build(nasp): refactor&modulize ->nvidia,docker,nginx,registry
This commit is contained in:
parent
17402e4bef
commit
e8257c15df
@ -2,12 +2,29 @@
|
||||
|
||||
let
|
||||
mainCfg = config.nasp;
|
||||
nvidiaCfg = mainCfg.nvidia;
|
||||
dockerCfg = mainCfg.docker;
|
||||
nginxCfg = mainCfg.nginx;
|
||||
registryCfg = mainCfg.registry;
|
||||
gCfg = mainCfg.gSeries;
|
||||
dnew = (pkgs.writeShellScriptBin "dnew" (builtins.readFile ./scripts/dnew));
|
||||
in
|
||||
{
|
||||
options.nasp = {
|
||||
enable = lib.mkEnableOption "the nasp server configurations";
|
||||
nvidia = {
|
||||
enable = lib.mkEnableOption "nvidia gpu support";
|
||||
};
|
||||
docker = {
|
||||
enable = lib.mkEnableOption "docker runtime";
|
||||
};
|
||||
nginx = {
|
||||
enable = lib.mkEnableOption "nginx web server";
|
||||
enableCodeServer = lib.mkEnableOption "proxy code server in docker";
|
||||
};
|
||||
registry = {
|
||||
enable = lib.mkEnableOption "the nasp registry";
|
||||
};
|
||||
gSeries = {
|
||||
enable = lib.mkEnableOption "the g-series server configurations";
|
||||
serial = lib.mkOption {
|
||||
@ -108,11 +125,16 @@ in
|
||||
hashedPassword = "$y$j9T$Ei67I7VhQD6gF20/lNBUx0$jnrLqLNSJVCS959deKCamoOi4Q76nNeQ7/kDQCCABl1";
|
||||
};
|
||||
users.groups.nasp = {};
|
||||
## desktop
|
||||
services.xserver = {
|
||||
enable = true;
|
||||
displayManager.gdm.enable = true;
|
||||
desktopManager.gnome.enable = true;
|
||||
xkb.layout = "us";
|
||||
};
|
||||
}
|
||||
# g series
|
||||
(lib.mkIf (gCfg.enable) (let
|
||||
ipSuffix = (builtins.toString (gCfg.serial + 100)); in {
|
||||
## hardware
|
||||
# nvidia
|
||||
(lib.mkIf (nvidiaCfg.enable) {
|
||||
nixpkgs.config.nvidia.acceptLicense = true;
|
||||
hardware.nvidia = {
|
||||
package = config.boot.kernelPackages.nvidiaPackages.legacy_470;
|
||||
@ -127,6 +149,82 @@ in
|
||||
driSupport = true;
|
||||
driSupport32Bit = true;
|
||||
};
|
||||
virtualisation.docker.enableNvidia = true;
|
||||
services.xserver.videoDrivers = [ "nvidia" ];
|
||||
})
|
||||
# docker
|
||||
(lib.mkIf (dockerCfg.enable) {
|
||||
virtualisation.docker = {
|
||||
enable = true;
|
||||
daemon.settings = {
|
||||
ipv6 = true;
|
||||
fixed-cidr-v6 = "fddd:d0c1:1::/64";
|
||||
experimental = true;
|
||||
ip6tables = true;
|
||||
live-restore = false;
|
||||
};
|
||||
};
|
||||
environment.systemPackages = with pkgs; [
|
||||
dnew
|
||||
];
|
||||
})
|
||||
# nginx
|
||||
(lib.mkIf (nginxCfg.enable) {
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts."default" = {
|
||||
serverName = "_";
|
||||
default = true;
|
||||
locations."/" = {
|
||||
return = "404";
|
||||
};
|
||||
};
|
||||
};
|
||||
})
|
||||
(lib.mkIf (nginxCfg.enable && nginxCfg.enableCodeServer) {
|
||||
services.nginx.virtualHosts."code-server" = {
|
||||
serverName = "proxy.nasp.fit";
|
||||
locations."~ ^/${config.networking.hostName}/([A-Za-z0-9]+)/(.*)" = {
|
||||
extraConfig = ''
|
||||
rewrite "^/${config.networking.hostName}/([A-Za-z0-9]+)/(.*)" /$2 break;
|
||||
proxy_pass "http://unix:/home2/run/$1.sock";
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection upgrade;
|
||||
proxy_set_header Accept-Encoding gzip;
|
||||
'';
|
||||
};
|
||||
};
|
||||
})
|
||||
# registry
|
||||
(lib.mkIf (registryCfg.enable) {
|
||||
systemd.timers."registry" = {
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig = {
|
||||
OnCalendar = "*:0/5:0";
|
||||
Unit = "registry.service";
|
||||
};
|
||||
};
|
||||
systemd.services."registry" = {
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
User = "root";
|
||||
};
|
||||
script = builtins.readFile ./scripts/registry.sh;
