mirror of
https://github.com/CHN-beta/nixos.git
synced 2024-10-22 21:18:44 +08:00
Merge branch 'debug' into production
This commit is contained in:
commit
35856d9293
@ -41,7 +41,7 @@ inputs:
|
||||
initrd.sshd.enable = true;
|
||||
nixpkgs.march = "silvermont";
|
||||
nix.substituters = [ "https://nix-store.chn.moe?priority=100" ];
|
||||
networking = { hostname = "nas"; networkd = {}; };
|
||||
networking.networkd = {};
|
||||
};
|
||||
hardware = { cpus = [ "intel" ]; gpu.type = "intel"; };
|
||||
services =
|
||||
|
@ -53,7 +53,6 @@ inputs:
|
||||
modules.modprobeConfig =
|
||||
[ "options iwlwifi power_save=0" "options iwlmvm power_scheme=1" "options iwlwifi uapsd_disable=1" ];
|
||||
};
|
||||
networking.hostname = "pc";
|
||||
sysctl.laptop-mode = 5;
|
||||
gui.enable = true;
|
||||
};
|
||||
|
@ -18,7 +18,7 @@ inputs:
|
||||
swap = [ "/nix/swap/swap" ];
|
||||
rollingRootfs = {};
|
||||
};
|
||||
networking = { hostname = "pi3b"; networkd = {}; };
|
||||
networking.networkd = {};
|
||||
nixpkgs.arch = "aarch64";
|
||||
kernel.variant = "nixos";
|
||||
};
|
||||
|
@ -1,50 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
config =
|
||||
{
|
||||
nixos =
|
||||
{
|
||||
system =
|
||||
{
|
||||
fileSystems =
|
||||
{
|
||||
mount =
|
||||
{
|
||||
vfat."/dev/disk/by-uuid/7A60-4232" = "/boot";
|
||||
btrfs."/dev/mapper/root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
};
|
||||
swap = [ "/dev/mapper/swap" ];
|
||||
rollingRootfs = {};
|
||||
};
|
||||
nixpkgs.march = "cascadelake";
|
||||
kernel.variant = "xanmod-lts";
|
||||
networking.hostname = "srv1-node0";
|
||||
gui.enable = true;
|
||||
};
|
||||
packages.vasp = null;
|
||||
hardware.cpus = [ "intel" ];
|
||||
services =
|
||||
{
|
||||
snapper.enable = true;
|
||||
sshd = {};
|
||||
xray.client.enable = true;
|
||||
smartd.enable = true;
|
||||
beesd.instances.root = { device = "/"; hashTableSizeMB = 4096; threads = 4; };
|
||||
wireguard =
|
||||
{
|
||||
enable = true;
|
||||
peers = [ "vps6" ];
|
||||
publicKey = "l1gFSDCeBxyf/BipXNvoEvVvLqPgdil84nmr5q6+EEw=";
|
||||
wireguardIp = "192.168.83.3";
|
||||
};
|
||||
slurm =
|
||||
{
|
||||
enable = true;
|
||||
cpu = { cores = 16; threads = 2; mpiThreads = 2; openmpThreads = 4; };
|
||||
memoryMB = 90112;
|
||||
};
|
||||
};
|
||||
user.users = [ "chn" ];
|
||||
};
|
||||
};
|
||||
}
|
@ -1,24 +0,0 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:ftogJ/2oPME8sVbyNAuI3t3GEzUmdCadyjf2g/bjGNx3AoV0jU0SDxnBLDFfoR1rEtV00zfgCMPDGsEXavg+QVvoICpvvhckXMOLXe37H3Ff0wDVJtL4BBIK3oVh/SiYaRm/+uR0x6HW37KX50RRvKvpQoRdMVNnvtKbMjmQVIA=,iv:MOHfTIavoU643K10jSR3HruzoofOqqVspYgiaLc294o=,tag:zjDTPKwAOh/nqkquvAQpbw==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5TTB1bHFXcDhoMk1QVzJ0\nUUplcGVBVUhoOEt0Rnc2ZStDUUpjZmV0eGpvCjFQSGl4TjlMT2R5RExNZWxwOUtz\nSWhhSUtFN0JISzJhclpCMFZDQ09jK28KLS0tIGJydDNoY3hBbEhBYUNYZGZCaWpQ\nQnVDalJCcWpIRTdVaWkzeGVNSGpDRWsKWXoMC8NApfenn191aRwdAjD0iM5+C3R6\nXKpHxfhc1Gf6paxBhketFU+AwWsKiBDKh0gntV49F+YSriPa7uI3FA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzclYwVjdOZnQ1Y2dlUi9n\naXQya21QVHZ0KzMxTkVuTEJuazB4WklqdFdvCmpMd0h6OXUvZSttOFpmeUdsSlNs\nQkhQaVJqVFdidFNMejljV2h3WUFTaFUKLS0tIGNBemY5R1N3T00zMEthZjBsWXZh\nVXRtNG5UV3I3WG5LYUphNUNyUDI5WXcKVQpMe3zYgzHOtQQvo8Vvz94lYR6TBFuV\nD7ztr4rD/Vdk3hkSGZQvdzGjNDdGpac38LUN9vtFQbzMofykcn/etw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2024-02-24T05:48:31Z",
