Merge branch 'debug' into production

devices/nas/default.nix

@@ -41,7 +41,7 @@ inputs:
         initrd.sshd.enable = true;
         nixpkgs.march = "silvermont";
         nix.substituters = [ "https://nix-store.chn.moe?priority=100" ];
-        networking = { hostname = "nas"; networkd = {}; };
+        networking.networkd = {};
       };
       hardware = { cpus = [ "intel" ]; gpu.type = "intel"; };
       services =

devices/pc/default.nix

@@ -53,7 +53,6 @@ inputs:
           modules.modprobeConfig =
             [ "options iwlwifi power_save=0" "options iwlmvm power_scheme=1" "options iwlwifi uapsd_disable=1" ];
         };
-        networking.hostname = "pc";
         sysctl.laptop-mode = 5;
         gui.enable = true;
       };

devices/pi3b/default.nix

@@ -18,7 +18,7 @@ inputs:
           swap = [ "/nix/swap/swap" ];
           rollingRootfs = {};
         };
-        networking = { hostname = "pi3b"; networkd = {}; };
+        networking.networkd = {};
         nixpkgs.arch = "aarch64";
         kernel.variant = "nixos";
       };

devices/srv1-node0/default.nix

@@ -1,50 +0,0 @@
-inputs:
-{
-  config =
-  {
-    nixos =
-    {
-      system =
-      {
-        fileSystems =
-        {
-          mount =
-          {
-            vfat."/dev/disk/by-uuid/7A60-4232" = "/boot";
-            btrfs."/dev/mapper/root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
-          };
-          swap = [ "/dev/mapper/swap" ];
-          rollingRootfs = {};
-        };
-        nixpkgs.march = "cascadelake";
-        kernel.variant = "xanmod-lts";
-        networking.hostname = "srv1-node0";
-        gui.enable = true;
-      };
-      packages.vasp = null;
-      hardware.cpus = [ "intel" ];
-      services =
-      {
-        snapper.enable = true;
-        sshd = {};
-        xray.client.enable = true;
-        smartd.enable = true;
-        beesd.instances.root = { device = "/"; hashTableSizeMB = 4096; threads = 4; };
-        wireguard =
-        {
-          enable = true;
-          peers = [ "vps6" ];
-          publicKey = "l1gFSDCeBxyf/BipXNvoEvVvLqPgdil84nmr5q6+EEw=";
-          wireguardIp = "192.168.83.3";
-        };
-        slurm =
-        {
-          enable = true;
-          cpu = { cores = 16; threads = 2; mpiThreads = 2; openmpThreads = 4; };
-          memoryMB = 90112;
-        };
-      };
-      user.users = [ "chn" ];
-    };
-  };
-}

