chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2026-01-12 06:49:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

devices: xmupc1 xmupc2 -> srv2

Browse Source
This commit is contained in:
陈浩南
2025-01-07 20:30:07 +08:00
parent 3f441a127b
commit cac52c47af
18 changed files with 243 additions and 387 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
.sops.yaml
View File

@@ -4,14 +4,14 @@ keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
- &vps6 age164tyqklwhdm57tfm5u863mdt2xrzrrzac4py8a0j9y6kzqcjy9zsp073t6
- &vps7 age137x7csalutwvfygvvzpemlsywvdxj3j4z93a50z2sjx03w6zau8q3r5902
- &nas age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
- &xmupc1 age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
- &xmupc2 age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
- &pi3b age1yjgswvexp0x0de0sw4u6hamruzeluxccmx2enxazl6pwhhsr2s9qlxdemq
- &one age1m7nrxfw22wvp7pj8y9pdl745w95x89uu8dzl9ppsaazweqf2lqms5yshsp
- &srv1-node0 age1nzetyehldf3gl6pr6mu5d2cv387p8wjqn6wfpll7a3sl8us6n38s0ds633
- &srv1-node1 age1wj33xt8nj7rhnsenepsf6k3lmq5vk4wn84jwr55qy9cwu05xn5cspg3h7t
- &srv1-node2 age16e7ykphshal6qhwfvat698hl48s8yr0jvzh27ecdyfh5uk7t9u6s753jgy
- &srv1-node3 age1lee0kl24f0ntss6m69zu2s2e7njdpkv9nl7rlf4nn7rvv0mlgvfqrte2y5
- &srv2-node0 age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
- &srv2-node1 age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
creation_rules:
- path_regex: devices/pc/.*$
key_groups:
@@ -33,16 +33,6 @@ creation_rules:
- age:
- *chn
- *nas
- path_regex: devices/xmupc1/.*$
key_groups:
- age:
- *chn
- *xmupc1
- path_regex: devices/xmupc2/.*$
key_groups:
- age:
- *chn
- *xmupc2
- path_regex: devices/pi3b/.*$
key_groups:
- age:
@@ -73,3 +63,13 @@ creation_rules:
- age:
- *chn
- *srv1-node3
- path_regex: devices/srv2/node0/.*$
key_groups:
- age:
- *chn
- *srv2-node0
- path_regex: devices/srv2/node1/.*$
key_groups:
- age:
- *chn
- *srv2-node1

87
devices/srv2/default.nix Normal file
View File

@@ -0,0 +1,87 @@
inputs:
{
config =
{
nixos =
{
model.type = "server";
system =
{
fileSystems =
{
mount = let inherit (inputs.config.nixos.model.cluster) clusterName nodeName; in
{
vfat."/dev/disk/by-partlabel/${clusterName}-${nodeName}-boot" = "/boot";
btrfs."/dev/disk/by-partlabel/${clusterName}-${nodeName}-root1" =
{ "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = {};
};
nixpkgs.cuda =
{
enable = true;
capabilities =
[
# p5000 p400
"6.1"
# 2080 Ti
"7.5"
# 3090
"8.6"
# 4090
"8.9"
];
forwardCompat = false;
};
};
hardware.gpu.type = "nvidia";
services =
{
snapper.enable = true;
sshd = { passwordAuthentication = true; groupBanner = true; };
smartd.enable = true;
slurm =
{
enable = true;
master = "srv2-node0";
node =
{
srv2-node0 =
{
name = "n0"; address = "192.168.178.1";
cpu = { sockets = 2; cores = 22; threads = 2; };
memoryMB = 122880;
gpus."4090" = 1;
};
srv2-node1 =
{
name = "n1"; address = "192.168.178.2";
cpu = { cores = 16; threads = 2; };
memoryMB = 94208;
gpus = { "p5000" = 1; "3090" = 1; "4090" = 1; };
};
};
partitions =
{
all = [ "srv2-node0" "srv2-node1" ];
n0 = [ "srv2-node0" ];
n1 = [ "srv2-node1" ];
};
defaultPartition = "all";
tui =
{
cpuQueues =
[
{ name = "n0"; mpiThreads = 8; openmpThreads = 10; }
{ name = "n1"; mpiThreads = 3; openmpThreads = 4; }
];
gpuIds = [ "4090" "3090" "p5000" ];
gpuPartition = "all";
};
};
};
user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" "lly" "yxf" "hss" ];
};
};
}

