nixos/devices/srv1/node0/default.nix

inputs:
{
  config =
  {
    nixos =
    {
      system =
      {
        nixpkgs.march = "cascadelake";
        networking.networkd.static =
        {
          eno145 = { ip = "192.168.1.10"; mask = 24; gateway = "192.168.1.1"; };
          eno146 = { ip = "192.168.178.1"; mask = 24; };
        };
        cluster.nodeType = "master";
      };
      services =
      {
        xray.client = { enable = true; dnsmasq.extraInterfaces = [ "eno146" ]; };
        beesd.instances.root = { device = "/"; hashTableSizeMB = 512; threads = 4; };
        wireguard =
        {
          enable = true;
          peers = [ "vps6" ];
          publicKey = "Br+ou+t9M9kMrnNnhTvaZi2oNFRygzebA1NqcHWADWM=";
          wireguardIp = "192.168.83.9";
        };
        nfs = { root = "/"; exports = [ "/home" ]; accessLimit = "192.168.178.0/24"; };
        xrdp = { enable = true; hostname = [ "srv1.chn.moe" ]; };
        samba =
        {
          enable = true;
          hostsAllowed = "";
          shares = { home.path = "/home"; root.path = "/"; };
        };
      };
      packages.packages._prebuildPackages =
        [ inputs.topInputs.self.nixosConfigurations.srv1-node1.pkgs.localPackages.vasp.intel ];
    };
    # allow other machine access network by this machine
    systemd.network.networks."10-eno146".networkConfig.IPMasquerade = "both";
    # without this, tproxy does not work
    # TODO: why?
    networking.firewall.trustedInterfaces = [ "eno146" ];
  };
}
flake: 整理 srv1 2024-09-14 20:44:45 +08:00			`inputs:`
			`{`
			`config =`
			`{`
			`nixos =`
			`{`
devices.srv1.node0: set network 2024-09-15 16:21:23 +08:00			`system =`
			`{`
			`nixpkgs.march = "cascadelake";`
			`networking.networkd.static =`
			`{`
			`eno145 = { ip = "192.168.1.10"; mask = 24; gateway = "192.168.1.1"; };`
devices.srv1.node0: fix network 2024-09-15 18:47:23 +08:00			`eno146 = { ip = "192.168.178.1"; mask = 24; };`
devices.srv1.node0: set network 2024-09-15 16:21:23 +08:00			`};`
devices.srv1-node1: install 2024-09-16 11:12:27 +08:00			`cluster.nodeType = "master";`
devices.srv1.node0: set network 2024-09-15 16:21:23 +08:00			`};`
flake: 整理 srv1 2024-09-14 20:44:45 +08:00			`services =`
			`{`
modules.services.nfs: init 2024-09-26 11:23:07 +08:00			`xray.client = { enable = true; dnsmasq.extraInterfaces = [ "eno146" ]; };`
devices.srv1.node0: install 2024-09-15 11:50:38 +08:00			`beesd.instances.root = { device = "/"; hashTableSizeMB = 512; threads = 4; };`
flake: 整理 srv1 2024-09-14 20:44:45 +08:00			`wireguard =`
			`{`
			`enable = true;`
			`peers = [ "vps6" ];`
devices.srv1.node0: install 2024-09-15 11:50:38 +08:00			`publicKey = "Br+ou+t9M9kMrnNnhTvaZi2oNFRygzebA1NqcHWADWM=";`
			`wireguardIp = "192.168.83.9";`
flake: 整理 srv1 2024-09-14 20:44:45 +08:00			`};`
fix build 2024-09-26 12:41:26 +08:00			`nfs = { root = "/"; exports = [ "/home" ]; accessLimit = "192.168.178.0/24"; };`
devices.srv1.node1: enable samba and xrdp 2024-09-28 17:06:41 +08:00			`xrdp = { enable = true; hostname = [ "srv1.chn.moe" ]; };`
			`samba =`
			`{`
			`enable = true;`
			`hostsAllowed = "";`
			`shares = { home.path = "/home"; root.path = "/"; };`
			`};`
flake: 整理 srv1 2024-09-14 20:44:45 +08:00			`};`
devices.srv1: install broadwell vasp on node0 2024-09-24 11:49:16 +08:00			`packages.packages._prebuildPackages =`
			`[ inputs.topInputs.self.nixosConfigurations.srv1-node1.pkgs.localPackages.vasp.intel ];`
flake: 整理 srv1 2024-09-14 20:44:45 +08:00			`};`
modules.services.nfs: init 2024-09-26 11:23:07 +08:00			`# allow other machine access network by this machine`
devices.srv1.node0: enable IP masquerading 2024-09-16 17:37:43 +08:00			`systemd.network.networks."10-eno146".networkConfig.IPMasquerade = "both";`
devices.srv1-node0: fix network 2024-09-20 14:47:49 +08:00			`# without this, tproxy does not work`
			`# TODO: why?`
			`networking.firewall.trustedInterfaces = [ "eno146" ];`
flake: 整理 srv1 2024-09-14 20:44:45 +08:00			`};`
			`}`