diff --git a/.sops.yaml b/.sops.yaml index 20f64a5..034607c 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -13,6 +13,7 @@ keys: - &g13 age1gucxgrgz6fadrqq0eyu5366s8946ctmsvtkw96r498gr7we4depq8pj578 - &g14 age14zehkczemky9y0gucf245zw73y4waq8w03lqakanlvjyxgwzcycqj47shq - &g17 age1wgl7dh762a8a9ag4rmcrjq3yu36xww254mkm6gl3zksq9jswsu3q0dq3en + - &g18-next age1qpdn3x5ea3as346nshnjs535el36y7eqnhajwqu3440skpst8yjswr7kaw creation_rules: - path_regex: hosts/g1/[^/]+\.(yaml|json|env|ini)$ key_groups: @@ -92,3 +93,9 @@ creation_rules: - *dictxiong-pgp age: - *g17 + - path_regex: hosts/g18-next/[^/]+\.(yaml|json|env|ini)$ + key_groups: + - pgp: + - *dictxiong-pgp + age: + - *g18-next diff --git a/hosts/g18-next/configuration.nix b/hosts/g18-next/configuration.nix new file mode 100644 index 0000000..b6225d2 --- /dev/null +++ b/hosts/g18-next/configuration.nix @@ -0,0 +1,40 @@ +{ config, lib, pkgs, ... }: + +{ + imports = + [ + ./hardware-configuration.nix + ../modules/nasp.nix + ]; + nasp = { + enable = true; + gSeries = { + enable = true; + serial = 18; + }; + registry.enable = false; + nginx.enableCodeServer = false; + nvidia.enable = false; + }; + networking.hostName = lib.mkForce "g18-next"; + networking.hostId = "11f1fad0"; + systemd.network.networks."10-veth0" = { + matchConfig.Name = "enp1s0"; + networkConfig = { + DHCP = "yes"; + IPv6AcceptRA = true; + }; + address = [ "192.168.122.118/24" ]; + routes = [ + { + routeConfig = { + Gateway = "192.168.122.1"; + GatewayOnLink = true; + Metric = 90; + }; + } + ]; + }; + + system.stateVersion = "24.05"; +} diff --git a/hosts/g18-next/hardware-configuration.nix b/hosts/g18-next/hardware-configuration.nix new file mode 100644 index 0000000..7226dca --- /dev/null +++ b/hosts/g18-next/hardware-configuration.nix @@ -0,0 +1,39 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/7faf0b44-0540-4dbc-8d82-d433f4dd583b"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/9AF1-8992"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/ba441743-a8b0-4f0c-af9c-294ca4526350"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/g18-next/secrets.yaml b/hosts/g18-next/secrets.yaml new file mode 100644 index 0000000..4c68f5f --- /dev/null +++ b/hosts/g18-next/secrets.yaml @@ -0,0 +1,32 @@ +telegraf: ENC[AES256_GCM,data:rL1OlmmKF7jAh4/QwHAAfZ3hLCjoxKCTTLDidyvhDYCn2tS9p08GFXLJXz5Fr9GZJtPSFfMqGNOHocRVbcirwGwQTpabAmE6qTXSjHruw4EcmDqWem4AXA4xaaAdVwwz0KFMCPw8JzbqQJUMFPKw5xJbGd/juwxHT1NM7yi/eWMMkudkiwmOIT8fTENDklWm,iv:Pwb24wZuL0TlKArUG5RhTobWShHZRtd6J+HMAXharEU=,tag:7w/yqXgeEORoaIlGnSFUbQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1qpdn3x5ea3as346nshnjs535el36y7eqnhajwqu3440skpst8yjswr7kaw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNUXRwK0VHRkt3M0l6dUpn + Q1lZMkFhbWRoclRmS1JYOTY3KzlEVThXK3hRCkg4V0lQMHp6cTdwYnVDU1RCd01i + V2R5NlVmQ1kvRUlhY3Rra2ZNUENkL3cKLS0tIGE0Mm93ZHdZNzNUZ2UybXhFM2x0 + SzdrSGh5S1lTMU8vZDJsTWcwQ2FGaFkKKqqNYoEz3bAD6wztI8Z8gy2iBOBitQSJ + 4z8HxXzSnnfvMVvnslfmCDOdImXZbgHmFbOjOLtkgfRPrTWS4PQwww== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-06-17T16:06:28Z" + mac: ENC[AES256_GCM,data:lEga7oJh4nXn/f/nTcQX/3IawwpNa3cezphCAhdKvyxC6MIQD/YkhDpn8fx1OUTuwaGL6eko2xNhgwPP8QQvXLtYT6I/zOI5zWxWDbwymjefJSCKssKkl/YFSmbl1lnrqZ6z11fgM20pYAQfgvhfUgBmeNcUyNo0rugkqwYoG0s=,iv:7C5xmJBPAODkEBIxLEbdrMFMGkFOKx0QcgMPjRJGV0s=,tag:/1t4MVd2+19LUTTd99pXYw==,type:str] + pgp: + - created_at: "2024-06-17T16:06:25Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DLBF4i730Eg8SAQdArE5SCFOnVKzorfcZUOJMdbA/yuNQop21BAdFxLO6Dn0w + 3Cz2HVTS6nAPB3Qt3ws6zvDWha6J1Sxe4+0oelYTDbVLb+G9tae9tFMCPoJftT7Y + 0l4BJZPSQkFgwTkZdqhVcJzrySR00rBfndbbiL+E/EX5wA7isynsZfHEjxlyJUcs + FpegP/ZqDkHtk/fOgv30w+5KRlweeWTx1FrHCBcSCcKL9ukvZjbXY8jnPzLyTtSr + =LVLp + -----END PGP MESSAGE----- + fp: 