44
devices/srv2/node0/default.nix Normal file
View File

@@ -0,0 +1,44 @@
inputs:
{
config =
{
nixos =
{
model.cluster.nodeType = "master";
hardware.cpus = [ "intel" ];
system =
{
nixpkgs.march = "skylake";
# TODO: configure network
# networking.static =
# {
# eno145 = { ip = "192.168.1.10"; mask = 24; gateway = "192.168.1.1"; };
# eno146 = { ip = "192.168.178.1"; mask = 24; };
# };
};
services =
{
xray.client = { enable = true; dnsmasq.extraInterfaces = [ "eno146" ]; }; # TODO: listen on shared port
beesd.instances.root = { device = "/"; hashTableSizeMB = 16384; threads = 4; };
wireguard =
{
enable = true;
peers = [ "vps6" ];
publicKey = "lNTwQqaR0w/loeG3Fh5qzQevuAVXhKXgiPt6fZoBGFE=";
wireguardIp = "192.168.83.7";
};
xrdp = { enable = true; hostname = [ "srv2.chn.moe" ]; };
samba = { enable = true; hostsAllowed = ""; shares = { home.path = "/home"; root.path = "/"; }; };
nfs = { root = "/"; exports = [ "/home" ]; accessLimit = "192.168.178.0/24"; };
groupshare = {};
hpcstat = {};
};
};
# TODO: these netowrk settings should be changed
# allow other machine access network by this machine
systemd.network.networks."10-eno146".networkConfig.IPMasquerade = "both";
# without this, tproxy does not work
# TODO: why?
networking.firewall.trustedInterfaces = [ "eno146" ];
};
}

0
devices/srv1/node2/secrets/default.yaml → devices/srv2/node0/secrets/default.yaml
View File

0
devices/srv1/node2/secrets/munge.key → devices/srv2/node0/secrets/munge.key
View File

30
devices/srv2/node1/default.nix Normal file
View File

@@ -0,0 +1,30 @@
inputs:
{
config =
{
nixos =
{
model.cluster.nodeType = "worker";
hardware.cpus = [ "amd" ];
system =
{
nixpkgs.march = "znver3";
# TODO: network
# networking.static.eno2 =
# { ip = "192.168.178.2"; mask = 24; gateway = "192.168.178.1"; dns = "192.168.178.1"; };
fileSystems.mount.nfs."192.168.178.1:/home" = "/home";
};
services.beesd.instances.root = { device = "/"; hashTableSizeMB = 512; };
};
services.hardware.bolt.enable = true;
specialisation.no-share-home.configuration =
{
nixos.system.fileSystems.mount.nfs = inputs.lib.mkForce null;
system.nixos.tags = [ "no-share-home" ];
};
# TODO: network
# boot.initrd.systemd.network.networks."10-eno2" = inputs.config.systemd.network.networks."10-eno2";
# make slurm sub process to be able to communicate with the master
# networking.firewall.trustedInterfaces = [ "eno2" ];
};
}

0
devices/xmupc1/secrets/default.yaml → devices/srv2/node1/secrets/default.yaml
View File

24
devices/srv2/node1/secrets/munge.key Normal file
View File

@@ -0,0 +1,24 @@
{
"data": "ENC[AES256_GCM,data:YOWJQ16lYMKebzSyCcJ+N8x1iqD9Ml1cm07sTwSe0dE/OHtAyhasJ9qbg8wBhhtm0fjl5S5cNh6KxqGzb/0BSfMPIhii72gBdnPgjSWyVFatKM3Egqn4dUk96RlbUMWvPzWMGmleUGedWu7gUIHP2kgbfl94Whqpe1ozgb7qoxg=,iv:R+TguIqtcXQXiAL/vVgkZAWCCdvAV9rYwaTTszgDqE4=,tag:MlAcThDJjCglpJhK2HIjxg==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOMnJ4TVkyWGtmeTZvZk1h\ndnZKU1FyM1lsYktKZnRhekR3bm9PMXphV1FvCjhOY21iV3g2SXVTL0FLQUhFa0Ni\nYnJsenZldUk4anRvbStlemZzQUx2RUUKLS0tIGFVanY3QzRzV0REdUYxbnBtS1My\nemtCdG9tMUhuTkFDalRNMzJaVEZHOVUK3sfaYjScNEyJnuwTKtIlzJzNqf4dz6ea\nmgtijiKjFl7LVo08XRKz7Ry0/s5nawrh0yT64MGOoz+zT3Lu5BPRpw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCNTVLQTVwUkNucjNVMVht\nQ0wyaWFMc2c5NGlQZHl6REQya2NYM3pXeEFvCm9JWmM0Zkg1V0JzSlJGMUNOdmJ3\nTFBSSVFNSzRMaDFlV082dTAwbEg1eHMKLS0tIG1PL3ZHNFljdXAzNGZVTU5CL2Z0\nSFJmbitSaTZtY05OQ2xmVStubnAyMmMKJKwjJLyQKk0l24vRYuN8Qa8mksOkMrOc\nFUKcJjJ4faucBAPLohHFVrbzfDLu4BhIN3mCXKSydKCaRqXlz57FHw==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-01-07T12:12:40Z",
"mac": "ENC[AES256_GCM,data:NDi9LQINjtSO0qJe37WPbAyRlEgaGvxP8jrEwzd/3gQoR1zSvaBa9+IerAxCCZc9pJFVzq6FVQ4Yw8AH+dkigdMep5KL6JCtYLTqLDhohuW9REKfev6BapILfMNr2o6wyrzo+uZsbvtfq356yMVclFUtZKX8xDnGpvdUBQaTm0s=,iv:ffKwGh1zOL7wcJ1W9jbmvubXJQENZmRj58WNFRLiDtc=,tag:A7Tuvu+F1knhLwdkxJfXgQ==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.2"
}
}

