node/hardware.nix
  18. 13
      machines/node/network.nix
  19. 31
      secrets.yaml
  20. 11
      secrets/cache-priv-key.pem
  21. 9
      shared/default.nix
  22. 13
      shared/network.nix
  23. 0
      shared/users.nix

3
.gitignore
View File

@ -0,0 +1,3 @@
/.pre-commit-config.yaml
.gcroots
.direnv

8
.sops.yaml
View File

@ -1,5 +1,11 @@
keys:
- &admin_fooker 3237CA7A1744B4DCE96B409FB4C3BF012D9B26BE
- &server_manager age1ys5pskgkjsgqfy2lr0afcnl2edry8jmryhymkwtked2se74e9g4s23gunn
creation_rules: creation_rules:
- key_groups: - key_groups:
- pgp: - pgp:
- 3237CA7A1744B4DCE96B409FB4C3BF012D9B26BE
- *admin_fooker
age:
- *server_manager
path_regex: ^(secrets\.yaml|secrets/.+)$ path_regex: ^(secrets\.yaml|secrets/.+)$

16
flake.lock
View File

@ -165,6 +165,21 @@
"type": "github" "type": "github"
} }
}, },
"gather": {
"locked": {
"lastModified": 1685458852,
"narHash": "sha256-w05QjsDxebdO6Hsfp60Run3tECsI6ucwoS1pPR1YLbk=",
"owner": "fooker",
"repo": "gather.nix",
"rev": "cd099d749f2050370d0cc42a496d537e61b9a6f4",
"type": "github"
},
"original": {
"owner": "fooker",
"repo": "gather.nix",
"type": "github"
}
},
"gitignore": { "gitignore": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -368,6 +383,7 @@
"inputs": { "inputs": {
"colmena": "colmena", "colmena": "colmena",
"disko": "disko", "disko": "disko",
"gather": "gather",
"nixago": "nixago", "nixago": "nixago",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"pre-commit-hooks": "pre-commit-hooks", "pre-commit-hooks": "pre-commit-hooks",

6
flake.nix
View File

@ -54,6 +54,12 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
gather = {
type = "github";
owner = "fooker";
repo = "gather.nix";
};
}; };
outputs = { nixpkgs, utils, ... }@inputs: { outputs = { nixpkgs, utils, ... }@inputs: {

45
machines.nix
View File

@ -1,33 +1,40 @@
{ nixpkgs, disko, sops, ... }@inputs:
{ nixpkgs, disko, sops, gather, ... }@inputs:
let let
deploymentPkgs = import nixpkgs { deploymentPkgs = import nixpkgs {
localSystem.system = "x86_64-linux"; localSystem.system = "x86_64-linux";
}; };
in with deploymentPkgs.lib; let
in
with deploymentPkgs.lib; let
mkMachine = type: opts: { lib, ... }: mkMachine = type: opts: { lib, ... }:
let
machine = import ./machines/${type} opts;
in {
imports = [
./shared
./modules
machine
sops.nixosModules.sops
disko.nixosModules.disko
];
};
let
machine = import ./machines/${type} opts;
in
{
imports = [
./shared
./modules
machine
disko.nixosModules.disko
sops.nixosModules.sops
gather.nixosModules.gather
];
};
machines = { machines = {
manager = mkMachine "manager" {};
} // (listToAttrs (genList (i: nameValuePair
"node-${fixedWidthNumber 2 i}"
(mkMachine "node" { id = i; })
) 16));
manager = mkMachine "manager" { };
} // (listToAttrs (genList
(i: nameValuePair
"node-${fixedWidthNumber 2 i}"
(mkMachine "node" { id = i; })
) 16));
in {
in
{
meta = { meta = {
nixpkgs = deploymentPkgs; nixpkgs = deploymentPkgs;

5
machines/manager/autoinstall.nix
View File

@ -1,5 +0,0 @@
# TFTP boot with shared image
# Requests store path to install from master
# Runs disko and nixos-install
{}