|
||||
"mac": "ENC[AES256_GCM,data:kCLcS6xeMijD8Bxa0MBUbFH2pdXX6BdGL1SztHHPet8loMkiCfgEiyp9l/QjszWa3G6zx3K+0wXXtRXmrNAxThnIgMZQVGCy4Ucw7fp8Pral/5eaJNlZGb56JQPF9ZDHb9YQPDPImaEAKYUtzayyaZAGJGlCmIIhVVhXTx7iiig=,iv:MXRDA/6YnVUbLdYAIrMvrdb2iPsi4Bmr06SPCU8CCVc=,tag:9hT7Xo0tRnHTgAaivKj4QQ==,type:str]",
|
||||
"pgp": null,
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.8.1"
|
||||
}
|
||||
}
|
@ -1,50 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
config =
|
||||
{
|
||||
nixos =
|
||||
{
|
||||
system =
|
||||
{
|
||||
fileSystems =
|
||||
{
|
||||
mount =
|
||||
{
|
||||
vfat."/dev/disk/by-uuid/7A60-4232" = "/boot";
|
||||
btrfs."/dev/mapper/root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
};
|
||||
swap = [ "/dev/mapper/swap" ];
|
||||
rollingRootfs = {};
|
||||
};
|
||||
nixpkgs.march = "broadwell";
|
||||
kernel.variant = "xanmod-lts";
|
||||
networking.hostname = "srv1-node3";
|
||||
gui.enable = true;
|
||||
};
|
||||
packages.vasp = null;
|
||||
hardware.cpus = [ "intel" ];
|
||||
services =
|
||||
{
|
||||
snapper.enable = true;
|
||||
sshd = {};
|
||||
xray.client.enable = true;
|
||||
smartd.enable = true;
|
||||
beesd.instances.root = { device = "/"; hashTableSizeMB = 4096; threads = 4; };
|
||||
wireguard =
|
||||
{
|
||||
enable = true;
|
||||
peers = [ "vps6" ];
|
||||
publicKey = "l1gFSDCeBxyf/BipXNvoEvVvLqPgdil84nmr5q6+EEw=";
|
||||
wireguardIp = "192.168.83.3";
|
||||
};
|
||||
slurm =
|
||||
{
|
||||
enable = true;
|
||||
cpu = { cores = 16; threads = 2; mpiThreads = 2; openmpThreads = 4; };
|
||||
memoryMB = 90112;
|
||||
};
|
||||
};
|
||||
user.users = [ "chn" ];
|
||||
};
|
||||
};
|
||||
}
|
@ -1,24 +0,0 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:ftogJ/2oPME8sVbyNAuI3t3GEzUmdCadyjf2g/bjGNx3AoV0jU0SDxnBLDFfoR1rEtV00zfgCMPDGsEXavg+QVvoICpvvhckXMOLXe37H3Ff0wDVJtL4BBIK3oVh/SiYaRm/+uR0x6HW37KX50RRvKvpQoRdMVNnvtKbMjmQVIA=,iv:MOHfTIavoU643K10jSR3HruzoofOqqVspYgiaLc294o=,tag:zjDTPKwAOh/nqkquvAQpbw==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5TTB1bHFXcDhoMk1QVzJ0\nUUplcGVBVUhoOEt0Rnc2ZStDUUpjZmV0eGpvCjFQSGl4TjlMT2R5RExNZWxwOUtz\nSWhhSUtFN0JISzJhclpCMFZDQ09jK28KLS0tIGJydDNoY3hBbEhBYUNYZGZCaWpQ\nQnVDalJCcWpIRTdVaWkzeGVNSGpDRWsKWXoMC8NApfenn191aRwdAjD0iM5+C3R6\nXKpHxfhc1Gf6paxBhketFU+AwWsKiBDKh0gntV49F+YSriPa7uI3FA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzclYwVjdOZnQ1Y2dlUi9n\naXQya21QVHZ0KzMxTkVuTEJuazB4WklqdFdvCmpMd0h6OXUvZSttOFpmeUdsSlNs\nQkhQaVJqVFdidFNMejljV2h3WUFTaFUKLS0tIGNBemY5R1N3T00zMEthZjBsWXZh\nVXRtNG5UV3I3WG5LYUphNUNyUDI5WXcKVQpMe3zYgzHOtQQvo8Vvz94lYR6TBFuV\nD7ztr4rD/Vdk3hkSGZQvdzGjNDdGpac38LUN9vtFQbzMofykcn/etw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2024-02-24T05:48:31Z",
|
||||
"mac": "ENC[AES256_GCM,data:kCLcS6xeMijD8Bxa0MBUbFH2pdXX6BdGL1SztHHPet8loMkiCfgEiyp9l/QjszWa3G6zx3K+0wXXtRXmrNAxThnIgMZQVGCy4Ucw7fp8Pral/5eaJNlZGb56JQPF9ZDHb9YQPDPImaEAKYUtzayyaZAGJGlCmIIhVVhXTx7iiig=,iv:MXRDA/6YnVUbLdYAIrMvrdb2iPsi4Bmr06SPCU8CCVc=,tag:9hT7Xo0tRnHTgAaivKj4QQ==,type:str]",