2
devices/vps6/default.nix
View File

@@ -78,7 +78,7 @@ inputs:
wireguard =
{
enable = true;
peers = [ "pc" "nas" "one" "vps7" "xmupc1" "xmupc2" "pi3b" "srv1-node0" ];
peers = [ "pc" "nas" "one" "vps7" "srv2-node0" "pi3b" "srv1-node0" ];
publicKey = "AVOsYUKQQCvo3ctst3vNi8XSVWo1Wh15066aHh+KpF4=";
wireguardIp = "192.168.83.1";
listenIp = "74.211.99.69";

103
devices/xmupc1/default.nix
View File

@@ -1,103 +0,0 @@
inputs:
{
config =
{
nixos =
{
model.type = "server";
system =
{
fileSystems =
{
mount =
{
# TODO: reparition
vfat."/dev/disk/by-uuid/467C-02E3" = "/boot";
btrfs =
{
"/dev/disk/by-uuid/2f9060bc-09b5-4348-ad0f-3a43a91d158b"."/nix" = "/nix";
"/dev/disk/by-uuid/a04a1fb0-e4ed-4c91-9846-2f9e716f6e12" =
{
"/nix/rootfs" = "/nix/rootfs";
"/nix/persistent" = "/nix/persistent";
"/nix/nodatacow" = "/nix/nodatacow";
"/nix/rootfs/current" = "/";
};
};
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = {};
};
nixpkgs =
{
march = "znver3";
cuda =
{
enable = true;
capabilities =
[
# p5000 p400
"6.1"
# 2080 Ti
"7.5"
# 3090
"8.6"
# 4090
"8.9"
];
forwardCompat = false;
};
};
nix.remote.slave.enable = true;
};
hardware = { cpus = [ "amd" ]; gpu.type = "nvidia"; };
virtualization.kvmHost = { enable = true; gui = true; };
services =
{
snapper.enable = true;
sshd = { passwordAuthentication = true; groupBanner = true; };
xray.client.enable = true;
smartd.enable = true;
beesd.instances =
{
root = { device = "/"; hashTableSizeMB = 16384; threads = 4; };
nix = { device = "/nix"; hashTableSizeMB = 512; };
};
wireguard =
{
enable = true;
peers = [ "vps6" ];
publicKey = "JEY7D4ANfTpevjXNvGDYO6aGwtBGRXsf/iwNwjwDRQk=";
wireguardIp = "192.168.83.6";
};
slurm =
{
enable = true;
master = "xmupc1";
node.xmupc1 =
{
name = "xmupc1"; address = "127.0.0.1";
cpu = { cores = 16; threads = 2; };
memoryMB = 94208;
gpus = { "p5000" = 1; "3090" = 1; "4090" = 1; };
};
partitions.localhost = [ "xmupc1" ];
tui = { cpuQueues = [{ mpiThreads = 3; openmpThreads = 4; }]; gpuIds = [ "p5000" "3090" "4090" ]; };
};
xrdp = { enable = true; hostname = [ "xmupc1.chn.moe" ]; };
samba =
{
enable = true;
hostsAllowed = "";
shares = { home.path = "/home"; root.path = "/"; };
};
groupshare = {};
hpcstat = {};
docker = {};
};
bugs = [ "xmunet" "amdpstate" ];
user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" "lly" "yxf" "hss" ];
};
services.hardware.bolt.enable = true;
};
}