devices/srv1-node0/secrets/munge.key

@@ -1,24 +0,0 @@
-{
-	"data": "ENC[AES256_GCM,data:ftogJ/2oPME8sVbyNAuI3t3GEzUmdCadyjf2g/bjGNx3AoV0jU0SDxnBLDFfoR1rEtV00zfgCMPDGsEXavg+QVvoICpvvhckXMOLXe37H3Ff0wDVJtL4BBIK3oVh/SiYaRm/+uR0x6HW37KX50RRvKvpQoRdMVNnvtKbMjmQVIA=,iv:MOHfTIavoU643K10jSR3HruzoofOqqVspYgiaLc294o=,tag:zjDTPKwAOh/nqkquvAQpbw==,type:str]",
-	"sops": {
-		"kms": null,
-		"gcp_kms": null,
-		"azure_kv": null,
-		"hc_vault": null,
-		"age": [
-			{
-				"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5TTB1bHFXcDhoMk1QVzJ0\nUUplcGVBVUhoOEt0Rnc2ZStDUUpjZmV0eGpvCjFQSGl4TjlMT2R5RExNZWxwOUtz\nSWhhSUtFN0JISzJhclpCMFZDQ09jK28KLS0tIGJydDNoY3hBbEhBYUNYZGZCaWpQ\nQnVDalJCcWpIRTdVaWkzeGVNSGpDRWsKWXoMC8NApfenn191aRwdAjD0iM5+C3R6\nXKpHxfhc1Gf6paxBhketFU+AwWsKiBDKh0gntV49F+YSriPa7uI3FA==\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzclYwVjdOZnQ1Y2dlUi9n\naXQya21QVHZ0KzMxTkVuTEJuazB4WklqdFdvCmpMd0h6OXUvZSttOFpmeUdsSlNs\nQkhQaVJqVFdidFNMejljV2h3WUFTaFUKLS0tIGNBemY5R1N3T00zMEthZjBsWXZh\nVXRtNG5UV3I3WG5LYUphNUNyUDI5WXcKVQpMe3zYgzHOtQQvo8Vvz94lYR6TBFuV\nD7ztr4rD/Vdk3hkSGZQvdzGjNDdGpac38LUN9vtFQbzMofykcn/etw==\n-----END AGE ENCRYPTED FILE-----\n"
-			}
-		],
-		"lastmodified": "2024-02-24T05:48:31Z",
-		"mac": "ENC[AES256_GCM,data:kCLcS6xeMijD8Bxa0MBUbFH2pdXX6BdGL1SztHHPet8loMkiCfgEiyp9l/QjszWa3G6zx3K+0wXXtRXmrNAxThnIgMZQVGCy4Ucw7fp8Pral/5eaJNlZGb56JQPF9ZDHb9YQPDPImaEAKYUtzayyaZAGJGlCmIIhVVhXTx7iiig=,iv:MXRDA/6YnVUbLdYAIrMvrdb2iPsi4Bmr06SPCU8CCVc=,tag:9hT7Xo0tRnHTgAaivKj4QQ==,type:str]",
-		"pgp": null,
-		"unencrypted_suffix": "_unencrypted",
-		"version": "3.8.1"
-	}
-}

devices/srv1-node3/default.nix

@@ -1,50 +0,0 @@
-inputs:
-{
-  config =
-  {
-    nixos =
-    {
-      system =
-      {
-        fileSystems =
-        {
-          mount =
-          {
-            vfat."/dev/disk/by-uuid/7A60-4232" = "/boot";
-            btrfs."/dev/mapper/root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
-          };
-          swap = [ "/dev/mapper/swap" ];
-          rollingRootfs = {};
-        };
-        nixpkgs.march = "broadwell";
-        kernel.variant = "xanmod-lts";
-        networking.hostname = "srv1-node3";
-        gui.enable = true;
-      };
-      packages.vasp = null;
-      hardware.cpus = [ "intel" ];
-      services =
-      {
-        snapper.enable = true;
-        sshd = {};
-        xray.client.enable = true;
-        smartd.enable = true;
-        beesd.instances.root = { device = "/"; hashTableSizeMB = 4096; threads = 4; };
-        wireguard =
-        {
-          enable = true;
-          peers = [ "vps6" ];
-          publicKey = "l1gFSDCeBxyf/BipXNvoEvVvLqPgdil84nmr5q6+EEw=";
-          wireguardIp = "192.168.83.3";
-        };
-        slurm =
-        {
-          enable = true;
-          cpu = { cores = 16; threads = 2; mpiThreads = 2; openmpThreads = 4; };
-          memoryMB = 90112;
-        };
-      };
-      user.users = [ "chn" ];
-    };
-  };
-}

