Dustin Frisch
2 years ago
No known key found for this signature in database
GPG Key ID: B4C3BF012D9B26BE
14 changed files with 172 additions and 81 deletions
-
1gathered/manager/cache-pub-key.pem
-
26machines/manager/cache.nix
-
3machines/manager/default.nix
-
33machines/manager/netinstall.nix
-
69machines/manager/netinstall/default.nix
-
64machines/manager/netinstall/installer.nix
-
4machines/manager/network.nix
-
8machines/manager/nginx.nix
-
4machines/node/default.nix
-
1machines/node/hardware.nix
-
30secrets/cache-priv-key.pem
-
4shared/default.nix
-
4shared/network.nix
-
2shared/rdma.nix
@ -0,0 +1 @@ |
|||
cache.hpc.informatik.hs-fulda.de:/CF5K1gnvbCQHyMFRd7fpEPgfKZeSS6zPAkgkY/u4NY= |
@ -1,33 +0,0 @@ |
|||
# TFTP boot with shared image |
|||
# Requests store path to install from master |
|||
# Runs disko and nixos-install |
|||
|
|||
{ pkgs, lib, config, ... }: |
|||
|
|||
{ |
|||
services.pixiecore = { |
|||
enable = true; |
|||
mode = "api"; |
|||
dhcpNoBind = true; |
|||
debug = true; |
|||
statusPort = 6080; |
|||
apiServer = "http://boot.${config.networking.domain}/pixiecore"; |
|||
}; |
|||
|
|||
services.nginx = { |
|||
enable = true; |
|||
recommendedProxySettings = true; |
|||
virtualHosts = { |
|||
"boot.${config.networking.domain}" = { |
|||
locations."/status".proxyPass = "http://localhost:${toString config.services.pixiecore.statusPort}"; |
|||
locations."/pixiecore" = { |
|||
root = "/srv/pixieboot"; |
|||
}; |
|||
}; |
|||
}; |
|||
}; |
|||
|
|||
hpc.hostFile = [ |
|||
"boot.${config.networking.domain}" |
|||
]; |
|||
} |
@ -0,0 +1,69 @@ |
|||
# TFTP boot with shared image |
|||
# Requests store path to install from master |
|||
# Runs disko and nixos-install |
|||
|
|||
{ pkgs, lib, config, nodes, ... }@args: |
|||
|
|||
with lib; |
|||
|
|||
let |
|||
targets = { |
|||
"50:46:5d:da:0b:d6" = "node-00"; |
|||
}; |
|||
|
|||
installer = pkgs.nixos [ |
|||
./installer.nix |
|||
{ |
|||
_module.args = { |
|||
manangerConfig = config; |
|||
}; |
|||
} |
|||
]; |
|||
|
|||
api = pkgs.linkFarm "pixiecore-api" (mapAttrs' |
|||
(mac: name: nameValuePair |
|||
"v1/boot/${mac}" |
|||
(pkgs.writeText "pixieboot-api-${name}" ( |
|||
let |
|||
boot = installer.config.system.build; |
|||
node = nodes.${name}.config.system.build; |
|||
in |
|||
builtins.toJSON { |
|||
kernel = "file://${boot.kernel}/bzImage"; |
|||
initrd = "file://${boot.netbootRamdisk}/initrd"; |
|||
cmdline = concatStringsSep "\n" [ |
|||
"init=${boot.toplevel}/init" |
|||
"loglevel=4" |
|||
"nixos.install=${node.toplevel}" |
|||
]; |
|||
message = "NixOS Automatic Installer for ${name}"; |