24
devices/xmupc1/secrets/munge.key
View File

@@ -1,24 +0,0 @@
{
"data": "ENC[AES256_GCM,data:tuEymMXW0f7Rui5wrz/xozphTEq6ffkYIfNIoURFNHwH2Cg+aKHz2ox0gk02BJARhPMDrxCYlChkcrEI0ma/T0eBe9sWz3tA8AOwU1lHSZ06d/JWzW7IUIyTac2mnjt3/jY/qpnR4A8wtHwD0j4zkzXgUgFwq7k/fs24acEE4Jo=,iv:iDTS0xswLrwkOYmfomE5hluVONgJYia/RjINDy7T3R0=,tag:oIYNpFCuT2D+X1QEJJiHew==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3aFRRa0NsOUp5MEg3UHcx\nc3g1VFZEQS9Tci9QSnNFYnIrT3hUdVU5cWxjCnU5UXVEdTFXczJzcHVvSjF2WHdB\nYmpyQVVaUFozKzJIZThBbXUxb2k2YzAKLS0tIHE1QXVrOXo1Y3VXMzJJYitWU3Qv\neDF1cndrSi94clh1cS9NczN0UW9pOXcKtrnIj3WovMYdcg5nWnnyRhJhTGLrlwxW\nxQ6bmNrfbZedmCNdjY2lPXmudMXJ8YlWe/HGCe94x3iFlaSwCIGUsA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBocFl1SHJEemRySlBnMmNn\nVW9RS1NNdlo4M3l2WGlQaHJmbDBHcjMwaVVnCnY5WExPOXZJVEdYSlJ6UTRBMGJj\ncmlYaUNVV1hnWTNkaWVuV2VuaXN2eU0KLS0tIDBTYnd2NmVYTUJKaHZWRWo3ZlUx\nTEtPZWc2RE1XNG9WTXFOTllWVUVWeUkK+9aLz1rygGAQjpG+oMNUtrDkQaDfg+2q\nnl/CtZZrFD6NXGw6Di0X5t9fQu295NTJ/0qjXnfMigG8gDtxkE+/7g==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-02-26T06:04:53Z",
"mac": "ENC[AES256_GCM,data:y0RkPyUwwff95BFL951TxS/x5ORzMsxFJVjopSw+8iVtswD8MT1nmsbwyth4C9OnJ/IAtnZk/CjAt72a68AZpPI+2W/JqJq20ohFoquDNhTlsoyLWdO3Vjrd+Wo3hp0+iKQ3e/uYrF1sTqQO9a3OIxu2sVLM0gEDmIe2nJpLJQo=,iv:EjXTQvVdjzfClNfQ3rPxAFVWVqr7sSOz4ap+nshPEAk=,tag:DcIlf9W7NNqQ+gf8f46MwQ==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
}
}

29
devices/xmupc2/README.md
View File

@@ -1,29 +0,0 @@
# 硬件
* CPU44 核 88 线程。
* 内存256 G。
* 显卡:
* 409024 G 显存。
* ~~P500016 G 显存~~暂时拔掉了,否则 4090 供电不够。
* 硬盘18 T。
# 支持的连接协议
## SSH
* 地址xmupc2.chn.moe
* 端口6394
* 用户名:自己名字的拼音首字母
* 可以用密码登陆,也可以用证书登陆。
## RDP
* 地址xmupc2.chn.moe:3390
* 用户名:自己名字的拼音首字母
* 密码和 ssh 一样(使用同样的验证机制)。
## samba
因端口冲突暂时禁用。
其它内容请阅读 [xmupc1](../xmupc1) 的说明,两台机器的软件大致是一样的。

95
devices/xmupc2/default.nix
View File

@@ -1,95 +0,0 @@
inputs:
{
config =
{
nixos =
{
model.type = "server";
system =
{
fileSystems =
{
mount =
{
vfat."/dev/disk/by-uuid/23CA-F4C4" = "/boot";
btrfs =
{
"/dev/disk/by-uuid/d187e03c-a2b6-455b-931a-8d35b529edac" =
{ "/nix/rootfs/current" = "/"; "/nix" = "/nix"; };
};
};
swap = [ "/nix/swap/swap" ];
rollingRootfs = {};
};
nixpkgs =
{
march = "skylake";
cuda =
{
enable = true;
capabilities =
[
# p5000 p400
"6.1"
# 2080 Ti
"7.5"
# 3090
"8.6"
# 4090
"8.9"
];
forwardCompat = false;
};
};
nix =
{
marches =
[
"broadwell" "skylake"
# AVX512F CLWB AVX512VL AVX512BW AVX512DQ AVX512CD AVX512VNNI
# "cascadelake"
];
remote.slave.enable = true;
};
grub.windowsEntries."8F50-83B8" = "";
};
hardware = { cpus = [ "intel" ]; gpu.type = "nvidia"; };
virtualization.kvmHost = { enable = true; gui = true; };
services =
{
snapper.enable = true;
sshd = { passwordAuthentication = true; groupBanner = true; };
xray.client.enable = true;
smartd.enable = true;
beesd.instances.root = { device = "/"; hashTableSizeMB = 16384; threads = 4; };
wireguard =
{
enable = true;
peers = [ "vps6" ];
publicKey = "lNTwQqaR0w/loeG3Fh5qzQevuAVXhKXgiPt6fZoBGFE=";
wireguardIp = "192.168.83.7";
};
slurm =
{
enable = true;
master = "xmupc2";
node.xmupc2 =
{
name = "xmupc2"; address = "127.0.0.1";
cpu = { sockets = 2; cores = 22; threads = 2; };
memoryMB = 253952;
gpus."4090" = 1;
};
partitions.localhost = [ "xmupc2" ];
tui = { cpuQueues = [{ mpiThreads = 8; openmpThreads = 10; }]; gpuIds = [ "4090" ]; };
};
xrdp = { enable = true; hostname = [ "xmupc2.chn.moe" ]; };
samba = { enable = true; hostsAllowed = ""; shares = { home.path = "/home"; root.path = "/"; }; };
groupshare = {};
docker = {};
};
bugs = [ "xmunet" ];
user.users = [ "chn" "xll" "zem" "yjq" "gb" "wp" "hjp" "wm" "lly" "yxf" "hss" ];
};
};
}

