feat: prepare for g18-next

2024-06-18 00:08:56 +08:00 · 2024-06-18 00:08:56 +08:00 · 21cda95000
commit 21cda95000
parent cb00edf274
5 changed files with 177 additions and 48 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -13,6 +13,7 @@ keys:
  - &g13 age1gucxgrgz6fadrqq0eyu5366s8946ctmsvtkw96r498gr7we4depq8pj578
  - &g14 age14zehkczemky9y0gucf245zw73y4waq8w03lqakanlvjyxgwzcycqj47shq
  - &g17 age1wgl7dh762a8a9ag4rmcrjq3yu36xww254mkm6gl3zksq9jswsu3q0dq3en
+  - &g18-next age1qpdn3x5ea3as346nshnjs535el36y7eqnhajwqu3440skpst8yjswr7kaw
 creation_rules:
  - path_regex: hosts/g1/[^/]+\.(yaml|json|env|ini)$
    key_groups:
@ -92,3 +93,9 @@ creation_rules:
      - *dictxiong-pgp
      age:
      - *g17
+  - path_regex: hosts/g18-next/[^/]+\.(yaml|json|env|ini)$
+    key_groups:
+    - pgp:
+      - *dictxiong-pgp
+      age:
+      - *g18-next
--- a/hosts/g18-next/configuration.nix
+++ b/hosts/g18-next/configuration.nix
@ -0,0 +1,40 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports =
+    [
+      ./hardware-configuration.nix
+      ../modules/nasp.nix
+    ];
+  nasp = {
+    enable = true;
+    gSeries = {
+      enable = true;
+      serial = 18;
+    };
+    registry.enable = false;
+    nginx.enableCodeServer = false;
+    nvidia.enable = false;
+  };
+  networking.hostName = lib.mkForce "g18-next";
+  networking.hostId = "11f1fad0";
+  systemd.network.networks."10-veth0" = {
+    matchConfig.Name = "enp1s0";
+    networkConfig = {
+      DHCP = "yes";
+      IPv6AcceptRA = true;
+    };
+    address = [ "192.168.122.118/24" ];
+    routes = [
+      {
+        routeConfig = {
+          Gateway = "192.168.122.1";
+          GatewayOnLink = true;
+          Metric = 90;
+        };
+      }
+    ];
+  };
+
+  system.stateVersion = "24.05";
+}
--- a/hosts/g18-next/hardware-configuration.nix
+++ b/hosts/g18-next/hardware-configuration.nix
@ -0,0 +1,39 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/7faf0b44-0540-4dbc-8d82-d433f4dd583b";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/9AF1-8992";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/ba441743-a8b0-4f0c-af9c-294ca4526350"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}
--- a/hosts/g18-next/secrets.yaml
+++ b/hosts/g18-next/secrets.yaml
@ -0,0 +1,32 @@
+telegraf: ENC[AES256_GCM,data:rL1OlmmKF7jAh4/QwHAAfZ3hLCjoxKCTTLDidyvhDYCn2tS9p08GFXLJXz5Fr9GZJtPSFfMqGNOHocRVbcirwGwQTpabAmE6qTXSjHruw4EcmDqWem4AXA4xaaAdVwwz0KFMCPw8JzbqQJUMFPKw5xJbGd/juwxHT1NM7yi/eWMMkudkiwmOIT8fTENDklWm,iv:Pwb24wZuL0TlKArUG5RhTobWShHZRtd6J+HMAXharEU=,tag:7w/yqXgeEORoaIlGnSFUbQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1qpdn3x5ea3as346nshnjs535el36y7eqnhajwqu3440skpst8yjswr7kaw
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNUXRwK0VHRkt3M0l6dUpn
+            Q1lZMkFhbWRoclRmS1JYOTY3KzlEVThXK3hRCkg4V0lQMHp6cTdwYnVDU1RCd01i
+            V2R5NlVmQ1kvRUlhY3Rra2ZNUENkL3cKLS0tIGE0Mm93ZHdZNzNUZ2UybXhFM2x0
+            SzdrSGh5S1lTMU8vZDJsTWcwQ2FGaFkKKqqNYoEz3bAD6wztI8Z8gy2iBOBitQSJ
+            4z8HxXzSnnfvMVvnslfmCDOdImXZbgHmFbOjOLtkgfRPrTWS4PQwww==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-06-17T16:06:28Z"
+    mac: ENC[AES256_GCM,data:lEga7oJh4nXn/f/nTcQX/3IawwpNa3cezphCAhdKvyxC6MIQD/YkhDpn8fx1OUTuwaGL6eko2xNhgwPP8QQvXLtYT6I/zOI5zWxWDbwymjefJSCKssKkl/YFSmbl1lnrqZ6z11fgM20pYAQfgvhfUgBmeNcUyNo0rugkqwYoG0s=,iv:7C5xmJBPAODkEBIxLEbdrMFMGkFOKx0QcgMPjRJGV0s=,tag:/1t4MVd2+19LUTTd99pXYw==,type:str]
+    pgp:
+        - created_at: "2024-06-17T16:06:25Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hF4DLBF4i730Eg8SAQdArE5SCFOnVKzorfcZUOJMdbA/yuNQop21BAdFxLO6Dn0w
+            3Cz2HVTS6nAPB3Qt3ws6zvDWha6J1Sxe4+0oelYTDbVLb+G9tae9tFMCPoJftT7Y
+            0l4BJZPSQkFgwTkZdqhVcJzrySR00rBfndbbiL+E/EX5wA7isynsZfHEjxlyJUcs
+            FpegP/ZqDkHtk/fOgv30w+5KRlweeWTx1FrHCBcSCcKL9ukvZjbXY8jnPzLyTtSr
+            =LVLp
+            -----END PGP MESSAGE-----
+          fp: 3E241558655D7FE06C6711A5A5D6250D1806CAA8
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1
--- a/hosts/modules/nasp.nix
+++ b/hosts/modules/nasp.nix
@ -46,14 +46,17 @@ in
      };
      eth0Name = lib.mkOption {
        type = lib.types.str;
+        default = "";
        description = "Name of eth0 (192.168.16.0/24)";
      };
      eth1Name = lib.mkOption {
        type = lib.types.str;
+        default = "";