devices/srv1-node3/secrets/munge.key

@@ -1,24 +0,0 @@
-{
-	"data": "ENC[AES256_GCM,data:ftogJ/2oPME8sVbyNAuI3t3GEzUmdCadyjf2g/bjGNx3AoV0jU0SDxnBLDFfoR1rEtV00zfgCMPDGsEXavg+QVvoICpvvhckXMOLXe37H3Ff0wDVJtL4BBIK3oVh/SiYaRm/+uR0x6HW37KX50RRvKvpQoRdMVNnvtKbMjmQVIA=,iv:MOHfTIavoU643K10jSR3HruzoofOqqVspYgiaLc294o=,tag:zjDTPKwAOh/nqkquvAQpbw==,type:str]",
-	"sops": {
-		"kms": null,
-		"gcp_kms": null,
-		"azure_kv": null,
-		"hc_vault": null,
-		"age": [
-			{
-				"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5TTB1bHFXcDhoMk1QVzJ0\nUUplcGVBVUhoOEt0Rnc2ZStDUUpjZmV0eGpvCjFQSGl4TjlMT2R5RExNZWxwOUtz\nSWhhSUtFN0JISzJhclpCMFZDQ09jK28KLS0tIGJydDNoY3hBbEhBYUNYZGZCaWpQ\nQnVDalJCcWpIRTdVaWkzeGVNSGpDRWsKWXoMC8NApfenn191aRwdAjD0iM5+C3R6\nXKpHxfhc1Gf6paxBhketFU+AwWsKiBDKh0gntV49F+YSriPa7uI3FA==\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzclYwVjdOZnQ1Y2dlUi9n\naXQya21QVHZ0KzMxTkVuTEJuazB4WklqdFdvCmpMd0h6OXUvZSttOFpmeUdsSlNs\nQkhQaVJqVFdidFNMejljV2h3WUFTaFUKLS0tIGNBemY5R1N3T00zMEthZjBsWXZh\nVXRtNG5UV3I3WG5LYUphNUNyUDI5WXcKVQpMe3zYgzHOtQQvo8Vvz94lYR6TBFuV\nD7ztr4rD/Vdk3hkSGZQvdzGjNDdGpac38LUN9vtFQbzMofykcn/etw==\n-----END AGE ENCRYPTED FILE-----\n"
-			}
-		],
-		"lastmodified": "2024-02-24T05:48:31Z",
-		"mac": "ENC[AES256_GCM,data:kCLcS6xeMijD8Bxa0MBUbFH2pdXX6BdGL1SztHHPet8loMkiCfgEiyp9l/QjszWa3G6zx3K+0wXXtRXmrNAxThnIgMZQVGCy4Ucw7fp8Pral/5eaJNlZGb56JQPF9ZDHb9YQPDPImaEAKYUtzayyaZAGJGlCmIIhVVhXTx7iiig=,iv:MXRDA/6YnVUbLdYAIrMvrdb2iPsi4Bmr06SPCU8CCVc=,tag:9hT7Xo0tRnHTgAaivKj4QQ==,type:str]",
-		"pgp": null,
-		"unencrypted_suffix": "_unencrypted",
-		"version": "3.8.1"
-	}
-}

devices/srv1/default.nix

@@ -0,0 +1,29 @@
+inputs:
+{
+  config =
+  {
+    nixos =
+    {
+      system =
+      {
+        fileSystems = { swap = [ "/dev/mapper/swap" ]; rollingRootfs = {}; };
+        kernel.variant = "xanmod-lts";
+        gui.enable = true;
+      };
+      hardware.cpus = [ "intel" ];
+      services =
+      {
+        snapper.enable = true;
+        sshd = {};
+        smartd.enable = true;
+        slurm =
+        {
+          enable = true;
+          cpu = { cores = 16; threads = 2; mpiThreads = 2; openmpThreads = 4; };
+          memoryMB = 90112;
+        };
+      };
+      user.users = [ "chn" ];
+    };
+  };
+}

devices/srv1/node0/default.nix

@@ -0,0 +1,31 @@
+inputs:
+{
+  config =
+  {
+    nixos =
+    {
+      system =
+      {
+        fileSystems.mount =
+        {
+          vfat."/dev/disk/by-uuid/7A60-4232" = "/boot";
+          btrfs."/dev/mapper/root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
+        };
+        nixpkgs.march = "cascadelake";
+      };
+      packages.vasp = null;
+      services =
+      {
+        xray.client.enable = true;
+        beesd.instances.root = { device = "/"; hashTableSizeMB = 4096; threads = 4; };
+        wireguard =
+        {
+          enable = true;
+          peers = [ "vps6" ];
+          publicKey = "l1gFSDCeBxyf/BipXNvoEvVvLqPgdil84nmr5q6+EEw=";
+          wireguardIp = "192.168.83.3";
+        };
+      };
+    };
+  };
+}