54
devices/xmupc2/secrets/default.yaml
View File

@@ -1,54 +0,0 @@
acme:
token: ENC[AES256_GCM,data:Wb7Gons3HCMK5WGIZpG4XrrqZ5G6bymjuKMW6IUjLiK0CIXFz/ARNg==,iv:zc4BgHcc+O7SHQbJkff11fBwgsd+TFtvSEGJ/qrzVo4=,tag:K+Nu9kenTtTnin4+hDCdWA==,type:str]
nginx:
maxmind-license: ENC[AES256_GCM,data:FPVSD8otQMNpbESNEHXCfQjB/zi3OVwZoyLijUtnHQlQzec7KVSiGw==,iv:DkkwCqvRmcFHQIXseh2fycCxZboJMYhHPu67GddenY4=,tag:iHEC8r5GcuB1QcZ5Uf8Skw==,type:str]
xray-client:
uuid: ENC[AES256_GCM,data:j2R0UtfS/es2A+Ic+Kq6FZJSqXlA/Q8tGkuAIX0ZdTsV4hGk,iv:Ovpr49isIJRdUyM3jxgiT+9Sc+qTF6ZnkKUwxIq6KUs=,tag:2VRSkiPNWaOmCqLJti8Bzw==,type:str]
wireguard:
privateKey: ENC[AES256_GCM,data:0Vw9NVs/Kxc52zUlmeAPFeOG8msdL0YopjhzFKRWhv6+kfb+SFObOP8EJ2M=,iv:KgIZIawbnN+1sIcMjNECkdtujPbg7yQktKVc25SXavI=,tag:b79oZP+GZKmM3OVFshvFhg==,type:str]
users:
#ENC[AES256_GCM,data:FP1Mr1TmRI4L,iv:3K4LMbOQPvF1ORWNyaXDoC5MXn3yColR4eKs9sm9y5s=,tag:f3guTegVXw1A6aqolKQnqA==,type:comment]
xll: ENC[AES256_GCM,data:CAEd+usnLKoQZ+0PLEiJfbZpz2pyn+I/edC2KbNXBXZPAgT7IDENMnSQyxme899KqRVL4nLrtHs82aA8+kl/dE+QYSTCFVVuHg==,iv:Hs8rb0Iu5Xw74p9/cL2gWfPLh61VaLzIltKUSjRFZjc=,tag:/u5vI0oTMQbNoCEzhcWqOw==,type:str]
#ENC[AES256_GCM,data:UIns0CnC/QmJ,iv:Gn4XDPcdTyDLXAgGq7qwayrN206Gx7JsJ3V9G+4bTyA=,tag:FITVs8Tgkiq1XoS8joXM1Q==,type:comment]
zem: ENC[AES256_GCM,data:znpGuS8LVxaztnwQlIwu3hykWRBUtQvOsniLaOasXDbw9lHGX8lwwYJuCE+0I14HmiZK/RrrouIwfAfcjZQzPyjJ/SRoOG1Vyg==,iv:YXHX43y99/w9102vhsvFLVOUtJmuRnLVLu+ywfn9URY=,tag:AzsmkXOyX7y/D+ndteuMmA==,type:str]
#ENC[AES256_GCM,data:6vMItERptBsX,iv:G0sDjEfLciheMxTZbeLIbWKlimPD1ANIk/VVdhQifXA=,tag:oR9FEdVx6W+0uDeKfb37iw==,type:comment]
yjq: ENC[AES256_GCM,data:sGPQ0xALULREnhzl9g/V91M5osMglsSps6R4gYn5OZc/4xVC1phF3qajVN3YMOr7kKgkHbF2Rjm6/2vuK0k1iYZnFswUAmFlmw==,iv:5vG1hn7SlX6HCpas2BgxBSwWqLby8OCxcH3EKNvceIc=,tag:TVwFBAuosKnEOZecq1phXw==,type:str]
#ENC[AES256_GCM,data:ALHxkRABA+ll,iv:r1IDiHLFcTdLID3q16zrLTavAwQfddC7bXMKcFZFveI=,tag:4Pd0/Q1BmH4gJjaM4hbqqQ==,type:comment]
gb: ENC[AES256_GCM,data:z4CrtdmdLJJ0qZzr7qvihnluJQgjtciX56KdEmtemiRu0llEJk9qz6a23aJ7m40Sfc38elF1/LsvjOuBOC87+BVkKDCj76phag==,iv:WrFVxkr3snmqDXZx5kAYCLp7ixEIzxoT7El3rV7Ovqg=,tag:iExf2Y/HObHQrKMTRvqn7A==,type:str]