        description = "Name of eth1 (thunet)";
      };
      eth2Name = lib.mkOption {
        type = lib.types.str;
+        default = "";
        description = "Name of the RoCE NIC";
      };
    };
@ -341,6 +344,14 @@ in
        %telegraf ALL = (root) NOPASSWD: /run/current-system/sw/bin/smartctl
      '';
    })
+    (lib.mkIf (telegrafCfg.enable && nvidiaCfg.enable) {
+      services.telegraf.extraConfig = {
+        inputs.nvidia_smi = {
+          bin_path = "/run/current-system/sw/bin/nvidia-smi";
+          tags = { bucket = telegrafCfg.bucket; };
+        };
+      };
+    })
    # g series
    (lib.mkIf (gCfg.enable) (let
      ipSuffix = (builtins.toString (gCfg.serial + 100)); in {
@ -348,44 +359,6 @@ in
      networking.hostName = assert (gCfg.serial > 0); "g" + (builtins.toString gCfg.serial);
      networking.search = [ "nasp" ];
      networking.nameservers = [ "192.168.16.118" ];
-      systemd.network.networks."10-eth0" = {
-        matchConfig.Name = gCfg.eth0Name;
-        networkConfig = {
-          DHCP = "no";
-          IPv6AcceptRA = true;
-        };
-        address = [ "192.168.16.${ipSuffix}/24" ];
-        routes = [
-          {
-            routeConfig = {
-              Gateway = "192.168.16.118";
-              GatewayOnLink = true;
-              Metric = 90;
-            };
-          }
-          {
-            routeConfig = {
-              Gateway = "fd01:da8:bf:300::1";
-              GatewayOnLink = true;
-              Metric = 90;
-            };
-          }
-        ];
-      };
-      systemd.network.networks."10-eth1" = {
-        matchConfig.Name = gCfg.eth1Name;
-        networkConfig = {
-          DHCP = "yes";
-          IPv6AcceptRA = true;
-        };
-        linkConfig.RequiredForOnline = "no";
-      };
-      systemd.network.networks."10-eth2" = {
-        matchConfig.Name = gCfg.eth2Name;
-        address = [ "12.12.12.${ipSuffix}/24" ];
-        linkConfig.RequiredForOnline = "no";
-      };
-      networking.interfaces.${gCfg.eth0Name}.wakeOnLan.enable = true;
      networking.extraHosts = ''
        192.168.16.101 g1-nasp g1
        192.168.16.102 g2-nasp g2
@ -412,10 +385,6 @@ in
        iptables -A INPUT -s 192.168.16.0/24 -j ACCEPT
        iptables -A INPUT -s 12.12.12.0/24 -j ACCEPT
      '';
-      networking.rxe = {
-        enable = true;
-        interfaces = [ "${gCfg.eth2Name}" ];
-      };
      fileSystems."/share" = {
        device = "192.168.16.118:/data0/share";
        fsType = "nfs";
@ -431,16 +400,58 @@ in
        enable = lib.mkDefault true;
        bucket = "g-series";
      };
-      services.telegraf.extraConfig = {
-        inputs.nvidia_smi = {
-          bin_path = "/run/current-system/sw/bin/nvidia-smi";
-          tags = { bucket = "g-series"; };
-        };
-      };
      services.ntp = {
        enable = true;
        servers = [ "192.168.16.118" ];
      };
    }))
+    (lib.mkIf (gCfg.enable && gCfg.eth0Name != "") {
+      systemd.network.networks."10-eth0" = {
+        matchConfig.Name = gCfg.eth0Name;
+        networkConfig = {
+          DHCP = "no";
+          IPv6AcceptRA = true;
+        };
+        address = [ "192.168.16.${ipSuffix}/24" ];
+        routes = [
+          {
+            routeConfig = {
+              Gateway = "192.168.16.118";
+              GatewayOnLink = true;
+              Metric = 90;
+            };
+          }
+          {
+            routeConfig = {
+              Gateway = "fd01:da8:bf:300::1";
+              GatewayOnLink = true;
+              Metric = 90;
+            };
+          }
+        ];
+      };
+      networking.interfaces.${gCfg.eth0Name}.wakeOnLan.enable = true;
+    })
+    (lib.mkIf (gCfg.enable && gCfg.eth1Name != "") {
+      systemd.network.networks."10-eth1" = {
+        matchConfig.Name = gCfg.eth1Name;
+        networkConfig = {
+          DHCP = "yes";
+          IPv6AcceptRA = true;
+        };
+        linkConfig.RequiredForOnline = "no";
+      };
+    })
+    (lib.mkIf (gCfg.enable && gCfg.eth2Name != "") {
+      systemd.network.networks."10-eth2" = {
+        matchConfig.Name = gCfg.eth2Name;
+        address = [ "12.12.12.${ipSuffix}/24" ];
+        linkConfig.RequiredForOnline = "no";
+      };
+      networking.rxe = {
+        enable = true;
+        interfaces = [ "${gCfg.eth2Name}" ];
+      };
+    })
  ]);
 }