2
machines/manager/cache.nix
View File

@ -15,7 +15,7 @@
enable = true; enable = true;
recommendedProxySettings = true; recommendedProxySettings = true;
virtualHosts = { virtualHosts = {
"cache.hpc.informatik.hs-fulda.de" = {
"cache.${config.networking.domain}" = {
locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}"; locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
}; };
}; };

23
machines/manager/default.nix
View File

@ -1,31 +1,24 @@
{ ... }:
_:
{ lib, config, ... }: { lib, config, ... }:
with lib; with lib;
{ {
imports = [ imports = [
./hardware.nix
./disk.nix ./disk.nix
./network.nix
./nfs.nix ./nfs.nix
#./ldap.nix
./ldap.nix
#./beegfs.nix #./beegfs.nix
#./ntp.nix
./ntp.nix
#./gateway.nix #./gateway.nix
#./autoinstall.nix
#./cache.nix
#./netinstall.nix
./cache.nix
]; ];
users.users."root".password = "asdasd123";
virtualisation.useDefaultFilesystems = false;
virtualisation.fileSystems."/" = {
device = config.virtualisation.bootDevice;
fsType = "btrfs";
autoFormat = true;
};
deployment = { deployment = {
targetHost = "10.32.30.240";
targetHost = "10.32.30.93";
targetUser = "root"; targetUser = "root";
tags = [ "manager" ]; tags = [ "manager" ];

27
machines/manager/disk.nix
View File

@ -1,31 +1,44 @@
{ ... }:
{ {
disko.devices = { disko.devices = {
disk.sda = {
device = "/dev/nvme0n1";
disk."system" = {
device = "/dev/disk/by-path/pci-0000:01:00.0-scsi-0:1:1:0";
type = "disk"; type = "disk";
content = { content = {
type = "table"; type = "table";
format = "gpt"; format = "gpt";
partitions = [ partitions = [
{ {
index = 1;
name = "root"; name = "root";
start = "100MiB"; start = "100MiB";
end = "100%";
end = "-4GB";
part-type = "primary"; part-type = "primary";
fs-type = "btrfs";
bootable = true; bootable = true;
content = { content = {
type = "filesystem"; type = "filesystem";
format = "ext4";
#format = "btrfs";
format = "btrfs";
mountpoint = "/"; mountpoint = "/";
}; };
} }
{ {
index = 2;
name = "swap";
start = "-4G";
end = "100%";
part-type = "primary";
fs-type = "linux-swap";
content = {
type = "swap";
randomEncryption = true;
};
}
{
index = 3;
name = "ESP"; name = "ESP";
start = "1MiB"; start = "1MiB";
end = "100MiB"; end = "100MiB";
fs-type = "fat32";
bootable = true; bootable = true;
content = { content = {
type = "filesystem"; type = "filesystem";

34
machines/manager/hardware.nix
View File

@ -0,0 +1,34 @@
{ lib, pkgs, config, modulesPath, ... }:
with lib;
{
imports = [
"${modulesPath}/installer/scan/not-detected.nix"
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.initrd.systemd.enable = true;
boot.initrd.availableKernelModules = [
"uhci_hcd"
"ehci_pci"
"ata_piix"
"mptsas"
"usb_storage"
"usbhid"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
nixpkgs.hostPlatform = "x86_64-linux";
hardware.enableRedistributableFirmware = true;
hardware.cpu.intel.updateMicrocode = true;
}

17
machines/manager/ldap.nix
View File

@ -1,5 +1,12 @@
{ config, ... }:
{ lib, config, ... }:
with lib;
let
baseDN = concatMapStringsSep ","
(part: "dc=${part}")
(splitString "." config.networking.domain);
in
{ {
services.openldap = { services.openldap = {
enable = true; enable = true;
@ -18,9 +25,9 @@
olcDatabase = "{1}mdb"; olcDatabase = "{1}mdb";
olcDbDirectory = "/var/lib/openldap/db"; olcDbDirectory = "/var/lib/openldap/db";
olcSuffix = "dc=sc,dc=informatik,dc=hs-fulda,dc=de";
olcSuffix = baseDN;
olcRootDN = "cn=root,dc=sc,dc=informatik,dc=hs-fulda,dc=de";
olcRootDN = "cn=root,${baseDN}";
olcRootPW.path = config.sops.secrets."ldap/root/password".path; olcRootPW.path = config.sops.secrets."ldap/root/password".path;
olcAccess = [ olcAccess = [
@ -40,5 +47,7 @@
}; };
}; };
sops.secrets."ldap/root/password" = { };
sops.secrets."ldap/root/password" = {
owner = "openldap";
};
} }