#ENC[AES256_GCM,data:XfNExliq7noL,iv:K+rFlZHF1oY5rsTzaO0mgxiE1VlKdtPTifAaesg321k=,tag:Dja8NmPWZdJkf/J/96/wAw==,type:comment]
wp: ENC[AES256_GCM,data:yjMDez28pJUo6riIHypQQgjGFbuLwy87eG4ek/+Li2w8b4Cm5JckRvs26o+S0blfICc8WqIqEJGakT2wVBE5O1jGfniKn3PhTA==,iv:dOA318XRd2EXxmTIlk6GhlAR/FBpbKkbPJJCXTwFCxM=,tag:9MkXNUuAoplAzE+4eJpr0w==,type:str]
#ENC[AES256_GCM,data:YGcTkNCeu3m7,iv:jYmVrfRFwQoX1XxeSzS23wRMAD/AnzYBXQjI76Ke2FE=,tag:WJfSmjdggzPojDcJ6GzP+A==,type:comment]
hjp: ENC[AES256_GCM,data:0R5SfBFKuLGurwINnTj31FOrwwfY9bqVS1rG/a0HqIYd+Ui8/2ffFBx0Et+tYIqcxXEJpGbvse43V0naNKmFKlLanfcy9YV/Hg==,iv:mpAUmcVHWWLoreEsG9ha09jxte8mQCLt/A7nm04iX9Y=,tag:bia9pjL0MAcs9vj1gKCVCQ==,type:str]
#ENC[AES256_GCM,data:Q3TFPjvcDmKh,iv:eZ1NXGQr9HogxWa46T26WL63nvqho2/KSji8Dgse76o=,tag:iSGPRMCMolp7LVFjJGPotg==,type:comment]
lly: ENC[AES256_GCM,data:tP/NtJcMUtZPvuAqoM6KhCMybhsTxKSq4WWW3SBzQ/O0FmUXhECQc5CQnI4J9PlalP7Ug+uUQzeBMnHN84pkKNIeHVJhqjU8Zw==,iv:7TPPuSfXypSRnnhuy8LJSXIB+KB+3vWV0G7AbCZpB6s=,tag:iSLgRxOHgUolByFyvwltNQ==,type:str]
mariadb:
slurm: ENC[AES256_GCM,data:9wLQ1zF/kDaiw0s3UaRpiHgmngU7u6hwyqpddSjev0+Z0v58Q2oiJtK8vn+2VlSxx5ACfqEFbzp0PZYAxd575w==,iv:q9JTkgDymOwkbZ/PaxRAAQrtO96QmGgZcQuLTFCMoS4=,tag:dwOHlOTgZqT/1jQ+oGf7UQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0Rmc2Ull1WFB4Smh3c0Zl
emlTNGJKZkpIK2JFeUNVeUcrR2FzRXRQZHlvCkhzMHpzYmZRZ0M0cXdRVi8wZmp6
ZDRZQ2FkOWt6M0lrdjBHa3VTWXBDKzgKLS0tIGtJbTRRelg1VVk2QStwdzlFM1g4
M1JOd1g3cVdjUFRhZ0FxcWphZXZJbkkKFXDtJVoi+qIrXp6cznevuZ+peBiRRITP
rrplqLiYsNIGKmKYtRIUu8WXDZ2q2CJ8Z+pka3W3H/U+m957hBDWyw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsSHdka3FPQUYrcXQzcTFo
a000TUllT0MvUzk5ZzVFbXZheG9ZVTM2S253CkE5VW9tQktvL2pMWFoxcnFjTGpr
Z0p1RjZWRGpSZ01TdTZRcEJXM2NOUkUKLS0tIC9rNmNzWitMdEd5dXQvdWlELzhM
M0xoL1dQR0kvMWpzN0RMNWVCTFQxNFUKj9LPjBo5NGOrGYNvu8qZ13PLYjLEWllU
LARzEn4XgkeHckouwvxZYMCx7WxmAruRWaOvnxTIczzSNP7wIrqnkA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-26T12:27:03Z"
mac: ENC[AES256_GCM,data:q1EihAxiS23XoKWt4ogBo34pP7J6i/yFglmmvFIdWKIgwaoXWFexKrdu1oRZBIxISW+3b/NzkuUm1anu3sGFGiirDpllg8wu8ezXJJODb8yTU0HJpZ/9vjBPm+ZBt5zFzGky7kmW+qOFfUsZkr8dCiJil/Z0HrXrY2d59ksxhto=,iv:7b6ePa4xXdjrj8O2JWAptsONz8gPApS3roYMuRyrztU=,tag:uzOcc8H2W6VvGDkrex5M6A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