|||
} |
|||
))) |
|||
targets); |
|||
in |
|||
{ |
|||
services.pixiecore = { |
|||
enable = true; |
|||
mode = "api"; |
|||
dhcpNoBind = true; |
|||
debug = true; |
|||
openFirewall = true; |
|||
port = 5080; |
|||
statusPort = 6080; |
|||
apiServer = "http://boot.${config.networking.domain}/pixiecore"; |
|||
}; |
|||
|
|||
services.nginx = { |
|||
virtualHosts = { |
|||
"boot.${config.networking.domain}" = { |
|||
locations."/".proxyPass = "http://localhost:${toString config.services.pixiecore.port}"; |
|||
locations."/status".proxyPass = "http://localhost:${toString config.services.pixiecore.statusPort}"; |
|||
locations."/pixiecore".root = api; |
|||
}; |
|||
}; |
|||
}; |
|||
|
|||
hpc.hostFile.aliases = [ |
|||
"boot.${config.networking.domain}" |
|||
]; |
|||
} |
@ -0,0 +1,64 @@ |
|||
{ pkgs, lib, config, modulesPath, manangerConfig, ... }: |
|||
|
|||
with lib; |
|||
|
|||
let |
|||
auto-install = pkgs.writeShellScript "nixos-install" '' |
|||
if [[ "$(cat /proc/cmdline)" =~ nixos\.install=([^ ]+) ]]; then |
|||
INSTALL="''${BASH_REMATCH[1]}" |
|||
else |
|||
echo "No install derivation found" >&2 |
|||
exit 1 |
|||
fi |
|||
''; |
|||
in |
|||
{ |
|||
imports = [ |
|||
"${modulesPath}/installer/netboot/netboot-minimal.nix" |
|||
]; |
|||
|
|||
config = { |
|||
services.getty.autologinUser = lib.mkForce "root"; |
|||
|
|||
networking.hostName = "installer"; |
|||
networking.hosts = mkForce manangerConfig.networking.hosts; |
|||
|
|||
users.users."root" = mkForce manangerConfig.users.users."root"; |
|||
|
|||
systemd.services."auto-install" = { |
|||
description = "Automated NixOS installer"; |
|||
|
|||
wants = [ "network-online.target" ]; |
|||
after = [ "network-online.target" ]; |
|||
|
|||
wantedBy = [ "multi-user.target" ]; |
|||
|
|||
unitConfig = { |
|||
AssertKernelCommandLine = "nixos.install"; |
|||
|
|||
FailureAction = "reboot-force"; |
|||
}; |
|||
|
|||
serviceConfig = { |
|||
Type = "oneshot"; |
|||
|
|||
ExecStart = auto-install; |
|||
|
|||
StandardInput = "tty-force"; |
|||
TTYPath = "/dev/tty1"; |
|||
TTYVTDisallocate = false; |
|||
}; |
|||
}; |
|||
|
|||
nix.settings = { |
|||
substituters = [ |
|||
"http://cache.${manangerConfig.networking.domain}" |
|||
]; |
|||
trusted-public-keys = [ |
|||
(fileContents manangerConfig.gather.parts."cache/key".path) |
|||
]; |
|||
}; |
|||
|
|||
system.stateVersion = config.system.nixos.release; |
|||
}; |
|||
} |
@ -0,0 +1,8 @@ |
|||
{ |
|||
services.nginx = { |
|||
enable = true; |
|||
recommendedProxySettings = true; |
|||
}; |
|||
|
|||
networking.firewall.allowedTCPPorts = [ 80 443 ]; |
|||
} |