29
machines/manager/netinstall.nix
View File

@ -0,0 +1,29 @@
# TFTP boot with shared image
# Requests store path to install from master
# Runs disko and nixos-install
{ pkgs, lib, config, ... }:
{
services.pixiecore = {
enable = true;
mode = "api";
dhcpNoBind = true;
debug = true;
statusPort = 6080;
apiServer = "http://boot.${config.networking.domain}/pixiecore";
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts = {
"boot.${config.networking.domain}" = {
locations."/status".proxyPass = "http://localhost:${toString config.services.pixiecore.statusPort}";
locations."/pixiecore" = {
root = "/srv/pixieboot";
};
};
};
};
}

13
machines/manager/network.nix
View File

@ -0,0 +1,13 @@
{
networking.interfaces."enp11s0f0" = {
ipv4.addresses = [{
address = "10.32.30.93";
prefixLength = 24;
}];
};
networking.defaultGateway = {
address = "10.32.30.1";
interface = "enp11s0f0";
};
}

4
machines/manager/nfs.nix
View File

@ -1,8 +1,8 @@
{
{ config, ... }: {
services.nfs.server = { services.nfs.server = {
enable = true; enable = true;
exports = '' exports = ''
/home node*.hpc.informatik.hs-fulda.de(rw)
/home node*.${config.networking.domain}(rw)
''; '';
}; };
} }

16
machines/node/default.nix
View File

@ -1,24 +1,30 @@
{ id, ... }: { id, ... }:
{ lib, ... }:
{ lib, config, ... }:
with lib; with lib;
{ {
imports = [ imports = [
./hardware.nix
./disk.nix ./disk.nix
./network.nix
]; ];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
deployment = {
targetHost = "10.32.30.94";
targetUser = "root";
tags = [ "node" ];
};
networking.hostName = "node-${fixedWidthNumber 2 id}"; networking.hostName = "node-${fixedWidthNumber 2 id}";
nix.settings = { nix.settings = {
substituters = [ substituters = [
"http://cache.hpc.informatik.hs-fulda.de"
"http://cache.${config.networking.domain}"
]; ];
trusted-public-keys = [ trusted-public-keys = [
"cache.hpc.informatik.hs-fulda.de:dc2abEGJAQfaZiBXhjvjPU0jx/wosQwAOQoz48/G6cA="
"cache.${config.networking.domain}:dc2abEGJAQfaZiBXhjvjPU0jx/wosQwAOQoz48/G6cA="
]; ];
}; };
} }

29
machines/node/disk.nix
View File

@ -1,19 +1,19 @@
{ ... }:
{ {
disko.devices = { disko.devices = {
disk.sda = {
device = "/dev/sda";
disk."system" = {
device = "/dev/disk/by-path/pci-0000:00:11.0-ata-1";
type = "disk"; type = "disk";
content = { content = {
type = "table"; type = "table";
format = "gpt";
format = "msdos";
partitions = [ partitions = [
{ {
index = 1;
name = "root"; name = "root";
start = "100MiB";
end = "100%";
start = "1MB";
end = "-4GB";
part-type = "primary"; part-type = "primary";
fs-type = "btrfs";
bootable = true; bootable = true;
content = { content = {
type = "filesystem"; type = "filesystem";
@ -22,14 +22,15 @@
}; };
} }
{ {
name = "ESP";
start = "1MiB";
end = "100MiB";
bootable = true;
index = 2;
name = "swap";
start = "-4G";
end = "100%";
part-type = "primary";
fs-type = "linux-swap";
content = { content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
type = "swap";
randomEncryption = true;
}; };
} }
]; ];

