devices.vps6: add wireguard peer

devices.srv1.node0: enable nfs server
devices.srv1.node1: add no-share-home specialisation
2024-10-22 21:18:44 +08:00 · 2024-09-16 12:42:30 +08:00 · 2024-09-16 12:00:04 +08:00 · 2024-09-16 11:49:30 +08:00 · 2024-09-16 11:43:03 +08:00 · 2024-09-16 11:18:02 +08:00
10 changed files with 125 additions and 6 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -11,6 +11,7 @@ keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
  - &pi3b age1yjgswvexp0x0de0sw4u6hamruzeluxccmx2enxazl6pwhhsr2s9qlxdemq
  - &pcvm age1jmu4jym0e0xkq5shx2g7ef4xzre94vaxy2n4fcn0kp94dtlupdxqkzyyp7
  - &srv1-node0 age1nzetyehldf3gl6pr6mu5d2cv387p8wjqn6wfpll7a3sl8us6n38s0ds633
+  - &srv1-node1 age1wj33xt8nj7rhnsenepsf6k3lmq5vk4wn84jwr55qy9cwu05xn5cspg3h7t
 creation_rules:
  - path_regex: devices/pc/.*$
    key_groups:
@ -67,3 +68,8 @@ creation_rules:
    - age:
      - *chn
      - *srv1-node0
+  - path_regex: devices/srv1/node1/.*$
+    key_groups:
+    - age:
+      - *chn
+      - *srv1-node1
--- a/devices/srv1/node0/default.nix
+++ b/devices/srv1/node0/default.nix
@ -13,6 +13,7 @@ inputs:
          eno145 = { ip = "192.168.1.10"; mask = 24; gateway = "192.168.1.1"; };
          eno146 = { ip = "192.168.178.1"; mask = 24; };
        };
+        cluster.nodeType = "master";
      };
      services =
      {
@ -32,7 +33,12 @@ inputs:
          memoryMB = 122880;
        };
      };
-      system.cluster.nodeType = "master";
    };
+    services.nfs.server =
+    {
+      enable = true;
+      exports = "/home 192.168.178.0/24(rw)";
+    };
+    networking.firewall.allowedTCPPorts = [ 2049 ];
  };
 }
--- a/devices/srv1/node1/default.nix
+++ b/devices/srv1/node1/default.nix
@ -0,0 +1,51 @@
+inputs:
+{
+  config =
+  {
+    nixos =
+    {
+      system =
+      {
+        nixpkgs.march = "broadwell";
+        networking.networkd.static =
+        {
+          eno1 = { ip = "192.168.1.11"; mask = 24; gateway = "192.168.1.1"; };
+          eno2 = { ip = "192.168.178.2"; mask = 24; gateway = "192.168.178.1"; };
+        };
+        cluster.nodeType = "worker";
+      };
+      services =
+      {
+        beesd.instances.root = { device = "/"; hashTableSizeMB = 256; threads = 4; };
+        # slurm =
+        # {
+        #   enable = true;
+        #   cpu = { sockets = 4; cores = 8; threads = 2; mpiThreads = 4; openmpThreads = 8; };
+        #   memoryMB = 30720;
+        # };
+      };
+      packages =
+      {
+        vasp = null;
+        packages._packages = [(inputs.pkgs.runCommand "master-system" {}
+        ''
+          mkdir -p $out/share
+          ln -s ${inputs.topInputs.self.nixosConfigurations.srv1-node0.config.system.build.toplevel} \
+            $out/share/master-system
+        '')];
+      };
+    };
+    specialisation =
+    {
+      no-share-home.configuration =
+      {
+        nixos =
+        {
+          services.slurm.enable = inputs.lib.mkForce false;
+          system.cluster.nodeType = inputs.lib.mkForce "master";
+        };