3E241558655D7FE06C6711A5A5D6250D1806CAA8 + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/hosts/modules/nasp.nix b/hosts/modules/nasp.nix index 57c476d..9b0770a 100644 --- a/hosts/modules/nasp.nix +++ b/hosts/modules/nasp.nix @@ -46,14 +46,17 @@ in }; eth0Name = lib.mkOption { type = lib.types.str; + default = ""; description = "Name of eth0 (192.168.16.0/24)"; }; eth1Name = lib.mkOption { type = lib.types.str; + default = ""; description = "Name of eth1 (thunet)"; }; eth2Name = lib.mkOption { type = lib.types.str; + default = ""; description = "Name of the RoCE NIC"; }; }; @@ -341,6 +344,14 @@ in %telegraf ALL = (root) NOPASSWD: /run/current-system/sw/bin/smartctl ''; }) + (lib.mkIf (telegrafCfg.enable && nvidiaCfg.enable) { + services.telegraf.extraConfig = { + inputs.nvidia_smi = { + bin_path = "/run/current-system/sw/bin/nvidia-smi"; + tags = { bucket = telegrafCfg.bucket; }; + }; + }; + }) # g series (lib.mkIf (gCfg.enable) (let ipSuffix = (builtins.toString (gCfg.serial + 100)); in { @@ -348,44 +359,6 @@ in networking.hostName = assert (gCfg.serial > 0); "g" + (builtins.toString gCfg.serial); networking.search = [ "nasp" ]; networking.nameservers = [ "192.168.16.118" ]; - systemd.network.networks."10-eth0" = { - matchConfig.Name = gCfg.eth0Name; - networkConfig = { - DHCP = "no"; - IPv6AcceptRA = true; - }; - address = [ "192.168.16.${ipSuffix}/24" ]; - routes = [ - { - routeConfig = { - Gateway = "192.168.16.118"; - GatewayOnLink = true; - Metric = 90; - }; - } - { - routeConfig = { - Gateway = "fd01:da8:bf:300::1"; - GatewayOnLink = true; - Metric = 90; - }; - } - ]; - }; - systemd.network.networks."10-eth1" = { - matchConfig.Name = gCfg.eth1Name; - networkConfig = { - DHCP = "yes"; - IPv6AcceptRA = true; - }; - linkConfig.RequiredForOnline = "no"; - }; - systemd.network.networks."10-eth2" = { - matchConfig.Name = gCfg.eth2Name; - address = [ "12.12.12.${ipSuffix}/24" ]; - linkConfig.RequiredForOnline = "no"; - }; - networking.interfaces.${gCfg.eth0Name}.wakeOnLan.enable = true; networking.extraHosts = '' 192.168.16.101 g1-nasp g1 192.168.16.102 g2-nasp g2 @@ -412,10 +385,6 @@ in iptables -A INPUT -s 192.168.16.0/24 -j ACCEPT iptables -A INPUT -s 12.12.12.0/24 -j ACCEPT ''; - networking.rxe = { - enable = true; - interfaces = [ "${gCfg.eth2Name}" ]; - }; fileSystems."/share" = { device = "192.168.16.118:/data0/share"; fsType = "nfs"; @@ -431,16 +400,58 @@ in enable = lib.mkDefault true; bucket = "g-series"; }; - services.telegraf.extraConfig = { - inputs.nvidia_smi = { - bin_path = "/run/current-system/sw/bin/nvidia-smi"; - tags = { bucket = "g-series"; }; - }; - }; services.ntp = { enable = true; servers = [ "192.168.16.118" ]; }; })) + (lib.mkIf (gCfg.enable && gCfg.eth0Name != "") { + systemd.network.networks."10-eth0" = { + matchConfig.Name = gCfg.eth0Name; + networkConfig = { + DHCP = "no"; + IPv6AcceptRA = true; + }; + address = [ "192.168.16.${ipSuffix}/24" ]; + routes = [ + { + routeConfig = { + Gateway = "192.168.16.118"; + GatewayOnLink = true; + Metric = 90; + }; + } + { + routeConfig = { + Gateway = "fd01:da8:bf:300::1"; + GatewayOnLink = true; + Metric = 90; + }; + } + ]; + }; + networking.interfaces.${gCfg.eth0Name}.wakeOnLan.enable = true; + }) + (lib.mkIf (gCfg.enable && gCfg.eth1Name != "") { + systemd.network.networks."10-eth1" = { + matchConfig.Name = gCfg.eth1Name; + networkConfig = { + DHCP = "yes"; + IPv6AcceptRA = true; + }; + linkConfig.RequiredForOnline = "no"; + }; + }) + (lib.mkIf (gCfg.enable && gCfg.eth2Name != "") { + systemd.network.networks."10-eth2" = { + matchConfig.Name = gCfg.eth2Name; + address = [ "12.12.12.${ipSuffix}/24" ]; + linkConfig.RequiredForOnline = "no"; + }; + networking.rxe = { + enable = true; + interfaces = [ "${gCfg.eth2Name}" ]; + }; + }) ]); }