devices/srv1/node3/default.nix

@@ -0,0 +1,31 @@
+inputs:
+{
+  config =
+  {
+    nixos =
+    {
+      system =
+      {
+        fileSystems.mount =
+        {
+          vfat."/dev/disk/by-uuid/7A60-4232" = "/boot";
+          btrfs."/dev/mapper/root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
+        };
+        nixpkgs.march = "cascadelake";
+      };
+      packages.vasp = null;
+      services =
+      {
+        xray.client.enable = true;
+        beesd.instances.root = { device = "/"; hashTableSizeMB = 4096; threads = 4; };
+        wireguard =
+        {
+          enable = true;
+          peers = [ "vps6" ];
+          publicKey = "l1gFSDCeBxyf/BipXNvoEvVvLqPgdil84nmr5q6+EEw=";
+          wireguardIp = "192.168.83.3";
+        };
+      };
+    };
+  };
+}

devices/surface/default.nix

@@ -26,7 +26,6 @@ inputs:
         nixpkgs.march = "skylake";
         nix = { substituters = [ "https://nix-store.chn.moe?priority=100" ]; githubToken.enable = true; };
         kernel = { variant = "xanmod-lts"; patches = [ "surface" "hibernate-progress" ]; };
-        networking.hostname = "surface";
         gui.enable = true;
       };
       hardware = { cpus = [ "intel" ]; gpu.type = "intel"; };

devices/vps4/default.nix

@@ -29,7 +29,7 @@ inputs:
         nixpkgs.march = "znver2";
         nix.substituters = [ "https://nix-store.chn.moe?priority=100" ];
         initrd.sshd.enable = true;
-        networking = { hostname = "vps4"; networkd = {}; };
+        networking.networkd = {};
         kernel.variant = "xanmod-latest";
         nix-ld = null;
         binfmt = null;

devices/vps6/default.nix

@@ -29,7 +29,7 @@ inputs:
         nixpkgs.march = "sandybridge";
         nix.substituters = [ "https://nix-store.chn.moe?priority=100" ];
         initrd.sshd.enable = true;
-        networking = { hostname = "vps6"; networkd = {}; };
+        networking.networkd = {};
         # do not use cachyos kernel, beesd + cachyos kernel + heavy io = system freeze, not sure why
       };
       services =

devices/vps7/default.nix

@@ -29,7 +29,7 @@ inputs:
         nixpkgs.march = "znver2";
         nix.substituters = [ "https://nix-store.chn.moe?priority=100" ];
         initrd.sshd.enable = true;
-        networking = { hostname = "vps7"; networkd = {}; };
+        networking.networkd = {};
         kernel.variant = "xanmod-lts";
       };
       services =

devices/xmupc1/default.nix

@@ -48,7 +48,6 @@ inputs:
           };
         };
         gui = { enable = true; preferred = false; autoStart = true; };
-        networking.hostname = "xmupc1";
         nix.remote.slave.enable = true;
       };
       hardware = { cpus = [ "amd" ]; gpu.type = "nvidia"; };

devices/xmupc2/default.nix

@@ -41,7 +41,6 @@ inputs:
           };
         };
         gui = { enable = true; preferred = false; autoStart = true; };
-        networking.hostname = "xmupc2";
         nix =
         {
           marches =

flake.nix

@@ -76,18 +76,14 @@
     # nixos-wallpaper = { url = "git+https://git.chn.moe/chn/nixos-wallpaper.git"; flake = false; };
   };
 