|
||||
"pgp": null,
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.8.1"
|
||||
}
|
||||
}
|
29
devices/srv1/default.nix
Normal file
29
devices/srv1/default.nix
Normal file
@ -0,0 +1,29 @@
|
||||
inputs:
|
||||
{
|
||||
config =
|
||||
{
|
||||
nixos =
|
||||
{
|
||||
system =
|
||||
{
|
||||
fileSystems = { swap = [ "/dev/mapper/swap" ]; rollingRootfs = {}; };
|
||||
kernel.variant = "xanmod-lts";
|
||||
gui.enable = true;
|
||||
};
|
||||
hardware.cpus = [ "intel" ];
|
||||
services =
|
||||
{
|
||||
snapper.enable = true;
|
||||
sshd = {};
|
||||
smartd.enable = true;
|
||||
slurm =
|
||||
{
|
||||
enable = true;
|
||||
cpu = { cores = 16; threads = 2; mpiThreads = 2; openmpThreads = 4; };
|
||||
memoryMB = 90112;
|
||||
};
|
||||
};
|
||||
user.users = [ "chn" ];
|
||||
};
|
||||
};
|
||||
}
|
31
devices/srv1/node0/default.nix
Normal file
31
devices/srv1/node0/default.nix
Normal file
@ -0,0 +1,31 @@
|
||||
inputs:
|
||||
{
|
||||
config =
|
||||
{
|
||||
nixos =
|
||||
{
|
||||
system =
|
||||
{
|
||||
fileSystems.mount =
|
||||
{
|
||||
vfat."/dev/disk/by-uuid/7A60-4232" = "/boot";
|
||||
btrfs."/dev/mapper/root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
};
|
||||
nixpkgs.march = "cascadelake";
|
||||
};
|
||||
packages.vasp = null;
|
||||
services =
|
||||
{
|
||||
xray.client.enable = true;
|
||||
beesd.instances.root = { device = "/"; hashTableSizeMB = 4096; threads = 4; };
|
||||
wireguard =
|
||||
{
|
||||
enable = true;
|
||||
peers = [ "vps6" ];
|
||||
publicKey = "l1gFSDCeBxyf/BipXNvoEvVvLqPgdil84nmr5q6+EEw=";
|
||||
wireguardIp = "192.168.83.3";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
31
devices/srv1/node3/default.nix
Normal file
31
devices/srv1/node3/default.nix
Normal file
@ -0,0 +1,31 @@
|
||||
inputs:
|
||||
{
|
||||
config =
|
||||
{
|
||||
nixos =
|
||||
{
|
||||
system =
|
||||
{
|
||||
fileSystems.mount =
|
||||
{
|
||||
vfat."/dev/disk/by-uuid/7A60-4232" = "/boot";
|
||||
btrfs."/dev/mapper/root1" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
|
||||
};
|
||||
nixpkgs.march = "cascadelake";
|
||||
};
|
||||
packages.vasp = null;
|
||||
services =
|
||||
{
|
||||
xray.client.enable = true;
|
||||
beesd.instances.root = { device = "/"; hashTableSizeMB = 4096; threads = 4; };
|
||||
wireguard =
|
||||
{
|
||||
enable = true;
|
||||
peers = [ "vps6" ];
|
||||
publicKey = "l1gFSDCeBxyf/BipXNvoEvVvLqPgdil84nmr5q6+EEw=";
|
||||
wireguardIp = "192.168.83.3";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
@ -26,7 +26,6 @@ inputs:
|
||||
nixpkgs.march = "skylake";
|
||||
nix = { substituters = [ "https://nix-store.chn.moe?priority=100" ]; githubToken.enable = true; };
|
||||
kernel = { variant = "xanmod-lts"; patches = [ "surface" "hibernate-progress" ]; };
|
||||
networking.hostname = "surface";
|
||||
gui.enable = true;
|
||||
};
|
||||
hardware = { cpus = [ "intel" ]; gpu.type = "intel"; };
|
||||
|
@ -29,7 +29,7 @@ inputs:
|
||||
nixpkgs.march = "znver2";
|
||||
nix.substituters = [ "https://nix-store.chn.moe?priority=100" ];
|
||||
initrd.sshd.enable = true;
|
||||
