NASP/NixOS-Config
35
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

build(nasp): refactor&modulize ->nvidia,docker,nginx,registry

Browse Source
This commit is contained in:
Dict Xiong 2024-06-01 12:18:51 +08:00
parent 17402e4bef
commit e8257c15df
1 changed files with 107 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

191
hosts/modules/nasp.nix
View File

@ -2,12 +2,29 @@
let
mainCfg = config.nasp;
nvidiaCfg = mainCfg.nvidia;
dockerCfg = mainCfg.docker;
nginxCfg = mainCfg.nginx;
registryCfg = mainCfg.registry;
gCfg = mainCfg.gSeries;
dnew = (pkgs.writeShellScriptBin "dnew" (builtins.readFile ./scripts/dnew));
in
{
options.nasp = {
enable = lib.mkEnableOption "the nasp server configurations";
nvidia = {
enable = lib.mkEnableOption "nvidia gpu support";
};
docker = {
enable = lib.mkEnableOption "docker runtime";
};
nginx = {
enable = lib.mkEnableOption "nginx web server";
enableCodeServer = lib.mkEnableOption "proxy code server in docker";
};
registry = {
enable = lib.mkEnableOption "the nasp registry";
};
gSeries = {
enable = lib.mkEnableOption "the g-series server configurations";
serial = lib.mkOption {
@ -108,11 +125,16 @@ in
hashedPassword = "$y$j9T$Ei67I7VhQD6gF20/lNBUx0$jnrLqLNSJVCS959deKCamoOi4Q76nNeQ7/kDQCCABl1";
};
users.groups.nasp = {};
## desktop
services.xserver = {
enable = true;
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
xkb.layout = "us";
};
}
# g series
(lib.mkIf (gCfg.enable) (let
ipSuffix = (builtins.toString (gCfg.serial + 100)); in {
## hardware
# nvidia
(lib.mkIf (nvidiaCfg.enable) {
nixpkgs.config.nvidia.acceptLicense = true;
hardware.nvidia = {
package = config.boot.kernelPackages.nvidiaPackages.legacy_470;
@ -127,6 +149,82 @@ in
driSupport = true;
driSupport32Bit = true;
};
virtualisation.docker.enableNvidia = true;
services.xserver.videoDrivers = [ "nvidia" ];
})
# docker
(lib.mkIf (dockerCfg.enable) {
virtualisation.docker = {
enable = true;
daemon.settings = {
ipv6 = true;
fixed-cidr-v6 = "fddd:d0c1:1::/64";
experimental = true;
ip6tables = true;
live-restore = false;
};
};
environment.systemPackages = with pkgs; [
dnew
];
})
# nginx
(lib.mkIf (nginxCfg.enable) {
services.nginx = {
enable = true;
virtualHosts."default" = {
serverName = "_";
default = true;
locations."/" = {
return = "404";
};
};
};
})
(lib.mkIf (nginxCfg.enable && nginxCfg.enableCodeServer) {
services.nginx.virtualHosts."code-server" = {
serverName = "proxy.nasp.fit";
locations."~ ^/${config.networking.hostName}/([A-Za-z0-9]+)/(.*)" = {
extraConfig = ''
rewrite "^/${config.networking.hostName}/([A-Za-z0-9]+)/(.*)" /$2 break;
proxy_pass "http://unix:/home2/run/$1.sock";
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
proxy_set_header Accept-Encoding gzip;
'';
};
};
})
# registry
(lib.mkIf (registryCfg.enable) {
systemd.timers."registry" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*:0/5:0";
Unit = "registry.service";
};
};
systemd.services."registry" = {
serviceConfig = {
Type = "oneshot";
User = "root";
};
script = builtins.readFile ./scripts/registry.sh;
path = with pkgs; [ git bash su ];
};
security.sudo.extraConfig = ''
%nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/docker
%nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/reboot
%nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/whoami
%nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/nvidia-smi
%nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/shutdown
%nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/ip
'';
})
# g series
(lib.mkIf (gCfg.enable) (let
ipSuffix = (builtins.toString (gCfg.serial + 100)); in {
## network
networking.hostName = assert (gCfg.serial > 0); "g" + (builtins.toString gCfg.serial);
networking.search = [ "nasp" ];
@ -198,86 +296,11 @@ in
interfaces = [ "${gCfg.eth2Name}" ];
};
## packages and services
environment.systemPackages = with pkgs; [
# custom
dnew
];
systemd.timers."registry" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*:0/5:0";
Unit = "registry.service";
};
};
systemd.services."registry" = {
serviceConfig = {
Type = "oneshot";
User = "root";
};
script = builtins.readFile ./scripts/registry.sh;
path = with pkgs; [ git bash su ];
};
## desktop
services.xserver = {
enable = true;
videoDrivers = [ "nvidia" ];
displayManager.gdm.enable = true;
desktopManager.gnome = {
enable = true;
extraGSettingsOverridePackages = [ pkgs.gnome.mutter ];
extraGSettingsOverrides = ''
[org.gnome.mutter]
experimental-features=['scale-monitor-framebuffer']
'';
};
layout = "us";
xkbVariant = "";
};
## docker
virtualisation.docker = {
enable = true;
enableNvidia = true;
daemon.settings = {
ipv6 = true;
fixed-cidr-v6 = "fddd:d0c1:1::/64";
experimental = true;
ip6tables = true;
live-restore = false;
};
};
## users
security.sudo.extraConfig = ''
%nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/docker
%nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/reboot
%nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/whoami
%nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/nvidia-smi
%nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/shutdown
%nasp ALL = (root) NOPASSWD: /run/current-system/sw/bin/ip
'';
## nginx
services.nginx = {
enable = true;
virtualHosts."default" = {
serverName = "_";
default = true;
locations."/" = {
return = "404";
};
};
virtualHosts."code-server" = {
serverName = "proxy.nasp.fit";
locations."~ ^/${config.networking.hostName}/([A-Za-z0-9]+)/(.*)" = {
extraConfig = ''
rewrite "^/${config.networking.hostName}/([A-Za-z0-9]+)/(.*)" /$2 break;
proxy_pass "http://unix:/home2/run/$1.sock";
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
proxy_set_header Accept-Encoding gzip;
'';
};
};
};
nasp.docker.enable = true;
nasp.nvidia.enable = true;
nasp.registry.enable = true;
nasp.nginx.enable = true;
nasp.nginx.enableCodeServer = true;
}))
]);
}