Dustin Frisch
1 year ago
No known key found for this signature in database
GPG Key ID: B4C3BF012D9B26BE
23 changed files with 305 additions and 106 deletions
-
3.gitignore
-
8.sops.yaml
-
16flake.lock
-
6flake.nix
-
45machines.nix
-
5machines/manager/autoinstall.nix
-
2machines/manager/cache.nix
-
23machines/manager/default.nix
-
27machines/manager/disk.nix
-
34machines/manager/hardware.nix
-
17machines/manager/ldap.nix
-
29machines/manager/netinstall.nix
-
13machines/manager/network.nix
-
4machines/manager/nfs.nix
-
16machines/node/default.nix
-
29machines/node/disk.nix
-
35machines/node/hardware.nix
-
13machines/node/network.nix
-
31secrets.yaml
-
11secrets/cache-priv-key.pem
-
9shared/default.nix
-
13shared/network.nix
-
0shared/users.nix
@ -0,0 +1,3 @@ |
|||
/.pre-commit-config.yaml |
|||
.gcroots |
|||
.direnv |
@ -1,5 +1,11 @@ |
|||
keys: |
|||
- &admin_fooker 3237CA7A1744B4DCE96B409FB4C3BF012D9B26BE |
|||
- &server_manager age1ys5pskgkjsgqfy2lr0afcnl2edry8jmryhymkwtked2se74e9g4s23gunn |
|||
|
|||
creation_rules: |
|||
- key_groups: |
|||
- pgp: |
|||
- 3237CA7A1744B4DCE96B409FB4C3BF012D9B26BE |
|||
- *admin_fooker |
|||
age: |
|||
- *server_manager |
|||
path_regex: ^(secrets\.yaml|secrets/.+)$ |
@ -1,5 +0,0 @@ |
|||
# TFTP boot with shared image |
|||
# Requests store path to install from master |
|||
# Runs disko and nixos-install |
|||
|
|||
{} |
@ -0,0 +1,34 @@ |
|||
{ lib, pkgs, config, modulesPath, ... }: |
|||
|
|||
with lib; |
|||
|
|||
{ |
|||
imports = [ |
|||
"${modulesPath}/installer/scan/not-detected.nix" |
|||
]; |
|||
|
|||
boot.loader.systemd-boot.enable = true; |
|||
boot.loader.efi.canTouchEfiVariables = true; |
|||
|
|||
boot.initrd.systemd.enable = true; |
|||
|
|||
boot.initrd.availableKernelModules = [ |
|||
"uhci_hcd" |
|||
"ehci_pci" |
|||
"ata_piix" |
|||
"mptsas" |
|||
"usb_storage" |
|||
"usbhid" |
|||
"sd_mod" |
|||
"sr_mod" |
|||
]; |
|||
boot.initrd.kernelModules = [ ]; |
|||
|
|||
boot.kernelModules = [ "kvm-intel" ]; |
|||
boot.extraModulePackages = [ ]; |
|||
|
|||
nixpkgs.hostPlatform = "x86_64-linux"; |
|||
|
|||
hardware.enableRedistributableFirmware = true; |
|||
hardware.cpu.intel.updateMicrocode = true; |
|||
} |
@ -0,0 +1,29 @@ |
|||
# TFTP boot with shared image |
|||
# Requests store path to install from master |
|||
# Runs disko and nixos-install |
|||
|
|||
{ pkgs, lib, config, ... }: |
|||
|
|||
{ |
|||
services.pixiecore = { |
|||
enable = true; |
|||
mode = "api"; |
|||
dhcpNoBind = true; |
|||
debug = true; |
|||
statusPort = 6080; |
|||
apiServer = "http://boot.${config.networking.domain}/pixiecore"; |
|||
}; |
|||
|
|||
services.nginx = { |
|||
enable = true; |
|||
recommendedProxySettings = true; |
|||
virtualHosts = { |
|||
"boot.${config.networking.domain}" = { |
|||