|
||||
path = with pkgs; [ git bash su ];
|
||||
};
|
||||
security.sudo.extraConfig = ''
|
||||
%nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/docker
|
||||
%nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/reboot
|
||||
%nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/whoami
|
||||
%nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/nvidia-smi
|
||||
%nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/shutdown
|
||||
%nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/ip
|
||||
'';
|
||||
})
|
||||
# g series
|
||||
(lib.mkIf (gCfg.enable) (let
|
||||
ipSuffix = (builtins.toString (gCfg.serial + 100)); in {
|
||||
## network
|
||||
networking.hostName = assert (gCfg.serial > 0); "g" + (builtins.toString gCfg.serial);
|
||||
networking.search = [ "nasp" ];
|
||||
@ -198,86 +296,11 @@ in
|
||||
interfaces = [ "${gCfg.eth2Name}" ];
|
||||
};
|
||||
## packages and services
|
||||
environment.systemPackages = with pkgs; [
|
||||
# custom
|
||||
dnew
|
||||
];
|
||||
systemd.timers."registry" = {
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig = {
|
||||
OnCalendar = "*:0/5:0";
|
||||
Unit = "registry.service";
|
||||
};
|
||||
};
|
||||
systemd.services."registry" = {
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
User = "root";
|
||||
};
|
||||
script = builtins.readFile ./scripts/registry.sh;
|
||||
path = with pkgs; [ git bash su ];
|
||||
};
|
||||
## desktop
|
||||
services.xserver = {
|
||||
enable = true;
|
||||
videoDrivers = [ "nvidia" ];
|
||||
displayManager.gdm.enable = true;
|
||||
desktopManager.gnome = {
|
||||
enable = true;
|
||||
extraGSettingsOverridePackages = [ pkgs.gnome.mutter ];
|
||||
extraGSettingsOverrides = ''
|
||||
[org.gnome.mutter]
|
||||
experimental-features=['scale-monitor-framebuffer']
|
||||
'';
|
||||
};
|
||||
layout = "us";
|
||||
xkbVariant = "";
|
||||
};
|
||||
## docker
|
||||
virtualisation.docker = {
|
||||
enable = true;
|
||||
enableNvidia = true;
|
||||
daemon.settings = {
|
||||
ipv6 = true;
|
||||
fixed-cidr-v6 = "fddd:d0c1:1::/64";
|
||||
experimental = true;
|
||||
ip6tables = true;
|
||||
live-restore = false;
|
||||
};
|
||||
};
|
||||
## users
|
||||
security.sudo.extraConfig = ''
|
||||
%nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/docker
|
||||
%nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/reboot
|
||||
%nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/whoami
|
||||
%nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/nvidia-smi
|
||||
%nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/shutdown
|
||||
%nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/ip
|
||||
'';
|
||||
## nginx
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts."default" = {
|
||||
serverName = "_";
|
||||
default = true;
|
||||
locations."/" = {
|
||||
return = "404";
|
||||
};
|
||||
};
|
||||
virtualHosts."code-server" = {
|
||||
serverName = "proxy.nasp.fit";
|
||||
locations."~ ^/${config.networking.hostName}/([A-Za-z0-9]+)/(.*)" = {
|
||||
extraConfig = ''
|
||||
rewrite "^/${config.networking.hostName}/([A-Za-z0-9]+)/(.*)" /$2 break;
|
||||
proxy_pass "http://unix:/home2/run/$1.sock";
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection upgrade;
|
||||
proxy_set_header Accept-Encoding gzip;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
nasp.docker.enable = true;
|
||||
nasp.nvidia.enable = true;
|
||||
nasp.registry.enable = true;
|
||||
nasp.nginx.enable = true;
|
||||
nasp.nginx.enableCodeServer = true;
|
||||
}))
|
||||
]);
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user