-  outputs = inputs:
-    let
-      localLib = import ./flake/lib.nix inputs.nixpkgs.lib;
-      devices = [ "nas" "pc" "pi3b" "srv1-node0" "srv1-node3" "surface" "vps4" "vps6" "vps7" "xmupc1" "xmupc2" ];
-    in
-    {
-      packages.x86_64-linux = import ./flake/packages.nix { inherit inputs devices; };
-      nixosConfigurations = import ./flake/nixos.nix { inherit inputs devices localLib; };
-      overlays.default = final: prev:
-        { localPackages = (import ./packages { inherit localLib; pkgs = final; topInputs = inputs; }); };
-      config = { archive = false; branch = "production"; };
-      devShells.x86_64-linux = import ./flake/dev.nix { inherit inputs; };
-      src = import ./flake/src.nix { inherit inputs; };
-    };
+  outputs = inputs: let localLib = import ./flake/lib.nix inputs.nixpkgs.lib; in
+  {
+    packages.x86_64-linux = import ./flake/packages.nix { inherit inputs localLib; };
+    nixosConfigurations = import ./flake/nixos.nix { inherit inputs localLib; };
+    overlays.default = final: prev:
+      { localPackages = (import ./packages { inherit localLib; pkgs = final; topInputs = inputs; }); };
+    config = { archive = false; branch = "production"; };
+    devShells.x86_64-linux = import ./flake/dev.nix { inherit inputs; };
+    src = import ./flake/src.nix { inherit inputs; };
+  };
 }

flake/nixos.nix

@@ -1,18 +1,51 @@
-{ inputs, devices, localLib }:
-builtins.listToAttrs (builtins.map
-  (system:
-  {
-    name = system;
-    value = inputs.nixpkgs.lib.nixosSystem
+{ inputs, localLib }:
+builtins.listToAttrs
+(
+  (builtins.map
+    (system:
     {
-      system = let arch.pi3b = "aarch64-linux"; in arch.${system} or "x86_64-linux";
-      specialArgs = { topInputs = inputs; inherit localLib; };
-      modules = localLib.mkModules
-      [
-        { config.nixpkgs.overlays = [ inputs.self.overlays.default ]; }
-        ../modules
-        ../devices/${system}
-      ];
-    };
-  })
-  devices)
+      name = system;
+      value = inputs.nixpkgs.lib.nixosSystem
+      {
+        system = let arch.pi3b = "aarch64-linux"; in arch.${system} or "x86_64-linux";
+        specialArgs = { topInputs = inputs; inherit localLib; };
+        modules = localLib.mkModules
+        [
+          {
+            config =
+            {
+              nixpkgs.overlays = [ inputs.self.overlays.default ];
+              nixos.system.networking.hostname = system;
+            };
+          }
+          ../modules
+          ../devices/${system}
+        ];
+      };
+    })
+    [ "nas" "pc" "pi3b" "surface" "vps4" "vps6" "vps7" "xmupc1" "xmupc2" ])
+  ++ (builtins.map
+    (node:
+    {
+      name = "srv1-${node}";
+      value = inputs.nixpkgs.lib.nixosSystem
+      {
+        system = "x86_64-linux";
+        specialArgs = { topInputs = inputs; inherit localLib; };
+        modules = localLib.mkModules
+        [
+          {
+            config =
+            {
+              nixpkgs.overlays = [ inputs.self.overlays.default ];
+              nixos.system.cluster = { clusterName = "srv1"; nodeName = node; };
+            };
+          }
+          ../modules
+          ../devices/srv1
+          ../devices/srv1/${node}
+        ];
+      };
+    })
+    [ "node0" "node3" ])
+)

flake/packages.nix

@@ -1,4 +1,4 @@
-{ inputs, devices }: rec
+{ inputs, localLib }: rec
 {
   pkgs = (import inputs.nixpkgs
   {
@@ -17,10 +17,6 @@
   blog = pkgs.callPackage ../blog { inherit (inputs) hextra; };
 }
 // (builtins.listToAttrs (builtins.map
-  (system:
-  {
-    name = system;
-    value = inputs.self.outputs.nixosConfigurations.${system}.config.system.build.toplevel;
-  })
-  devices)
+  (system: { inherit (system) name; value = system.value.config.system.build.toplevel; })
+  localLib.attrsToList inputs.self.outputs.nixosConfigurations)
 )