35
machines/node/hardware.nix
View File

@ -0,0 +1,35 @@
{ lib, pkgs, config, modulesPath, ... }:
with lib;
{
imports = [
"${modulesPath}/installer/scan/not-detected.nix"
];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
boot.initrd.systemd.enable = true;
boot.initrd.availableKernelModules = [
"ahci"
"ohci_pci"
"ehci_pci"
"pata_atiixp"
"usbhid"
"usb_storage"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
nixpkgs.hostPlatform = "x86_64-linux";
hardware.enableRedistributableFirmware = true;
hardware.cpu.amd.updateMicrocode = true;
}

13
machines/node/network.nix
View File

@ -0,0 +1,13 @@
{
networking.interfaces."enp2s0f0" = {
ipv4.addresses = [{
address = "10.32.30.94";
prefixLength = 24;
}];
};
networking.defaultGateway = {
address = "10.32.30.1";
interface = "enp2s0f0";
};
}

31
secrets.yaml
View File

@ -8,23 +8,32 @@ sops:
gcp_kms: [] gcp_kms: []
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: []
age:
- recipient: age1ys5pskgkjsgqfy2lr0afcnl2edry8jmryhymkwtked2se74e9g4s23gunn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnL2N1SVQzcVFHRC9KRmM4
Wmd0dVE1TmIxZTR3QmhVbnRxT21kcFA4VEJVCnhrRUY0d2xJVFdaR2xRQXBEM2t2
Qllha1AvRGxFNWxta1JNSzBNSUNIdjQKLS0tIEJ2TWpnTFArdzhPU2JIZjlhOGVy
REpyVVlBL3BMSnF5QThBSGxNSEVGNHcKWqozLpGac2RlrpmR9DuJTcD4ue5zjwnz
b0eyJ2gD3gr81zG9DSifjLg8BLyt1mSml4wia5uHOP4DxhX4EOLDJw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-05-29T12:51:30Z" lastmodified: "2023-05-29T12:51:30Z"
mac: ENC[AES256_GCM,data:02jKHbEZGs3QiNzXEQxcB8v/i5UVB/pCciz4hSI220+GEYPgQK6qR1cZJaMAyrHKjzJLhNZq3Gfgsj4zfA+FMg/d12vp2QNTMRrVD/hSh67NgloZ/iTmJC//S8OJfiHEPdGKkq7zXCVajnkGMT/0yLNWAKISAwL451ohgMzMQYw=,iv:8hqKXUolNA7WatnnYwwUN2EgOyZjTISG2bfToENYc7c=,tag:5y43RQJgZbPK8g3Cw8CBzQ==,type:str] mac: ENC[AES256_GCM,data:02jKHbEZGs3QiNzXEQxcB8v/i5UVB/pCciz4hSI220+GEYPgQK6qR1cZJaMAyrHKjzJLhNZq3Gfgsj4zfA+FMg/d12vp2QNTMRrVD/hSh67NgloZ/iTmJC//S8OJfiHEPdGKkq7zXCVajnkGMT/0yLNWAKISAwL451ohgMzMQYw=,iv:8hqKXUolNA7WatnnYwwUN2EgOyZjTISG2bfToENYc7c=,tag:5y43RQJgZbPK8g3Cw8CBzQ==,type:str]
pgp: pgp:
- created_at: "2023-05-24T20:04:49Z"
- created_at: "2023-05-30T15:22:50Z"
enc: | enc: |
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQEMA5ntoryXZPD4AQf6A69nF8BRpYRdz3ea8acqryKoMe5p2A44drykDQR0NO9r
I6j0Hg9AksgC+rGRIQtCuj18gYybDFXgYLCE8MYfgh2NSyqeGzq2+kPDqAXRong/
Wrg1+KRlDbvIqH7IZ5BS40TGdphh/U8BIUcO8N4tgP60G6C7z9FqfjiA5YByqau3
7uAtKg3kR6lL13Cf0AUnMrQ8AOZ+6p+BwdTcXeUW2bScw8ScbEQsw/MtoiEN9Een
jvPhqTczdcZLIgTV+DvmimwYmH8xwFiMNFBrt4uzsBMv9N4pb0EzL8TcKIOuE8iw
YserGEi/sMx5QzqYmS2yPvNxwcXsZi28SQrHOs4Lv9JeAdpqwrqJjAaV3pN0OgSy
31XV/oDL8GJ3SfNqUZEULB06gkemRZscehMOi0tN+UX1gd7fJGsqsDK6geuqpShP
IpfMLriGoQb6Zy4fwEq9N5+AfWXfSZ9Kb8ab8ksvuA==
=Wm8a
hQEMA5ntoryXZPD4AQf/csXiLfUOCPX0jNdz6V2YzStTD1tiYM8+SyqS433ZC8ii
CR1vD5UlrXHEzfXX5Wt1iHO6Y5BCtvv4nVOaYPldV0n17FisXhAbKciTj5Om43uu
rbfY2xgHdZaFU3nMC147xDh5cOVa297mOY6jaCDX2bpfxp35NYz2vUNyfevG61Tl
sT6y0ISi2eN+x4xmlbDBs7/8LLiwjXvJu3UBXcEYNK18lYzALVPZWeCQvM5ALGS7
IC/vw6lhudNGXCSiT4SyPuQgIvFEyQvmIx4a/N35EARp6bXHH6gHalgJBTmulKaT
DGwewIjEw6FdmdLO4r3bpC7FvS0Pllo6HFTxh7OkVtJeASYywgWX1n/O6xT4pisQ
5dHHYoPtEe3wnuF/xb+mRsidGdKG3Tiu6rA3SoFbK6m7QSHOaDgsC8hDVDLw1XBs
FIJWhBoHIodOj+aaScZmFGZnJAbwhYiYrmZs8qJdtg==
=Vjvo
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 3237CA7A1744B4DCE96B409FB4C3BF012D9B26BE fp: 3237CA7A1744B4DCE96B409FB4C3BF012D9B26BE
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted

11
secrets/cache-priv-key.pem
View File

@ -5,13 +5,18 @@
"gcp_kms": null, "gcp_kms": null,
"azure_kv": null, "azure_kv": null,
"hc_vault": null, "hc_vault": null,
"age": null,
"age": [
{
"recipient": "age1ys5pskgkjsgqfy2lr0afcnl2edry8jmryhymkwtked2se74e9g4s23gunn",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1bkJEK1lXZDRpbHd1WXNL\nYkdId3NicUwrK09ScVVuWnhIUjA3QTRXZDA0CkticldtQUUvK1E2emhLckxDaklx\nNDdMT2VxOGVSdEwxS1FZRldYMzRvQmcKLS0tIE5UeUFVVGVrdEkxNUltYUs5RUNV\nSEIwNzFXUk4xZStiYm5JRWRZUDBPblEKjM4GZg+YPgoQl9pXp7SM1SOBO1vH1rfb\nEWIHIZc5kx2VPnD+jSUqqFApZuPSpDtdyWXJWJQLIWBOXeUmx/KJKA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2023-05-26T08:59:34Z", "lastmodified": "2023-05-26T08:59:34Z",
"mac": "ENC[AES256_GCM,data:8h8NREXye3DDL7DpvT7sVr1lyaAfEgDwOoaDMuCzzRyHFWPSELQHnjLjEjmexoRrrsE/U608/h62PU7m9EDSYuWlJsvuNBZ+HezR/Ve8oFrZ5ZE3HIoEt2aeM2enSEHGP+aYFL4jEZJJDn9xoW3chFu3JLTSez0NOAhuejghjnU=,iv:Dfxlfa/mwKswYL077oPV+rylKk5y67qKPz+6UFCje9c=,tag:lmM0U8H5FlVRMO51mqTZgg==,type:str]", "mac": "ENC[AES256_GCM,data:8h8NREXye3DDL7DpvT7sVr1lyaAfEgDwOoaDMuCzzRyHFWPSELQHnjLjEjmexoRrrsE/U608/h62PU7m9EDSYuWlJsvuNBZ+HezR/Ve8oFrZ5ZE3HIoEt2aeM2enSEHGP+aYFL4jEZJJDn9xoW3chFu3JLTSez0NOAhuejghjnU=,iv:Dfxlfa/mwKswYL077oPV+rylKk5y67qKPz+6UFCje9c=,tag:lmM0U8H5FlVRMO51mqTZgg==,type:str]",
"pgp": [ "pgp": [
{ {
"created_at": "2023-05-26T08:54:32Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQEMA5ntoryXZPD4AQf/WmHVgATZ4cl/zI+aRMYGrWyAHAWJ/gtXzTbY2oGHdonw\nx4+5XBsFg28JcJXlI9Aq643e8+/2BPie4tawyrNfWBcaovHbFzEvc4EK0wPbx0Ax\nYW2P237lKyCfOhC4uzeghlr/IpX+SGZGvSDmg6R99/sXZ8pnPFG6PwPp2rdE1JMJ\nZRupMzZfSgJWgZXQIxJhiymHh1ddAMGuLhDzRSj7eVZiN8kl39Y0wEKzmCqCSvIl\n5nn3EmGsB2sSNo8W6C91WQRyxRBP48wWUSZ0P7lHXQEqJW9ioLGq+1qLaL2ZVA3h\nr++vjXf+v9yIsOSGVJAehVV4rXF1pJJJSDMewG6bJdJeAQOiR8+mLvdtwIQOfEFM\nQVvNJ6RfRKSYIrRxBqBJx4vDKTUtktmcBRZJazB7s+TWkhAtrFHyZXCcO9L9Uz7/\nePJ8xD8z6SDZTUa7Y2mJx416mVZwvz7yEWThIBrGGA==\n=Xn2g\n-----END PGP MESSAGE-----\n",