locations."/status".proxyPass = "http://localhost:${toString config.services.pixiecore.statusPort}"; |
|||
locations."/pixiecore" = { |
|||
root = "/srv/pixieboot"; |
|||
}; |
|||
}; |
|||
}; |
|||
}; |
|||
} |
@ -0,0 +1,13 @@ |
|||
{ |
|||
networking.interfaces."enp11s0f0" = { |
|||
ipv4.addresses = [{ |
|||
address = "10.32.30.93"; |
|||
prefixLength = 24; |
|||
}]; |
|||
}; |
|||
|
|||
networking.defaultGateway = { |
|||
address = "10.32.30.1"; |
|||
interface = "enp11s0f0"; |
|||
}; |
|||
} |
@ -1,8 +1,8 @@ |
|||
{ |
|||
{ config, ... }: { |
|||
services.nfs.server = { |
|||
enable = true; |
|||
exports = '' |
|||
/home node*.hpc.informatik.hs-fulda.de(rw) |
|||
/home node*.${config.networking.domain}(rw) |
|||
''; |
|||
}; |
|||
} |
@ -1,24 +1,30 @@ |
|||
{ id, ... }: |
|||
{ lib, ... }: |
|||
{ lib, config, ... }: |
|||
|
|||
with lib; |
|||
|
|||
{ |
|||
imports = [ |
|||
./hardware.nix |
|||
./disk.nix |
|||
./network.nix |
|||
]; |
|||
|
|||
boot.loader.systemd-boot.enable = true; |
|||
boot.loader.efi.canTouchEfiVariables = true; |
|||
deployment = { |
|||
targetHost = "10.32.30.94"; |
|||
targetUser = "root"; |
|||
|
|||
tags = [ "node" ]; |
|||
}; |
|||
|
|||
networking.hostName = "node-${fixedWidthNumber 2 id}"; |
|||
|
|||
nix.settings = { |
|||
substituters = [ |
|||
"http://cache.hpc.informatik.hs-fulda.de" |
|||
"http://cache.${config.networking.domain}" |
|||
]; |
|||
trusted-public-keys = [ |
|||
"cache.hpc.informatik.hs-fulda.de:dc2abEGJAQfaZiBXhjvjPU0jx/wosQwAOQoz48/G6cA=" |
|||
"cache.${config.networking.domain}:dc2abEGJAQfaZiBXhjvjPU0jx/wosQwAOQoz48/G6cA=" |
|||
]; |
|||
}; |
|||
} |
@ -0,0 +1,35 @@ |
|||
{ lib, pkgs, config, modulesPath, ... }: |
|||
|
|||
with lib; |
|||
|
|||
{ |
|||
imports = [ |
|||
"${modulesPath}/installer/scan/not-detected.nix" |
|||
]; |
|||
|
|||
boot.loader.grub.enable = true; |
|||
boot.loader.grub.version = 2; |
|||
boot.loader.grub.device = "/dev/sda"; |
|||
|
|||
boot.initrd.systemd.enable = true; |
|||
|
|||
boot.initrd.availableKernelModules = [ |
|||
"ahci" |
|||
"ohci_pci" |
|||
"ehci_pci" |
|||
"pata_atiixp" |
|||
"usbhid" |
|||
"usb_storage" |
|||
"sd_mod" |
|||
"sr_mod" |
|||
]; |
|||
boot.initrd.kernelModules = [ ]; |
|||
|
|||
boot.kernelModules = [ "kvm-amd" ]; |
|||
boot.extraModulePackages = [ ]; |
|||
|
|||
nixpkgs.hostPlatform = "x86_64-linux"; |
|||
|
|||
hardware.enableRedistributableFirmware = true; |
|||
hardware.cpu.amd.updateMicrocode = true; |
|||
} |
@ -0,0 +1,13 @@ |
|||
{ |
|||
networking.interfaces."enp2s0f0" = { |
|||
ipv4.addresses = [{ |
|||
address = "10.32.30.94"; |
|||
prefixLength = 24; |
|||
}]; |
|||
}; |
|||
|
|||
networking.defaultGateway = { |
|||
address = "10.32.30.1"; |
|||
interface = "enp2s0f0"; |
|||
}; |
|||
} |
Write
Preview
Loading…
Cancel
Save
Reference in new issue