modules/system/cluster.nix

@@ -0,0 +1,21 @@
+inputs:
+{
+  options.nixos.system.cluster = let inherit (inputs.lib) mkOption types; in mkOption
+  {
+    type = types.nullOr (types.submodule { options =
+    {
+      clusterName = mkOption { type = types.nonEmptyStr; };
+      nodeName = mkOption { type = types.nonEmptyStr; };
+      nodeType = mkOption { type = types.enum [ "master" "worker" ]; default = "worker"; };
+    };});
+    default = null;
+  };
+  config = let inherit (inputs.config.nixos.system) cluster; in inputs.lib.mkIf (cluster != null)
+  {
+    nixos.system.networking.hostname = "${cluster.clusterName}-${cluster.nodeName}";
+    # 作为从机时，home-manager 需要被禁用
+    systemd.services = inputs.lib.mkIf (cluster.nodeType == "worker") (builtins.listToAttrs (builtins.map
+      (user: { "home-manager-${user}".enable = false; })
+      inputs.config.nixos.users.users));
+  };
+}

modules/system/sops.nix

@@ -5,28 +5,26 @@ inputs:
     enable = mkOption { type = types.bool; default = true; };
     keyPathPrefix = mkOption { type = types.str; default = "/nix/persistent"; };
   };
-  config =
-    let
-      inherit (inputs.lib) mkIf;
-      inherit (inputs.config.nixos.system) sops;
-    in mkIf sops.enable
+  config = let inherit (inputs.config.nixos.system) sops; in inputs.lib.mkIf sops.enable
+  {
+    sops =
     {
-      sops =
-      {
-        defaultSopsFile =
-          let deviceDir = "${inputs.topInputs.self}/devices/${inputs.config.nixos.system.networking.hostname}";
-          in mkIf
-            (
-              builtins.pathExists "${deviceDir}/secrets.yaml"
-              || builtins.pathExists "${deviceDir}/secrets/default.yaml"
-            )
-            (
-              if builtins.pathExists "${deviceDir}/secrets.yaml" then "${deviceDir}/secrets.yaml"
-              else "${deviceDir}/secrets/default.yaml"
-            );
-        # sops start before impermanence, so we need to use the absolute path
-        age.sshKeyPaths = [ "${sops.keyPathPrefix}/etc/ssh/ssh_host_ed25519_key" ];
-        gnupg.sshKeyPaths = [ "${sops.keyPathPrefix}/etc/ssh/ssh_host_rsa_key" ];
-      };
+      defaultSopsFile =
+        let deviceDir =
+          if (inputs.config.nixos.system.cluster == null) then
+            "${inputs.topInputs.self}/devices/${inputs.config.nixos.system.networking.hostname}"
+          else
+            "${inputs.topInputs.self}/devices/${inputs.config.nixos.system.cluster.clusterName}"
+              + "/${inputs.config.nixos.system.cluster.nodeName}";
+        in inputs.lib.mkMerge
+        [
+          (inputs.lib.mkIf (builtins.pathExists "${deviceDir}/secrets.yaml") "${deviceDir}/secrets.yaml")
+          (inputs.lib.mkIf (builtins.pathExists "${deviceDir}/secrets/default.yaml")
+            "${deviceDir}/secrets/default.yaml")
+        ];
+      # sops start before impermanence, so we need to use the absolute path
+      age.sshKeyPaths = [ "${sops.keyPathPrefix}/etc/ssh/ssh_host_ed25519_key" ];
+      gnupg.sshKeyPaths = [ "${sops.keyPathPrefix}/etc/ssh/ssh_host_rsa_key" ];
     };
+  };
 }

modules/user/default.nix

@@ -84,9 +84,10 @@ inputs:
       home-manager.users = builtins.listToAttrs (builtins.map
         (name: { inherit name; value.imports = user.sharedModules; })
         user.users);
-      environment.persistence."${inputs.config.nixos.system.impermanence.persistence}".directories = builtins.map
-        (user: { directory = "/home/${user}"; inherit user; group = user; mode = "0700"; })
-        (builtins.filter (user: user != "chn") user.users);
+      environment.persistence."${inputs.config.nixos.system.impermanence.persistence}".directories =
+        inputs.lib.mkIf (inputs.config.nixos.system.cluster.nodeType or null != "worker") (builtins.map
+          (user: { directory = "/home/${user}"; inherit user; group = user; mode = "0700"; })
+          (builtins.filter (user: user != "chn") user.users));
     }
     # set hashedPassword if it exist in secrets
     (