+        system.nixos.tags = [ "no-share-home" ];
+      };
+    };
+  };
+}
--- a/devices/srv1/node1/secrets/default.yaml
+++ b/devices/srv1/node1/secrets/default.yaml
@ -0,0 +1,30 @@
+hello: ENC[AES256_GCM,data:wA==,iv:kLAdTomvGSJRmZiO916Ort8crRCp05vlSamVMJ/gLbU=,tag:QTxIe+dhLWVljw9Svuu7Tg==,type:int]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvaHcyMnpWRTAwRzJ0MTFi
+            elk3QXNqdXQ2MEttNXhBOGF1Vlk5cW12YTM4ClRkUm5zUUo5NjVrNnBlSFFPOVVR
+            V3VxVWZQQ0VvTm9KZ2Y1L3BpRkFDTjgKLS0tIDJadStsQ1Vya0FMa21Da3ZhUDVN
+            RVVTQXY2NkdzbVFLY1pYYTRLSGM5WDgKbFabN/iH2YDJaSXdm+7EebKS/As1zH43
+            HjUp2LHN85/WQEx3VheZRGJBwpNn/Tdunhm0yTdNA1jpzQnO9bIMXg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1wj33xt8nj7rhnsenepsf6k3lmq5vk4wn84jwr55qy9cwu05xn5cspg3h7t
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1TTlxNWhMS0dJbkZRSWsv
+            MitoM1NicmJzbVJBZnhUbnlJejBWVzU1TmpnCkxrVEs2eEE5VnVDN0NNaFZ0b3M0
+            SXFmc2JxblAvN29Eb2ZrR1llZkp6cmMKLS0tIGdQMjNIRXY2UGIxdGk2Q2V1MXJO
+            R1BkT1hoSWo1RlJnU0pCdTFYbDFoZmMKKF7cND1jSo+neTTJ+GwW4T0RTOX9mbME
+            58wjAtkrKSD2vDFMQ/vtPNiohAt6RMdClLVm50yh7Oh961YmvJYnbA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-09-16T03:04:24Z"
+    mac: ENC[AES256_GCM,data:2uq4QvP4l+WvV5G1FOj9nNmC9ZRvJcLUsLU0/Wrh7b6f+30g0lkw5M/WtHFd9CjrfB1O98Cvm3Y3ABsSTue5OLuAjACc+Jz5wvRbuLkWRNRU4HNdaAJIzN5Fqd6w+SR8vzLCe+NTcDlhEjdD0zcrRGD4+aM/cnn228sCTtRw1JY=,iv:MhHsNC/VJVPI8LVN9xuY4JZFlinuDI3C3Igo/O9/gbs=,tag:4jIbeOwspn7yZCrn8xKVrA==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.0
--- a/devices/srv1/node1/secrets/munge.key
+++ b/devices/srv1/node1/secrets/munge.key
@ -0,0 +1,24 @@
+{
+	"data": "ENC[AES256_GCM,data:GHsftJ/b50XSTy3wCX/ms8iGhs7oQMrqw5R+7PxrjAm/VzcYJbAQjYButIeNYB2/r87IGKDEMAskowocqyuhamTZS9n6eElDBZrEoUXc9J/lZvXrNqBa2pDsR5a58X6Paj2kMn8Ke9M3vwHcgniEgZtC2h5u6VwbgPMZniqYT5w=,iv:KhGKrf0tXdLb0sWc6kB9lXjj9jOU+wsy76xGFRmwdz8=,tag:s+NBphi1n00GflKqujZcfA==,type:str]",
+	"sops": {
+		"kms": null,
+		"gcp_kms": null,
+		"azure_kv": null,
+		"hc_vault": null,
+		"age": [
+			{
+				"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPYWdxSzIrQzRaVnh3K292\nVGkwdWUxanpQbEllWlNvaHBoQ2VYR2pXcVZVCk14ZmxlK1pSWnpCZC8yaE84b1Ew\nNTJUTDErTUVxZzBqdGFORDc1TEo0REkKLS0tIFZJeFIvd3BDOGkwenMrWlAyVHdh\nTzRHNU02RWY4clJ4dk1IV3R4c0VTd2cKeX/tLKOnkbcAhkgCY+T4XWBgc7eUFecn\nfqd6Kxfg6P75OT6Z4ACKsHDGznGk8fYk+Ms67MSCGzr1HXaR14/eVQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1wj33xt8nj7rhnsenepsf6k3lmq5vk4wn84jwr55qy9cwu05xn5cspg3h7t",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxODlXSGpsYk5BZ1piSUhX\nUnlTQXpycmV3YlhLM01SMXZ2ZzFXWEU5MVNZCnVUNFRUTTVNaWVUZWY4dklFMmhW\nWUc1azJFNGJTZFVlRkdSZEd0eUozbk0KLS0tIDhUTFE3cHpFblZTa056R0lscHR4\nSXpoT2QrOU9mcDV2ZjR1bjV4cHZCdXMKyVyxBRY9oyhfj0ZMVRtjf8TT0qRJULwN\nosghj6bPqOFl3C9zBne1Xn/2mOj5lkMZP6MAMPtaW8nvsf/LkZx/Hg==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2024-09-16T03:08:59Z",