@ -1,30 +0,0 @@ |
|||
{ |
|||
"data": "ENC[AES256_GCM,data:zFVNY6fYkVEvHcZ/IaWvcmIkf+NwZ9p45XEy7/sxpSvr62F80pzxAiC99IX+1+XLH83zk5dqm1vMUuX9NdNAxB0Mousyp1YdkF0Zqi5/il9B/p7R24AIfgeQCa46qo5MbYVWRgs6R1rp9Y573+6/SbPtDqoChvE1Kic=,iv:uQa4O9WnyFZ+kPvp/ozXilCTyUJcLvwlVWF7rmTi9w8=,tag:2MuFj4/Mn9LECE7cToQwVQ==,type:str]", |
|||
"sops": { |
|||
"kms": null, |
|||
"gcp_kms": null, |
|||
"azure_kv": null, |
|||
"hc_vault": null, |
|||
"age": [ |
|||
{ |
|||
"recipient": "age1ys5pskgkjsgqfy2lr0afcnl2edry8jmryhymkwtked2se74e9g4s23gunn", |
|||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwcnAzWkhKbGdjQ1g4WjVw\na3YrRjkzczVuNjYrQjJ5Yk9qeFFOS0dEdlVVCncwdU9JdVB2ekJSdXhNQmtJd0dH\neEIyK25pdVhpTzIzTUdvYlJGaDBvQVEKLS0tIDNsQ2J0ampueWZuQkNnQ2tFWEwv\nOVdyYzI2emh5SktqQUljbUhuajR3NTQKfG5O3ToSgBzR+/LHLyq7IUkLNRFeI6zh\n9u2pkCMncrUHAqpHJUfhnd39pke4Hg8op2DPLq9y7vj0s3DJ2HyJWQ==\n-----END AGE ENCRYPTED FILE-----\n" |
|||
}, |
|||
{ |
|||
"recipient": "age1q3tqh4w7yeae4xs0cxevtp5tn4gm8xthc39fsht2kv9rq7xm4q3qxqt9sh", |
|||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCZE1ndVZUenBCa2dva3dh\nT1hLMEFJSVNzejVtdXZnSStrWGtRd3IxZHlzClkxMmN5Q3FtL1pUcklkZXB6alZr\nNjJ6RzRwdFBDaFY5K2I0dlI4WWF3SVEKLS0tIE1zMGZkZWNTTjJEcnFNcWxlb0E4\nbmd3ejZ4S0V5alh1ZFZRd2IrckpybUkKY9KS0r71NIye4Bf8Ekqi90e4/7I8hg/V\nOA1bfKGo+sb9nD5HTBKEc+ssTVN21xWd9z6GksVjU9l2M5VoLwTkhQ==\n-----END AGE ENCRYPTED FILE-----\n" |
|||
} |
|||
], |
|||
"lastmodified": "2023-05-26T08:59:34Z", |
|||
"mac": "ENC[AES256_GCM,data:8h8NREXye3DDL7DpvT7sVr1lyaAfEgDwOoaDMuCzzRyHFWPSELQHnjLjEjmexoRrrsE/U608/h62PU7m9EDSYuWlJsvuNBZ+HezR/Ve8oFrZ5ZE3HIoEt2aeM2enSEHGP+aYFL4jEZJJDn9xoW3chFu3JLTSez0NOAhuejghjnU=,iv:Dfxlfa/mwKswYL077oPV+rylKk5y67qKPz+6UFCje9c=,tag:lmM0U8H5FlVRMO51mqTZgg==,type:str]", |
|||
"pgp": [ |
|||
{ |
|||
"created_at": "2023-06-01T13:41:29Z", |
|||
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQEMA5ntoryXZPD4AQf/STkH8HafCMan6au+LKbb5DriplyRLLPLzDcCvNn/VD5H\nYQU8rn/iJajpvbKxgBYo8c3bgz9hz+qfM1aSF57ezHkuiDHd0DDlnEHXGDfEsy5b\nnxPxXA432d412sfbjC69cqBba9mGYV88URplVm40RqyqZr+drnF6bsu3r5gY1sJT\nwG5ZYyyhXTO02ePYuAlS5J0yihHzA3rtWR7VEL5zwJVRo3D1fhMA0ZEnjCc9j14E\nT9yrOQZ1fPhiAJcvbWWxGWwDa50DpVGVBRwZ+N8mWbRN+Py4/OsjEe8f8s2h2IEp\nGKGirTIcc6hRhoOBRTNBmNeuTDbI04r+ai8XZBYxNNJeARvh1kh+5lx7gln92R7r\nDcgWchi/PioCHvDr9lfusuhio6rbAfS7LZ5fVREyHqRomQJEfFuq9Vder6cBYT+0\nd2/TG3Qc02Q0Q1yKXT3Fm+O9g8tXTWPyuZNt70npRA==\n=q6EO\n-----END PGP MESSAGE-----\n", |
|||
"fp": "3237CA7A1744B4DCE96B409FB4C3BF012D9B26BE" |
|||
} |
|||
], |
|||
"unencrypted_suffix": "_unencrypted", |
|||
"version": "3.7.3" |
|||
} |
|||
} |
Write
Preview
Loading…
Cancel
Save
Reference in new issue