24
devices/xmupc2/secrets/munge.key
View File

@@ -1,24 +0,0 @@
{
"data": "ENC[AES256_GCM,data:Um00c+kry3QrHEZVdlUws+gGGvtPKh8WzkpT6CHL7uwHRUWc+5E0bvlwXFJTkmPdGOOV2Jx9fGvSKpQb1/MPJhMhpCAw5n69QIRjVVURZcvVVFrl+eNO2sf/h2GTFvKRAtlcNAh7cvjkpiB3r+S7mRYSI914B7w8GLTdRFvtqYo=,iv:gk7S1SiA0iBAfpXLhhPJuexolP6w1XAd8M2H+sqqmoM=,tag:O8Eoa4LjEo14H/+1W5rcgQ==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWYmNFOFlnbm1FdXdGWUNr\nOGN3THhDUyt4SDVzcHY5dEYrSWsrQm1UOFJvCmhXaWFlcC8wazROaXZzcm9tUnFM\nQlphZ0x6c0RhbzY0aGVFbXdOa1BHbG8KLS0tIHF2YUNTVnZ3Z25FSnFlTEdmdXhE\nb3Z2UEp1c2UrOUp3NEdNcE5HSFptbzAKWGSTwv6xUNs/f+p0Bhpzg8zZ7EVK8kMm\no13fru2Cnqrw8Cj0zfx+7LODpBVzo03fLYKqZ6kbPZGa12ihk+fD4g==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKRVMrenM2Q1ZheFVPc2Rz\nYVd6UGoxbkpSQlZsNFN1dmIzSkl6SERwaTBRCjlHV3MvTEpxbDY4OHZjeUd5NmRF\nRmc1NzVCMTA0bDhwajNlMWZKTlNKK2cKLS0tIHRZZ0cxY2dwV21iRDlmeE5UZkM4\nK1dKV24yY3FKV2J3U2VzZWt2QnBSTHcKn8mq+1RnJG/nBbH2mAFpSFSTHDWvMqJj\nsziW9lK0cH6bPxhcpDO4oG8K08bdGHUVGtx2Zk81CDqzfamlMzzG2Q==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-03-09T07:59:38Z",
"mac": "ENC[AES256_GCM,data:zNh6Cioh4+r0+nx04yLqeQShozxl7bLLKSmwodnmHtVQVlOTjj5sDLMEAAmrj1Ym2KrBPJOgdm34Sl6AbsmiBLxzDcBKe6J68Y/LHIeaPkToRKpmoy9I9a177w0KzFXgNaU2ieH71egD+nf8JmGG61hDjpiJRpx1Lwxb16Bn+Xs=,iv:QxiUYymiGuH0EBwEhyg5gDzkSKvGhq0+0wERNEJ71UM=,tag:N1Nn9X9vrghwwJWC3kituA==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
}
}

65
flake/nixos.nix
View File

@@ -1,5 +1,8 @@
{ inputs, localLib }:
builtins.listToAttrs
let
machine = [ "nas" "pc" "pi3b" "vps6" "vps7" "one" ];
cluster = { srv1 = 4; srv2 = 2; };
in builtins.listToAttrs
(
(builtins.map
(system:
@@ -11,41 +14,39 @@ builtins.listToAttrs
specialArgs = { topInputs = inputs; inherit localLib; };
modules = localLib.mkModules
[
{
config =
{
nixpkgs.overlays = [ inputs.self.overlays.default ];
nixos.model.hostname = system;
};
}
{ config = { nixpkgs.overlays = [ inputs.self.overlays.default ]; nixos.model.hostname = system; }; }
../modules
../devices/${system}
];
};
})
[ "nas" "pc" "pi3b" "vps6" "vps7" "xmupc1" "xmupc2" "one" ])
++ (builtins.map
(node:
{
name = "srv1-${node}";
value = inputs.nixpkgs.lib.nixosSystem
{
system = "x86_64-linux";
specialArgs = { topInputs = inputs; inherit localLib; };
modules = localLib.mkModules
[
machine)
++ (builtins.concatLists (builtins.map
(cluster:
let nodes = builtins.genList (n: "node${builtins.toString n}") cluster.value;
in builtins.map
(node:
{
name = "${cluster.name}-${node}";
value = inputs.nixpkgs.lib.nixosSystem
{
config =
{
nixpkgs.overlays = [ inputs.self.overlays.default ];
nixos.model.cluster = { clusterName = "srv1"; nodeName = node; };
};
}
../modules
../devices/srv1
../devices/srv1/${node}
];
};
})
[ "node0" "node1" "node2" "node3" ])
system = "x86_64-linux";
specialArgs = { topInputs = inputs; inherit localLib; };
modules = localLib.mkModules
[
{
config =
{
nixpkgs.overlays = [ inputs.self.overlays.default ];
nixos.model.cluster = { clusterName = cluster.name; nodeName = node; };
};
}
../modules
../devices/${cluster.name}
../devices/${cluster.name}/${node}
];
};
})
nodes)
(localLib.attrsToList cluster)))
)