+		"mac": "ENC[AES256_GCM,data:SjmuJVeJsamHE7Yv5Lvoyjp0CysTo3K1nyJgPI7KKp21H8Xq59g9/zbth4pCdIMHyt43MNUXFkhYD/Ox9ySoDEi2pr7H2kM9fcFM0W/ObM/gm/lt5jTLzzS+OkKys+Yw/WA2nIStSNq7rAb/SKFbHvj1P9YBsJxlOnBzTW7uu8g=,iv:tNjnqRX1D+vY8w7RxZzo+HdfjK9pXJpB5MKnb7EyUXk=,tag:PuLU5zmUH14ZxuTUPIz20Q==,type:str]",
+		"pgp": null,
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.9.0"
+	}
+}
--- a/devices/vps6/default.nix
+++ b/devices/vps6/default.nix
@ -71,7 +71,7 @@ inputs:
        wireguard =
        {
          enable = true;
-          peers = [ "pc" "nas" "vps7" "surface" "xmupc1" "xmupc2" "pi3b" ];
+          peers = [ "pc" "nas" "vps7" "surface" "xmupc1" "xmupc2" "pi3b" "srv1-node0" ];
          publicKey = "AVOsYUKQQCvo3ctst3vNi8XSVWo1Wh15066aHh+KpF4=";
          wireguardIp = "192.168.83.1";
          listenIp = "74.211.99.69";
--- a/flake/nixos.nix
+++ b/flake/nixos.nix
@ -47,5 +47,5 @@ builtins.listToAttrs
        ];
      };
    })
-    [ "node0" "node3" ])
+    [ "node0" "node1" "node3" ])
 )
--- a/modules/user/chn/default.nix
+++ b/modules/user/chn/default.nix
@ -86,7 +86,8 @@ inputs:
      };
    };
    environment.persistence =
-      let inherit (inputs.config.nixos.system) impermanence; in inputs.lib.mkIf impermanence.enable
+      let inherit (inputs.config.nixos.system) impermanence;
+      in inputs.lib.mkIf (inputs.config.nixos.system.cluster.nodeType or null != "worker" && impermanence.enable)
      {
        # TODO: make copy or soft link of files
        "${impermanence.persistence}".users.chn =
--- a/modules/user/chn/plasma/autostart.nix
+++ b/modules/user/chn/plasma/autostart.nix
@ -67,7 +67,7 @@ inputs:
        (devices.${inputs.config.nixos.system.networking.hostname} or []));
    environment.persistence =
      let impermanence = inputs.config.nixos.system.impermanence;
-      in inputs.lib.mkIf impermanence.enable
+      in inputs.lib.mkIf (inputs.config.nixos.system.cluster.nodeType or null != "worker" && impermanence.enable)
      {
        "${impermanence.root}".users.chn.directories = [ ".config/autostart" ];
      };
--- a/modules/user/chn/plasma/konsole.nix
+++ b/modules/user/chn/plasma/konsole.nix
@ -68,7 +68,8 @@ inputs:
        (builtins.readFile "${inputs.pkgs.konsole}/share/konsole/Breeze.colorscheme");
    };
    environment.persistence =
-      let impermanence = inputs.config.nixos.system.impermanence; in inputs.lib.mkIf impermanence.enable
+      let impermanence = inputs.config.nixos.system.impermanence;
+      in inputs.lib.mkIf (inputs.config.nixos.system.cluster.nodeType or null != "worker" && impermanence.enable)
        { "${impermanence.root}".users.chn.directories = [ ".local/share/konsole" ".local/share/yakuake" ]; };
  };
 }
Author	SHA1	Message	Date
chn	375dd507fc	devices.vps6: add wireguard peer	2024-09-16 12:42:30 +08:00
chn	d2594617a9	devices.srv1.node0: enable nfs server	2024-09-16 12:00:04 +08:00
chn	f589beb956	devices.srv1.node1: add no-share-home specialisation	2024-09-16 11:49:30 +08:00
chn	b01efa89cd	modules.users.chn: disable persistence for worker node	2024-09-16 11:43:03 +08:00
chn	7e0e363b48	devices.srv1-node1: install	2024-09-16 11:18:02 +08:00