"created_at": "2023-05-30T15:22:58Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQEMA5ntoryXZPD4AQf+M9eb4mKfNadMmoAZ/OHOpKTl52jUDympCZblXF6yHS+8\ny7uchp+69vtXif+ZPLC+NMEZLtAnwPG3KhBXTK5c+6+dqZN4DI3MvGq1HKy3nEU0\nDqk2vQKPH29EvsVO4QgEZqGoNRVW7MXHzcq8WYKkKWXvNRcGzNPANqp1pCS+Chns\neeFCVynsd7QUTYkvSw1/BZuMY135+Ubd2Vm9At6GI6xI87KTVQh/o+vFKQpdnRHj\nENuPBF2z4TbZHweH4gGYibfdiWsyWzAlu7G9OtNww+AdoydctaMDeH+N4LGCCqBS\nnLfNY7aRYfLxQ/zcuPhzl1jiJeQeLcMiXyssoyNwRtJeASov2wKOpLAYlSVE+frW\n4CY9iw2694Cidw66l2i15hk/Q9IiUSPYpghdiowVvZgNnNaAl8TYhcN08uPFhLvT\nASzWUOwnhgVTu11bhqYEIjt3tY4JrKzynY8tDy+Z3Q==\n=ZSOF\n-----END PGP MESSAGE-----\n",
"fp": "3237CA7A1744B4DCE96B409FB4C3BF012D9B26BE" "fp": "3237CA7A1744B4DCE96B409FB4C3BF012D9B26BE"
} }
], ],

9
shared/default.nix
View File

@ -3,9 +3,9 @@
{ {
imports = [ imports = [
./network.nix ./network.nix
./root.nix
./users.nix
#"${modulesPath}/profiles/headless.nix"
"${modulesPath}/profiles/headless.nix"
"${modulesPath}/profiles/all-hardware.nix" "${modulesPath}/profiles/all-hardware.nix"
]; ];
@ -16,11 +16,6 @@
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
}; };
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.initrd.systemd.enable = true;
time.timeZone = "Europe/Berlin"; time.timeZone = "Europe/Berlin";
console.keyMap = "de"; console.keyMap = "de";

13
shared/network.nix
View File

@ -1,7 +1,18 @@
{ config, ... }:
{ {
networking.domain = "hpc.informatik.hs-fulda.de"; networking.domain = "hpc.informatik.hs-fulda.de";
networking.useDHCP = true;
networking.search = [
config.networking.domain
];
networking.nameservers = [
"10.0.0.52"
"10.1.1.10"
];
networking.useDHCP = false;
services.openssh = { services.openssh = {
enable = true; enable = true;

0
shared/root.nix → shared/users.nix
View File

Write Preview
Loading…
Cancel
Save