23
modules/packages/ssh.nix
View File

@@ -57,20 +57,20 @@ inputs:
ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
hostnames = [ "github.com" ];
};
xmupc1 =
{
ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAINTvfywkKRwMrVp73HfHTfjhac2Tn9qX/lRjLr09ycHp";
hostnames = [ "[office.chn.moe]:6007" "[xmupc1.chn.moe]:6007" "wireguard.xmupc1.chn.moe" "192.168.83.6" ];
};
xmupc2 =
srv2-node0 =
{
ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAIJZ/+divGnDr0x+UlknA84Tfu6TPD+zBGmxWZY4Z38P6";
hostnames = [ "[xmupc2.chn.moe]:6394" "wireguard.xmupc2.chn.moe" "192.168.83.7" ];
hostnames = [ "srv2.chn.moe" "wireguard.srv2.chn.moe" ];
};
srv2-node1 =
{
ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAINTvfywkKRwMrVp73HfHTfjhac2Tn9qX/lRjLr09ycHp";
hostnames = [ "192.168.178.2" ];
};
srv1-node0 =
{
ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAIDm6M1D7dBVhjjZtXYuzMj2P1fXNWN3O9wmwNssxEeDs";
hostnames = [ "srv1.chn.moe" "node0.srv1.chn.moe" "wireguard.node0.srv1.chn.moe" ];
hostnames = [ "srv1.chn.moe" "wireguard.srv1.chn.moe" ];
};
srv1-node1 =
{
@@ -124,7 +124,7 @@ inputs:
[ "vps6" "wireguard.vps6" "vps7" "wireguard.vps7" "wireguard.nas" "wireguard.one" ])
++ (builtins.map
(host: { name = host; value = { inherit host; hostname = "${host}.chn.moe"; forwardX11 = true; }; })
[ "wireguard.pc" "wireguard.xmupc1" "wireguard.xmupc2" "srv1" "wireguard.srv1" ])
[ "wireguard.pc" "srv1" "wireguard.srv1" "srv2" "wireguard.srv2" ])
++ (builtins.map
(host:
{
@@ -140,8 +140,6 @@ inputs:
[ "wlin" "hwang" ])
)
// rec {
xmupc1 = { host = "xmupc1"; hostname = "xmupc1.chn.moe"; port = 6007; forwardX11 = true; };
xmupc2 = { host = "xmupc2"; hostname = "xmupc2.chn.moe"; port = 6394; forwardX11 = true; };
nas = { host = "nas"; hostname = "192.168.1.2"; forwardX11 = true; };
pc = { host = "pc"; hostname = "192.168.1.3"; forwardX11 = true; };
one = { host = "one"; hostname = "192.168.1.4"; forwardX11 = true; };
@@ -154,10 +152,11 @@ inputs:
forwardAgent = true;
extraOptions.AddKeysToAgent = "yes";
};
"wireguard.jykang" = jykang // { host = "wireguard.jykang"; proxyJump = "wireguard.xmupc1"; };
"wireguard.jykang" = jykang // { host = "wireguard.jykang"; proxyJump = "wireguard.srv2"; };
srv1-node1 = { host = "srv1-node1"; hostname = "192.168.178.2"; proxyJump = "srv1"; };
srv1-node2 = { host = "srv1-node2"; hostname = "192.168.178.3"; proxyJump = "srv1"; };
srv1-node3 = { host = "srv1-node3"; hostname = "192.168.178.4"; proxyJump = "srv1"; };
srv2-node1 = { host = "srv2-node1"; hostname = "192.168.178.2"; proxyJump = "srv2"; };
};
};
})];

2
modules/user/chn/ssh.nix
View File

@@ -19,7 +19,7 @@ inputs:
(system: { name = system; value = { forwardAgent = true; extraOptions.AddKeysToAgent = "yes"; }; })
[
"vps6" "wireguard.vps6" "vps7" "wireguard.vps7" "wireguard.pc" "nas" "wireguard.nas" "pc"
"xmupc1" "wireguard.xmupc1" "xmupc2" "wireguard.xmupc2" "one" "wireguard.one"
"srv1" "wireguard.srv1" "srv2" "wireguard.srv2" "one" "wireguard.one"
]));
extraConfig = inputs.lib.mkIf inputs.config.nixos.model.private
''