diff --git a/.sops.yaml b/.sops.yaml index bd32ce6b..989725a7 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -7,8 +7,9 @@ keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age - &srv1-node0 age1nzetyehldf3gl6pr6mu5d2cv387p8wjqn6wfpll7a3sl8us6n38s0ds633 - &srv1-node1 age1wj33xt8nj7rhnsenepsf6k3lmq5vk4wn84jwr55qy9cwu05xn5cspg3h7t - &srv1-node2 age16e7ykphshal6qhwfvat698hl48s8yr0jvzh27ecdyfh5uk7t9u6s753jgy - - &srv2-node0 age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw - - &srv2-node1 age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg + - &srv2-node0 age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg + - &srv2-node1 age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw + - &srv2-node2 age1k2y0vm4tmf88vg6zfed8q8zv544g4u0l5ry4kmm4hmzslvj5vdxskhat2n - &test age1vgqvdqqe3mn0gvh0hydvu9c5f9yn5vek08cagyvwjhyta6utpvuq00g9c2 - &test-pc age17a8y4yr2ckuek67rt786ujuf7705gvj3vv6ezktxxmgayea9zcyqet7hgc - &test-pc-vm age1wmcayhf9eyx9e9yp97850mqas9ns455crce8hfmvnupgcxd6sews5r0cln @@ -30,11 +31,13 @@ creation_rules: - path_regex: devices/srv1/node2/.*$ key_groups: [{ age: [ *chn, *srv1-node2 ] }] - path_regex: devices/srv2/secrets/.*$ - key_groups: [{ age: [ *chn, *srv2-node0, *srv2-node1 ] }] + key_groups: [{ age: [ *chn, *srv2-node0, *srv2-node1, *srv2-node2 ] }] - path_regex: devices/srv2/node0/.*$ key_groups: [{ age: [ *chn, *srv2-node0 ] }] - path_regex: devices/srv2/node1/.*$ key_groups: [{ age: [ *chn, *srv2-node1 ] }] + - path_regex: devices/srv2/node2/.*$ + key_groups: [{ age: [ *chn, *srv2-node2 ] }] - path_regex: devices/test/.*$ key_groups: [{ age: [ *chn, *test ] }] - path_regex: devices/test-pc/.*$ @@ -44,7 +47,7 @@ creation_rules: - path_regex: devices/cross/secrets/default.yaml$ key_groups: - age: [ *chn, *pc, *vps4, *vps6, *nas, *srv1-node0, *srv1-node1, *srv1-node2, *srv2-node0, *srv2-node1, - *test, *test-pc, *test-pc-vm] + *srv2-node2, *test, *test-pc, *test-pc-vm ] - path_regex: devices/cross/secrets/chn.yaml$ key_groups: - age: [ *chn, *pc, *nas ] diff --git a/devices/cross/tinc.nix b/devices/cross/tinc.nix index 61692282..51286051 100644 --- a/devices/cross/tinc.nix +++ b/devices/cross/tinc.nix @@ -11,6 +11,7 @@ let srv1-node2 = "e6jW9g4QY357ocMRoW4P0s6UHAspvKJzmAGb/WT1a+H"; srv2-node0 = "zTv+o7K2SpcPp9YLrPe8iJqCunrCiJyqz13fXcDouEH"; srv2-node1 = "sk/w+GBrt0lzkTZ3y3vZ/eHKNrG8X95eqR9IuhCFYwB"; + srv2-node2 = "csZoiTwZItonm6h+uqkJ5z9J6o1iFlBESQ2u97Wz2JL"; vps4 = "N03OoCyj4ADkeN3cimJI/bJrBw8g1kz3TJ+1BTe+oyA"; vps6 = "rYOCGG+B4isTifKJQqsEdfhQuQRnUiIsvz7uI7vZiDN"; }; @@ -27,7 +28,7 @@ let forwards = [ { weight = 1; address = [ "nas" "pc" "srv2-node0" ]; } - { weight = 2; address = [ "srv2-node1" ]; } + { weight = 2; address = [ "srv2-node1" "srv2-node2" ]; } { weight = 10; address = [ "vps6" ]; } { weight = 11; address = [ "vps4" ]; } ]; @@ -37,7 +38,7 @@ let # srv2 内部网络 { to = "srv2-node0"; - from.srv2-node1 = 1; + from = { srv2-node1 = 1; srv2-node2 = 1; }; address = "192.168.178.1"; forwards = [ @@ -48,6 +49,7 @@ let ]; } { to = "srv2-node1"; from.srv2-node0 = 1; address = "192.168.178.2"; } + { to = "srv2-node2"; from.srv2-node0 = 1; address = "192.168.178.3"; } # 厦大内网 { to = "srv1-node0"; @@ -59,7 +61,7 @@ let to = "srv2-node0"; from = { nas = 1; pc = 1; srv1-node0 = 1; }; address = getAddress "srv2-node0"; - forwards = [{ weight = 1; address = [ "nas" "pc" "srv2-node1" ]; }]; + forwards = [{ weight = 1; address = [ "nas" "pc" "srv2-node1" "srv2-node2" ]; }]; } # 公网服务器 { @@ -71,7 +73,7 @@ let { weight = 1; address = [ "vps6" ]; } { weight = 10; address = [ "nas" ]; } { weight = 11; address = [ "pc" "srv1-node0" "srv2-node0" ]; } - { weight = 12; address = [ "srv1-node1" "srv1-node2" "srv2-node1" ]; } + { weight = 12; address = [ "srv1-node1" "srv1-node2" "srv2-node1" "srv2-node2" ]; } ]; } { @@ -82,7 +84,7 @@ let [ { weight = 1; address = [ "vps4" ]; } { weight = 10; address = [ "pc" "srv1-node0" "srv2-node0" ]; } - { weight = 11; address = [ "nas" "srv1-node1" "srv1-node2" "srv2-node1" ]; } + { weight = 11; address = [ "nas" "srv1-node1" "srv1-node2" "srv2-node1" "srv2-node2" ]; } ]; } ]; diff --git a/devices/srv2/default.nix b/devices/srv2/default.nix index 9a257b05..a42acf86 100644 --- a/devices/srv2/default.nix +++ b/devices/srv2/default.nix @@ -19,6 +19,8 @@ inputs: "6.1" # 2080 Ti "7.5" + # A30 + "8.0" # 3090 "8.6" # 4090 @@ -38,41 +40,49 @@ inputs: srv2-node0 = { name = "n0"; address = "192.168.178.1"; - cpu = { sockets = 2; cores = 22; threads = 2; }; - memoryGB = 240; - gpus."4090" = 1; - }; - srv2-node1 = - { - name = "n1"; address = "192.168.178.2"; cpu = { sockets = 2; cores = 8; threads = 2; }; memoryGB = 80; gpus = { "3090" = 1; "4090" = 1; }; }; + srv2-node1 = + { + name = "n1"; address = "192.168.178.2"; + cpu = { sockets = 2; cores = 22; threads = 2; }; + memoryGB = 240; + gpus."4090" = 1; + }; + srv2-node2 = + { + name = "n2"; address = "192.168.178.3"; + cpu = { sockets = 2; cores = 28; threads = 2; }; + memoryGB = 496; + gpus.a30 = 2; + }; }; partitions = { - all = [ "srv2-node0" "srv2-node1" ]; + all = [ "srv2-node0" "srv2-node1" "srv2-node2" ]; n0 = [ "srv2-node0" ]; n1 = [ "srv2-node1" ]; + n2 = [ "srv2-node2" ]; }; defaultPartition = "all"; tui = { cpuQueues = [ - { name = "n0"; mpiThreads = 8; openmpThreads = 5; memoryGB = 216; allocateCpus = 43; } - { name = "n1"; mpiThreads = 4; openmpThreads = 3; memoryGB = 32; allocateCpus = 12; } + { name = "n1"; mpiThreads = 8; openmpThreads = 5; memoryGB = 216; allocateCpus = 43; } + { name = "n2"; mpiThreads = 8; openmpThreads = 6; memoryGB = 464; allocateCpus = 54; } ]; gpuQueues = [ - { name = "all"; gpuIds = [ "4090" "3090" ]; } - { name = "n0"; gpuIds = [ "4090" ]; } - { name = "n1"; gpuIds = [ "3090" "4090" ]; } + { name = "all"; gpuIds = [ "3090" "4090" "a30" ]; } + { name = "n0"; gpuIds = [ "3090" "4090" ]; } + { name = "n1"; gpuIds = [ "4090" ]; } + { name = "n2"; gpuIds = [ "a30" ]; } ]; }; }; - mariadb.mountFrom = "nodatacow"; }; packages = { vasp = {}; desktop = {}; lumerical = {}; }; user.users = diff --git a/devices/srv2/node0/default.nix b/devices/srv2/node0/default.nix index d3bd9bee..545f37cf 100644 --- a/devices/srv2/node0/default.nix +++ b/devices/srv2/node0/default.nix @@ -7,38 +7,24 @@ inputs: model.cluster.nodeType = "master"; system = { - nixpkgs.march = "skylake"; + nixpkgs.march = "znver3"; network.settings = { - static.eno2 = { ip = "192.168.178.1"; mask = 24; }; - masquerade = [ "eno2" ]; - trust = [ "eno2" ]; - }; - nix.remote.slave = {}; - fileSystems = - { - swap = [ "/dev/disk/by-partlabel/srv2-node0-swap" ]; - mount.btrfs."/dev/disk/by-partlabel/srv2-node0-root1" = - { - "/nix/remote/jykang" = "/data/gpfs01/jykang/.nix"; - "/nix/remote/xmuhk" = "/public/home/xmuhk/.nix"; - "/nix/remote/wlin" = "/data/gpfs01/wlin/.nix"; - }; + static.enp58s0 = { ip = "192.168.178.1"; mask = 24; }; + trust = [ "enp58s0" ]; + masquerade = [ "enp58s0" ]; }; + fileSystems.swap = [ "/dev/disk/by-partlabel/srv2-node0-swap" ]; }; services = { - xray.client.dnsmasq = { extraInterfaces = [ "eno1" "eno2" ]; hosts."hpc.xmu.edu.cn" = "121.192.191.11"; }; - beesd."/" = { hashTableSizeMB = 16 * 128; loadAverage = 8; }; - xrdp = { enable = true; hostname = [ "srv2.chn.moe" ]; }; - samba = { hostsAllowed = ""; shares = { home.path = "/home"; root.path = "/"; }; }; - groupshare = {}; + xray.client.dnsmasq.extraInterfaces = [ "enp58s0" ]; + beesd."