networking = { hostname = "vps4"; networkd = {}; };
|
||||
networking.networkd = {};
|
||||
kernel.variant = "xanmod-latest";
|
||||
nix-ld = null;
|
||||
binfmt = null;
|
||||
|
@ -29,7 +29,7 @@ inputs:
|
||||
nixpkgs.march = "sandybridge";
|
||||
nix.substituters = [ "https://nix-store.chn.moe?priority=100" ];
|
||||
initrd.sshd.enable = true;
|
||||
networking = { hostname = "vps6"; networkd = {}; };
|
||||
networking.networkd = {};
|
||||
# do not use cachyos kernel, beesd + cachyos kernel + heavy io = system freeze, not sure why
|
||||
};
|
||||
services =
|
||||
|
@ -29,7 +29,7 @@ inputs:
|
||||
nixpkgs.march = "znver2";
|
||||
nix.substituters = [ "https://nix-store.chn.moe?priority=100" ];
|
||||
initrd.sshd.enable = true;
|
||||
networking = { hostname = "vps7"; networkd = {}; };
|
||||
networking.networkd = {};
|
||||
kernel.variant = "xanmod-lts";
|
||||
};
|
||||
services =
|
||||
|
@ -48,7 +48,6 @@ inputs:
|
||||
};
|
||||
};
|
||||
gui = { enable = true; preferred = false; autoStart = true; };
|
||||
networking.hostname = "xmupc1";
|
||||
nix.remote.slave.enable = true;
|
||||
};
|
||||
hardware = { cpus = [ "amd" ]; gpu.type = "nvidia"; };
|
||||
|
@ -41,7 +41,6 @@ inputs:
|
||||
};
|
||||
};
|
||||
gui = { enable = true; preferred = false; autoStart = true; };
|
||||
networking.hostname = "xmupc2";
|
||||
nix =
|
||||
{
|
||||
marches =
|
||||
|
24
flake.nix
24
flake.nix
@ -76,18 +76,14 @@
|
||||
# nixos-wallpaper = { url = "git+https://git.chn.moe/chn/nixos-wallpaper.git"; flake = false; };
|
||||
};
|
||||
|
||||
outputs = inputs:
|
||||
let
|
||||
localLib = import ./flake/lib.nix inputs.nixpkgs.lib;
|
||||
devices = [ "nas" "pc" "pi3b" "srv1-node0" "srv1-node3" "surface" "vps4" "vps6" "vps7" "xmupc1" "xmupc2" ];
|
||||
in
|
||||
{
|
||||
packages.x86_64-linux = import ./flake/packages.nix { inherit inputs devices; };
|
||||
nixosConfigurations = import ./flake/nixos.nix { inherit inputs devices localLib; };
|
||||
overlays.default = final: prev:
|
||||
{ localPackages = (import ./packages { inherit localLib; pkgs = final; topInputs = inputs; }); };
|
||||
config = { archive = false; branch = "production"; };
|
||||
devShells.x86_64-linux = import ./flake/dev.nix { inherit inputs; };
|
||||
src = import ./flake/src.nix { inherit inputs; };
|
||||
};
|
||||
outputs = inputs: let localLib = import ./flake/lib.nix inputs.nixpkgs.lib; in
|
||||
{
|
||||
packages.x86_64-linux = import ./flake/packages.nix { inherit inputs localLib; };
|
||||
nixosConfigurations = import ./flake/nixos.nix { inherit inputs localLib; };
|
||||
overlays.default = final: prev:
|
||||
{ localPackages = (import ./packages { inherit localLib; pkgs = final; topInputs = inputs; }); };
|
||||
config = { archive = false; branch = "production"; };
|
||||
devShells.x86_64-linux = import ./flake/dev.nix { inherit inputs; };
|
||||
src = import ./flake/src.nix { inherit inputs; };
|
||||
};
|
||||
}
|
||||
|
@ -1,18 +1,51 @@
|
||||
{ inputs, devices, localLib }:
|
||||
builtins.listToAttrs (builtins.map
|
||||
(system:
|
||||
{
|
||||
name = system;
|
||||
value = inputs.nixpkgs.lib.nixosSystem
|
||||
{ inputs, localLib }:
|
||||
builtins.listToAttrs
|
||||
(
|
||||
(builtins.map
|
||||
(system:
|
||||
{
|
||||
system = let arch.pi3b = "aarch64-linux"; in arch.${system} or "x86_64-linux";
|
||||
specialArgs = { topInputs = inputs; inherit localLib; };
|
||||
modules = localLib.mkModules
|
||||
[
|
||||
{ config.nixpkgs.overlays = [ inputs.self.overlays.default ]; }
|
||||
../modules
|
||||
../devices/${system}
|
||||
];
|
||||
};
|
||||
})
|
||||
devices)
|
||||
name = system;
|
||||
value = inputs.nixpkgs.lib.nixosSystem
|
||||
{
|
||||
system = let arch.pi3b = "aarch64-linux"; in arch.${system} or "x86_64-linux";
|
||||
specialArgs = { topInputs = inputs; inherit localLib; };
|
||||
modules = localLib.mkModules
|
||||
[
|
||||
{
|
||||
config =
|
||||
{
|
||||
nixpkgs.overlays = [ inputs.self.overlays.default ];
|
||||
nixos.system.networking.hostname = system;
|
||||
};
|
||||
}
|
||||
../modules
|
||||
../devices/${system}
|
||||
];
|
||||
};
|
||||
})
|
||||
[ "nas" "pc" "pi3b" "surface" "vps4" "vps6" "vps7" "xmupc1" "xmupc2" ])
|
||||
++ (builtins.map
|
||||
(node:
|
||||
{
|
||||
name = "srv1-${node}";
|
||||
value = inputs.nixpkgs.lib.nixosSystem
|
||||
{
|
||||
system = "x86_64-linux";
|
||||
specialArgs = { topInputs = inputs; inherit localLib; };
|
||||
modules = localLib.mkModules
|
||||
[
|
||||
{
|
||||
config =
|
||||
{
|
||||
nixpkgs.overlays = [ inputs.self.overlays.default ];
|
||||
nixos.system.cluster = { clusterName = "srv1"; nodeName = node; };
|
||||
};
|
||||
}
|
||||
../modules
|
||||
../devices/srv1
|
||||
../devices/srv1/${node}
|
||||
];
|
||||
};
|
||||
})
|
||||
[ "node0" "node3" ])
|
||||
)
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ inputs, devices }: rec
|
||||
{ inputs, localLib }: rec
|
||||
{
|
||||
pkgs = (import inputs.nixpkgs
|
||||
{
|
||||
@ -17,10 +17,6 @@
|
||||
blog = pkgs.callPackage ../blog { inherit (inputs) hextra; };
|
||||
}
|
||||
// (builtins.listToAttrs (builtins.map
|
||||
(system:
|
||||
{
|
||||
name = system;
|
||||
value = inputs.self.outputs.nixosConfigurations.${system}.config.system.build.toplevel;
|
||||
})
|
||||
devices)
|
||||
(system: { inherit (system) name; value = system.value.config.system.build.toplevel; })
|
||||
localLib.attrsToList inputs.self.outputs.nixosConfigurations)
|
||||
)
|
||||
|
21
modules/system/cluster.nix
Normal file
21
modules/system/cluster.nix
Normal file
@ -0,0 +1,21 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.system.cluster = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{
|
||||
type = types.nullOr (types.submodule { options =
|
||||
{
|
||||
clusterName = mkOption { type = types.nonEmptyStr; };
|
||||
nodeName = mkOption { type = types.nonEmptyStr; };
|
||||
nodeType = mkOption { type = types.enum [ "master" "worker" ]; default = "worker"; };
|
||||
};});
|
||||
default = null;
|
||||
};
|
||||
config = let inherit (inputs.config.nixos.system) cluster; in inputs.lib.mkIf (cluster != null)
|
||||
{
|
||||
nixos.system.networking.hostname = "${cluster.clusterName}-${cluster.nodeName}";
|
||||
# 作为从机时,home-manager 需要被禁用
|
||||
systemd.services = inputs.lib.mkIf (cluster.nodeType == "worker") (builtins.listToAttrs (builtins.map