/".hashTableSizeMB = 10 * 128; hpcstat = {}; - ollama = {}; sshd = { groupBanner = true; motd = true; }; - speedtest = {}; lumericalLicenseManager.macAddress = "70:20:84:09:a3:52"; }; }; + services.hardware.bolt.enable = true; }; } diff --git a/devices/srv2/node0/secrets.yaml b/devices/srv2/node0/secrets.yaml index da6c279c..f97362c0 100644 --- a/devices/srv2/node0/secrets.yaml +++ b/devices/srv2/node0/secrets.yaml @@ -4,31 +4,28 @@ mariadb: slurm: ENC[AES256_GCM,data:9wLQ1zF/kDaiw0s3UaRpiHgmngU7u6hwyqpddSjev0+Z0v58Q2oiJtK8vn+2VlSxx5ACfqEFbzp0PZYAxd575w==,iv:q9JTkgDymOwkbZ/PaxRAAQrtO96QmGgZcQuLTFCMoS4=,tag:dwOHlOTgZqT/1jQ+oGf7UQ==,type:str] hpcstat: key: ENC[AES256_GCM,data:+Z7MRDkLLdUqDwMrkafFKkBjeCkw+zgRoAoiVEwrr+LY0uMeW8nNYoaYrfz6Ig8CMCDgX3n/DMb0ibUeN32j3HShQIStbtUxRPGpQMyH+ealbvgskGriTFpST4VPyQxNACkUpq/e+sh2CmLbKkSxhamkjKOXwsfqrBlgVbEkp7u7HkWGuAaYL1oPGt0Q94fWXwH0UVhRYZYQ2iFA/S6SEZY8gxaTIGDKUdWU9+fOHzPQ5WfhxtKYU4p4ydyfYsAt6ffqnPSx/SI72GsUCOJ4981JX8TuvnEzx3gQLVFYheK6NibTWCy6eODbvguieVOTHSvCPTrHmoP12lHVWU2kKzLwv70Jl7sXyzKHYROG0D+/z/4DKlNeotKM/IA0q2cST08/lwSKN7WDDmrt+O6xXhvwby28ZYKEsSvvrfV+VIKzHPl84ZKbUEX5xv/GHc3THfznUvKKz5PzDiqrkjCkEt5PRMsVW9A6MU1+QEUr+sXLLtcUd2CCL87c8CpwNHJx1us6vJ4ji1gu0PGoT+60,iv:yU6j9W2Hs2D34uHMJqqPFbNy2pNEZY2kzXoNdhPMSmA=,tag:TNvEfMVrhu7HrNxY8qe5mg==,type:str] -wireless: - #ENC[AES256_GCM,data:n9OPSJsB7yNk,iv:xQzKJxqPB7uT83m/B4UoOje6NQbPLhuHR7Hp93oNz8A=,tag:gtsTx6ALnS/7fIDd7VimOg==,type:comment] - 409的5G: ENC[AES256_GCM,data:K9wm3zedoil7jHgTcb+VmbdbkG2dgrMdr3BmDRUHDVADqLANMvnUMSecggYTO4HaiI9q6uv2/BSkluanD5K4Dw==,iv:7dGET3ULKlnaDMVmkuXDek+hQPLZ2VUbPqvEOX+5jlQ=,tag:MBGmQ0NNNqX+T9EsBiWCaw==,type:str] tinc: ENC[AES256_GCM,data:9S3QK3lLT59GNhppHc1IoC7bN0mntbcQIZmVjtxOpQxzJDJQ63jBCfoupyfjmW3JCpWSWtelZ58VPeTOHZ6NXr2xJMitvqGAiJzsd9ZGYvlv6+OR2swXVyDMBhcQpU+1ui/5zEPFDWIxRMIoIJL3VO9la6gxHQY1st5p2REh3VpSu0R/b1ormlmSPyRtjCS4LlGpXF8FnHilE9wOLm6AhtGhq5nAHAwPCj/gVpDNI0Y+88shBbNTRG4ucXsEX3S/+IgDLElB7nE=,iv:nEa5NMxfi9rc194TMEldAw1E7Bw24qM5htVUerd1nNU=,tag:A8GB/LFeBNyAq7MfpSFaQw==,type:str] sops: age: - recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0Rmc2Ull1WFB4Smh3c0Zl - emlTNGJKZkpIK2JFeUNVeUcrR2FzRXRQZHlvCkhzMHpzYmZRZ0M0cXdRVi8wZmp6 - ZDRZQ2FkOWt6M0lrdjBHa3VTWXBDKzgKLS0tIGtJbTRRelg1VVk2QStwdzlFM1g4 - M1JOd1g3cVdjUFRhZ0FxcWphZXZJbkkKFXDtJVoi+qIrXp6cznevuZ+peBiRRITP - rrplqLiYsNIGKmKYtRIUu8WXDZ2q2CJ8Z+pka3W3H/U+m957hBDWyw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuMmhpYzZ4eDJuWHlJMkZW + S2RZcXorSm1PeVdGdjBlekxuTTh2c0Z3OFI4CkU3K3FjdlhnMWpYRUI2Q0w4bFV1 + bkQyOXVKdHlMRUJrMEdlTG1KMUREK2MKLS0tIEhhd1Zib3I5cW9ZODh1bmcrcTR2 + SHdEbGcwaFhrMG83R213cjVzb25XUHcKcxYocTTMZw1V3o9pA1wAzmoHsMCmyMUh + Kk5PaZ9vF5IDL2H7f+OI1G6C1tJmgMWWbBh9xcSNv+qF/ydDuo4UIQ== -----END AGE ENCRYPTED FILE----- - - recipient: age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw + - recipient: age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsSHdka3FPQUYrcXQzcTFo - a000TUllT0MvUzk5ZzVFbXZheG9ZVTM2S253CkE5VW9tQktvL2pMWFoxcnFjTGpr - Z0p1RjZWRGpSZ01TdTZRcEJXM2NOUkUKLS0tIC9rNmNzWitMdEd5dXQvdWlELzhM - M0xoL1dQR0kvMWpzN0RMNWVCTFQxNFUKj9LPjBo5NGOrGYNvu8qZ13PLYjLEWllU - LARzEn4XgkeHckouwvxZYMCx7WxmAruRWaOvnxTIczzSNP7wIrqnkA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwZ0EyWGMxdEo1RUE3L3VU + ZVluRXlKcHRoOWI3bmRSbmNqcFlpUlZ5YjFnCmJQclRtdm5CYWxvY3VUSUxIaGRy + aElNUXAyYklnS2Z5SkVNR1JXRzg4RU0KLS0tIGVPQ2J0WjkwUWpoa2Z1WWNCTUJG + b3JKVnp1ZnRLcE9ocU9McVM3M3d4UjAKdu8xipFbNbIoYEcatUAUFe36CzP2E2HI + VSfPQWmRmb3/jF22b6Oy2B1DmDDvJ8T6+zUcp8J6C4Mln9oZj6dAZw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-10-12T08:53:38Z" - mac: ENC[AES256_GCM,data:65vJWsL3KDz200mYsRVgsXM1N1nm/m+fHdFKeVufm/Nr9zsB/Q9e3KVmrjQAKC7s/WYxOYc1IY3yI+bf5duJzYWeVMzLQb1BqYOV0/UhYsPPGVHMe85+daThufo6rAWgHVALu/rC9Lo01hMRL+VwFglfiStDOP38Greku+Z/ruk=,iv:6APK7Ar1xbYgMTKeiLE0BSY48oPWDCV0JD+19s4iAQI=,tag:wbBrvnQMrPzSPXAw0bIYHw==,type:str] + lastmodified: "2025-10-27T06:32:42Z" + mac: ENC[AES256_GCM,data:x3Eod0i1X8/xee1DpHMzAqqEi4RruA+s1yrqOcH5xdWBZf3aosXGHvR/4+ev6enZ+HsuUOfN9dtfP5vMFSJXott+5tgXDL1hnk9x35dvMjRs1Q7VnOj20nWT/JUziz/2QgZQ5Y4Tfi3wq127GvITFn574LBKS76TqpLkSH+GUsQ=,iv:cxLYUKjJSJD6IigpmWZwcQNNolIYU9K0Go6WbewmJMU=,tag:lqC882yz/E4BvO4y9yz/yw==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2 diff --git a/devices/srv2/node1/default.nix b/devices/srv2/node1/default.nix index 61606719..260f4b1e 100644 --- a/devices/srv2/node1/default.nix +++ b/devices/srv2/node1/default.nix @@ -6,18 +6,17 @@ inputs: { system = { - nixpkgs.march = "znver3"; + nixpkgs.march = "skylake"; network.settings = { - static.enp58s0 = - { ip = "192.168.178.2"; mask = 24; gateway = "192.168.178.1"; dns = "192.168.178.1"; }; - trust = [ "enp58s0" ]; + static.eno2 = { ip = "192.168.178.2"; mask = 24; gateway = "192.168.178.1"; dns = "192.168.178.1"; }; + trust = [ "eno2" ]; }; fileSystems.swap = [ "/nix/swap/swap" ]; }; services = { - beesd."/".hashTableSizeMB = 64; + beesd."/" = {}; lumericalLicenseManager.macAddress = "04:42:1a:26:0c:07"; }; }; diff --git a/devices/srv2/node2/default.nix b/devices/srv2/node2/default.nix new file mode 100644 index 00000000..087833b4 --- /dev/null +++ b/devices/srv2/node2/default.nix @@ -0,0 +1,35 @@ +inputs: +{ + config = + { + nixos = + { + system = + { + nixpkgs.march = "icelake-server"; + network.settings = + { + # TODO: set correct interface name + static.eno2 = { ip = "192.168.178.3"; mask = 24; gateway = "192.168.178.1"; dns = "192.168.178.1"; }; + trust = [ "eno2" ]; + }; + fileSystems = + { + swap = [ "/nix/swap/swap" ]; + mount.btrfs."/dev/disk/by-partlabel/srv2-node2-root1" = + { + "/nix/remote/jykang.xmuhpc" = "/data/gpfs01/jykang/.nix"; + "/nix/remote/xmuhk" = "/public/home/xmuhk/.nix"; + "/nix/remote/wlin" = "/data/gpfs01/wlin/.nix"; + }; + }; + }; + services = + { + beesd."/" = {}; + # TODO: set correct MAC address + lumericalLicenseManager.macAddress = "70:20:84:09:a3:52"; + }; + }; + }; +} diff --git a/devices/srv2/node2/secrets.yaml b/devices/srv2/node2/secrets.yaml new file mode 100644 index 00000000..b6e58051 --- /dev/null +++ b/devices/srv2/node2/secrets.yaml @@ -0,0 +1,25 @@ +tinc: ENC[AES256_GCM,data:zz2sNzrCiqUvyccyhG7hzpF3E8RMdWWdIW98j4Kw8rSGZEKtSkCX/YDibTRSOIuSn/hX7P9FqKgoOgKhqQcuh2gsRjaZSbccMhc3NqOXujL5y586PD9xCk2bUXDXzmRiHx8oiB1rOO86KQovfevl0yGtfpDmkuqt14OXNXvrVoCA4ChfUVwy0Yw53JlQrXl9ZndRvP6pHN4esv9UmUxrA8b//hFyJHPzSKiIfX6NGx+htH0P5UUSxKomYNqCrrtJG9RoXSgo2Go=,iv:jy4qmcl5QDaA6ub7/vHQpgiWIFj4tw0IKxGeg40W/E0=,tag:g6+jb5fInKukYWvIekyDxw==,type:str] +sops: + age: + - recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0Rmc2Ull1WFB4Smh3c0Zl + emlTNGJKZkpIK2JFeUNVeUcrR2FzRXRQZHlvCkhzMHpzYmZRZ0M0cXdRVi8wZmp6 + ZDRZQ2FkOWt6M0lrdjBHa3VTWXBDKzgKLS0tIGtJbTRRelg1VVk2QStwdzlFM1g4 + M1JOd1g3cVdjUFRhZ0FxcWphZXZJbkkKFXDtJVoi+qIrXp6cznevuZ+peBiRRITP + rrplqLiYsNIGKmKYtRIUu8WXDZ2q2CJ8Z+pka3W3H/U+m957hBDWyw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsSHdka3FPQUYrcXQzcTFo + a000TUllT0MvUzk5ZzVFbXZheG9ZVTM2S253CkE5VW9tQktvL2pMWFoxcnFjTGpr + Z0p1RjZWRGpSZ01TdTZRcEJXM2NOUkUKLS0tIC9rNmNzWitMdEd5dXQvdWlELzhM + M0xoL1dQR0kvMWpzN0RMNWVCTFQxNFUKj9LPjBo5NGOrGYNvu8qZ13PLYjLEWllU + LARzEn4XgkeHckouwvxZYMCx7WxmAruRWaOvnxTIczzSNP7wIrqnkA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-10-27T06:34:19Z" + mac: ENC[AES256_GCM,data:0US1WVfJ9dvXTL36XpM+veFfdUl56CxgYBSdXJe0+LPHZhpcM/R9O2DsD4kzGmvqB8d8gm140zr02F6H+tqP6IHYbNSU20uISheF4dfWFFu6DlHqx3+c9aRxrmX8PUlwHmyDsjK0Uu6wdsEeWiPqkXkA9lpDNkATlHgsbspH3Zw=,iv:21mFu3TB4+SxwBQgPGhbLQI/6SPL97j3hATo66XWUtQ=,tag:2sn70EntUBrJ5w7zy/7dpw==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/devices/srv2/secrets/munge.key b/devices/srv2/secrets/munge.key index 67624a3a..848d78b6 100644 --- a/devices/srv2/secrets/munge.key +++ b/devices/srv2/secrets/munge.key @@ -1,28 +1,27 @@ { "data": "ENC[AES256_GCM,data:Um00c+kry3QrHEZVdlUws+gGGvtPKh8WzkpT6CHL7uwHRUWc+5E0bvlwXFJTkmPdGOOV2Jx9fGvSKpQb1/MPJhMhpCAw5n69QIRjVVURZcvVVFrl+eNO2sf/h2GTFvKRAtlcNAh7cvjkpiB3r+S7mRYSI914B7w8GLTdRFvtqYo=,iv:gk7S1SiA0iBAfpXLhhPJuexolP6w1XAd8M2H+sqqmoM=,tag:O8Eoa4LjEo14H/+1W5rcgQ==,type:str]", "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, "age": [ { "recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDeDlnOGlTYlY5a2wyaUxo\nSk5uaFVQWTY1Q25ad0NkSTQ2bTZEYU5ibWg4ClpnM1NLbFArUEtndjFGamgwdDBF\nWnNMalNRWWhLL2V3S1RWRHh3MGErUUUKLS0tIGt0MGJ4SzNDTWZNUHM0djFDSjdo\nbDMvbWRDVURzQmVWdGFQeDVWQmN5Q2MKBpbH7QXL1sf0c7ix9yd2r7vEBScixvBM\nom1tHgJmwxhep7DSyvjg/xslag7U2vF69gPrcAlnAndZsLCtsYdvyw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWam9aNkYxcEpURHI4N1lr\nOWFrUFA1a0hTUWNJM0FOMGNqT1h3d1dzRmlJCm9lOHBWRlRqY09DTW5oSmZtREtv\nUVI3aSsyWXczYmdRTG5VRWdCVFd4WEUKLS0tIGNjYmJDOVZKTjlENzFGVDJVMCtT\nWUsrRUpsM3dvQ3NkZnordnJ6djF6N1EKF53Up6zSFot6i2B+UO3H9NeFeyVA/R+X\naH9SuT+9Wox1lxDLhG/+S28tE4IyXZgbo+12sreQ3TkGslfxTwXTUA==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwa2Z5V0VPRWhYaXZ3STBa\nMWVsS01CYVBzeHM0T29pUWtQYlVyWCtheFRzCk5JYUpqN1cwWDFwUkZ2Q2xkL3U5\nRlNpMTQ2QTBQZFdYMmJIZjdnOWNjalEKLS0tIEZZREZPVmQxZ25MaHlMZ0VuWExT\nR2dJZ1lWdGt5dWNIM1FyQ2dZV0dlTTQKhUnA3pnoXb18/b/Jzyk0fC6GnmIMmYfl\nVgzCoCDSHNSvW/qUoT22hJfZCMFvIzOHEpmufMHCecZdisUozfWFuQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQUW1uTUpHT0dOOHIwVTQw\nU0pzUng1RGhPNXcvMU5xMlZpMTFUaTMvNEdrCjA2MEt0aGVYcEhwRm9LMFU1eFc1\nT3RVOVBvSEcrM2hCMVFQTlFCeE4zRzQKLS0tIFhKT0VOVVgwQ3VCUld4dUc0ZXB6\ncUJDQXZWbXpoQWNQTFM5TGM4VEhUajAKMab/tG8ol/s/LjT/g6q9tmL6GOkMdh5C\n9rbkUo4YhLx8ZnDGfD+kfvyr4E23E0Y5uOs4G/VFesiJwDziWchX2A==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlYnBaYmprYTIySWFnOVhk\nTThHNEptc2luWTFxSTBBMnY1Q1FkQjNBaWlBClFRbWlIdmRRVnZ0TGJVTlhNRHN0\nS1JZZnJLU2xCS3Q4ZTBDWU9ScnBtOEEKLS0tIFNCMmtDd0VJR0JucUJSZHo3dHZl\nWm9ZQ0dOamZvSTNQNW1uWW85TGxRTWMKKm7NdN69Q7F+KcR7u3kTxhQuzikGUdEZ\n8AkowBgHRndxNgdC6wYV1VeqEkDxXqR/430+EQS0jQQrIXpuXkCDkQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDblAwYkhXd2xJaEJQYzVx\nWmZjRXhxN1F1cDAvcTFGSW54UWs4a09yaWdrCm9iZ1NPTmN0ejJvQyt2UWhaY1BV\nUDhZWHNuWUNvVGZ4eGVNS1lnOHlnNE0KLS0tIE9OWGVRMUNObUt2alFnTmh1eEVH\nNzg3ODkzNmRYYndIK2xXR0pUWTB6Z2MKj3b0sJI7y/QhvBjQbAg6gpBFszuGUuvq\neBsTeiuXJdyZru54qOJ3k6DGAnsS8lIYptwpi2jC24ebwG3QSpGjzg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1k2y0vm4tmf88vg6zfed8q8zv544g4u0l5ry4kmm4hmzslvj5vdxskhat2n", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVTzgwUXpjM3Z1c1VvdlNL\ndTdGdDlIcCtMVHJZeGs5ZUo4L2VNMUxFakNzCloyYUFLSDFHSjVhUzRoZWlPVFdS\nMWI5eXdMdGw1d3ZwcFNiNUZkSmxuZ2sKLS0tIHdsK1oxOUVMbUNxZ0toZlRsN1N6\nMUxNeTF0L0lRc3BnUExob0ZlaExVb0kKW7zPqfYAw8/RsGNpVBFhnObjfgqgxdkC\nEVQQYduAz+FkIdsN5/rrleyacbpCrEQcSTVTXpwLopoL/ukY1i0p/A==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2024-03-09T07:59:38Z", "mac": "ENC[AES256_GCM,data:zNh6Cioh4+r0+nx04yLqeQShozxl7bLLKSmwodnmHtVQVlOTjj5sDLMEAAmrj1Ym2KrBPJOgdm34Sl6AbsmiBLxzDcBKe6J68Y/LHIeaPkToRKpmoy9I9a177w0KzFXgNaU2ieH71egD+nf8JmGG61hDjpiJRpx1Lwxb16Bn+Xs=,iv:QxiUYymiGuH0EBwEhyg5gDzkSKvGhq0+0wERNEJ71UM=,tag:N1Nn9X9vrghwwJWC3kituA==,type:str]", - "pgp": null, "unencrypted_suffix": "_unencrypted", "version": "3.8.1" } -} \ No newline at end of file +} diff --git a/flake.lock b/flake.lock index 0b4d3035..cdebc79a 100644 --- a/flake.lock +++ b/flake.lock @@ -950,11 +950,11 @@ }, "nixpkgs-2311": { "locked": { - "lastModified": 1735377590, - "narHash": "sha256-U9W9H/HYoaKa5wzSL2IBmnFDhxlesuKAcKi/hl5xPvE=", + "lastModified": 1760234929, + "narHash": "sha256-4W0o4O8ANykPCOQD2Jb6pdGerDSLNzIVNF7AoVNMZvM=", "owner": "CHN-beta", "repo": "nixpkgs", - "rev": "0c3e74a65634ae3f43be7d0f6c3b5156ac54747b", + "rev": "66170f3c82eecdee7dcd29a7e72ed87965bde4fc", "type": "github" }, "original": { diff --git a/flake/dns/config/tinc.nix b/flake/dns/config/tinc.nix index 77d1544d..3b54fdf5 100644 --- a/flake/dns/config/tinc.nix +++ b/flake/dns/config/tinc.nix @@ -8,4 +8,5 @@ srv1-node2 = 8; srv2-node0 = 7; srv2-node1 = 10; + srv2-node2 = 11; } diff --git a/flake/nixos.nix b/flake/nixos.nix index b0303b02..f7c926ef 100644 --- a/flake/nixos.nix +++ b/flake/nixos.nix @@ -1,7 +1,7 @@ { inputs, localLib }: let singles = [ "nas" "pc" "vps4" "vps6" "r2s" ]; - cluster = { srv1 = 3; srv2 = 2; }; + cluster = { srv1 = 3; srv2 = 3; }; deviceModules = builtins.listToAttrs ( (builtins.map diff --git a/modules/hardware/cpu.nix b/modules/hardware/cpu.nix index 03a2071c..b22e7644 100644 --- a/modules/hardware/cpu.nix +++ b/modules/hardware/cpu.nix @@ -5,8 +5,8 @@ inputs: type = types.nullOr (types.enum [ "intel" "amd" ]); default = let inherit (inputs.config.nixos.system.nixpkgs) march; in if march == null then null - else if inputs.lib.hasPrefix "znver" march then "amd" - else if (inputs.lib.hasSuffix "lake" march) + else if inputs.lib.hasInfix "znver" march then "amd" + else if (inputs.lib.hasInfix "lake" march) || (builtins.elem march [ "sandybridge" "silvermont" "haswell" "broadwell" ]) then "intel" else null;