|
||||
(user: { "home-manager-${user}".enable = false; })
|
||||
inputs.config.nixos.users.users));
|
||||
};
|
||||
}
|
@ -5,28 +5,26 @@ inputs:
|
||||
enable = mkOption { type = types.bool; default = true; };
|
||||
keyPathPrefix = mkOption { type = types.str; default = "/nix/persistent"; };
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.lib) mkIf;
|
||||
inherit (inputs.config.nixos.system) sops;
|
||||
in mkIf sops.enable
|
||||
config = let inherit (inputs.config.nixos.system) sops; in inputs.lib.mkIf sops.enable
|
||||
{
|
||||
sops =
|
||||
{
|
||||
sops =
|
||||
{
|
||||
defaultSopsFile =
|
||||
let deviceDir = "${inputs.topInputs.self}/devices/${inputs.config.nixos.system.networking.hostname}";
|
||||
in mkIf
|
||||
(
|
||||
builtins.pathExists "${deviceDir}/secrets.yaml"
|
||||
|| builtins.pathExists "${deviceDir}/secrets/default.yaml"
|
||||
)
|
||||
(
|
||||
if builtins.pathExists "${deviceDir}/secrets.yaml" then "${deviceDir}/secrets.yaml"
|
||||
else "${deviceDir}/secrets/default.yaml"
|
||||
);
|
||||
# sops start before impermanence, so we need to use the absolute path
|
||||
age.sshKeyPaths = [ "${sops.keyPathPrefix}/etc/ssh/ssh_host_ed25519_key" ];
|
||||
gnupg.sshKeyPaths = [ "${sops.keyPathPrefix}/etc/ssh/ssh_host_rsa_key" ];
|
||||
};
|
||||
defaultSopsFile =
|
||||
let deviceDir =
|
||||
if (inputs.config.nixos.system.cluster == null) then
|
||||
"${inputs.topInputs.self}/devices/${inputs.config.nixos.system.networking.hostname}"
|
||||
else
|
||||
"${inputs.topInputs.self}/devices/${inputs.config.nixos.system.cluster.clusterName}"
|
||||
+ "/${inputs.config.nixos.system.cluster.nodeName}";
|
||||
in inputs.lib.mkMerge
|
||||
[
|
||||
(inputs.lib.mkIf (builtins.pathExists "${deviceDir}/secrets.yaml") "${deviceDir}/secrets.yaml")
|
||||
(inputs.lib.mkIf (builtins.pathExists "${deviceDir}/secrets/default.yaml")
|
||||
"${deviceDir}/secrets/default.yaml")
|
||||
];
|
||||
# sops start before impermanence, so we need to use the absolute path
|
||||
age.sshKeyPaths = [ "${sops.keyPathPrefix}/etc/ssh/ssh_host_ed25519_key" ];
|
||||
gnupg.sshKeyPaths = [ "${sops.keyPathPrefix}/etc/ssh/ssh_host_rsa_key" ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -84,9 +84,10 @@ inputs:
|
||||
home-manager.users = builtins.listToAttrs (builtins.map
|
||||
(name: { inherit name; value.imports = user.sharedModules; })
|
||||
user.users);
|
||||
environment.persistence."${inputs.config.nixos.system.impermanence.persistence}".directories = builtins.map
|
||||
(user: { directory = "/home/${user}"; inherit user; group = user; mode = "0700"; })
|
||||
(builtins.filter (user: user != "chn") user.users);
|
||||
environment.persistence."${inputs.config.nixos.system.impermanence.persistence}".directories =
|
||||
inputs.lib.mkIf (inputs.config.nixos.system.cluster.nodeType or null != "worker") (builtins.map
|
||||
(user: { directory = "/home/${user}"; inherit user; group = user; mode = "0700"; })
|
||||
(builtins.filter (user: user != "chn") user.users));
|
||||
}
|
||||
# set hashedPassword if it exist in secrets
|
||||
(
|
||||
|
Loading…
Reference in New Issue
Block a user