sstent/nixos-cluster
1
0
Fork 0
mirror of https://github.com/sstent/nixos-cluster.git synced 2026-01-25 14:42:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

working

Browse Source
This commit is contained in:
sstent
2023-11-19 04:46:19 +00:00
parent 595c067793
commit 36ca4f53f5
9 changed files with 162 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
modules/common.nix Normal file
View File

@@ -0,0 +1,23 @@
{ lib, pkgs, config, inputs, ... }: {
imports = [
./mnt-public.nix
./nomad.nix
./odroid-m1-setleds.nix
./odroid-m1.nix
];
environment.systemPackages = [
pkgs.git
pkgs.ncdu
];
services.openssh = {
enable = true;
settings.PermitRootLogin = "yes";
};
users.extraUsers.root.initialPassword = lib.mkForce "odroid";
}

60
modules/kboot-conf/default.nix Normal file
View File

@@ -0,0 +1,60 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.boot.loader.kboot-conf;
# The builder used to write during system activation
builder = pkgs.substituteAll {
src = ./generate-kboot-conf.sh;
isExecutable = true;
path = [pkgs.coreutils pkgs.gnused pkgs.gnugrep];
inherit (pkgs) bash;
};
# The builder exposed in populateCmd, which runs on the build architecture
populateBuilder = pkgs.buildPackages.substituteAll {
src = ./generate-kboot-conf.sh;
isExecutable = true;
path = with pkgs.buildPackages; [coreutils gnused gnugrep];
inherit (pkgs.buildPackages) bash;
};
in
{
options = {
boot.loader.kboot-conf = {
enable = mkOption {
default = false;
type = types.bool;
description = ''
Whether to create petitboot-compatible /kboot.conf
'';
};
configurationLimit = mkOption {
default = 10;
example = 5;
type = types.int;
description = ''
Maximum number of configurations in the generated kboot.conf.
'';
};
populateCmd = mkOption {
type = types.str;
readOnly = true;
description = ''
Contains the builder command used to populate an image,
honoring all options except the <literal>-c &lt;path-to-default-configuration&gt;</literal>
argument.
Useful to have for sdImage.populateRootCommands
'';
};
};
};
config = let
args = "-g ${toString cfg.configurationLimit} -n ${config.hardware.deviceTree.name}";
in mkIf cfg.enable {
system.build.installBootLoader = lib.mkForce "${builder} ${args} -c";
system.boot.loader.id = "kboot-conf";
boot.loader.kboot-conf.populateCmd = "${populateBuilder} ${args}";
};
}

77
modules/kboot-conf/generate-kboot-conf.sh Normal file
View File

@@ -0,0 +1,77 @@
#! @bash@/bin/sh -e
shopt -s nullglob
export PATH=/empty
for i in @path@; do PATH=$PATH:$i/bin; done
usage() {
echo "usage: $0 -c <path-to-default-configuration> -n <dtbName> [-g <num-generations>] [-d <target>]" >&2
exit 1
}
target=/kboot.conf
default= # Default configuration
numGenerations=0 # Number of other generations to include in the menu
while getopts "t:c:d:g:n:" opt; do
case "$opt" in
c) default="$OPTARG" ;;
g) numGenerations="$OPTARG" ;;
d) target="$OPTARG" ;;
n) dtbName="$OPTARG" ;;
\?) usage ;;
esac
done
[ "$default" = "" -o "$dtbName" = "" ] && usage
tmp=$target.tmp
# Echo out an kboot.conf menu entry
addEntry() {
local path=$(readlink -f "$1")
local tag="$2" # Generation number or 'default'
if ! test -e $path/kernel -a -e $path/initrd; then
return
fi
timestampEpoch=$(stat -L -c '%Z' $path)
timestamp=$(date "+%Y-%m-%d %H:%M" -d @$timestampEpoch)
nixosLabel="$(cat $path/nixos-version)"
extraParams="$(cat $path/kernel-params)"
local kernel=$(readlink -f "$path/kernel")
local initrd=$(readlink -f "$path/initrd")
local dtbs=$(readlink -f "$path/dtbs")
local id="nixos-$tag--$nixosLabel"
if [ "$tag" = "default" ]; then
echo "default=$id"
fi
echo -n "$id='"
echo -n "$kernel initrd=$initrd dtb=$dtbs/$dtbName "
echo -n "systemConfig=$path init=$path/init $extraParams"
echo "'"
}
echo "# Hola!" > $tmp
addEntry $default default >> $tmp
if [ "$numGenerations" -gt 0 ]; then
# Add up to $numGenerations generations of the system profile to the menu,
# in reverse (most recent to least recent) order.
for generation in $(
(cd /nix/var/nix/profiles && ls -d system-*-link) \
| sed 's/system-\([0-9]\+\)-link/\1/' \
| sort -n -r \
| head -n $numGenerations); do
link=/nix/var/nix/profiles/system-$generation-link
addEntry $link $generation
done >> $tmp
fi
mv -f $tmp $target

10
modules/mnt-public.nix Normal file
View File

@@ -0,0 +1,10 @@
{ lib, pkgs, config, inputs, ... }: {
fileSystems."/mnt/Public" = {
device = "//192.168.1.109/Public";
fsType = "cifs";
# options = ["uid=0,gid=1000"];
options = ["guest" "uid=1000"];
};
}

42
modules/nomad.nix Normal file
View File

@@ -0,0 +1,42 @@
{ lib, pkgs, config, inputs, ... }: {
virtualisation.docker.enable = true;
services.nomad = {
package = pkgs.nomad_1_6;
dropPrivileges = false;
enableDocker = true;
enable = true;
settings = {
client = {
enabled = true;
node_class = "";
no_host_uuid = false;
servers = ["192.168.1.221:4647" "192.168.1.225:4647" "192.168.1.226:4647" "192.168.1.227:4647" "192.168.1.222:4647" "192.168.1.223:4647" "192.168.1.224:4647"];
max_kill_timeout = "30s";
network_speed = 0;
cpu_total_compute = 0;
gc_interval = "1m";
gc_disk_usage_threshold = 80;
gc_inode_usage_threshold = 70;
gc_parallel_destroys = 2;
reserved = {
cpu = 0;
memory = 200;
disk = 0;
};
options = {
"docker.caps.whitelist" = "SYS_ADMIN,NET_ADMIN,chown,dac_override,fsetid,fowner,mknod,net_raw,setgid,setuid,setfcap,setpcap,net_bind_service,sys_chroot,kill,audit_write,sys_module";
"driver.raw_exec.enable" = "1";
"docker.volumes.enabled" = "True";
"docker.privileged.enabled" = "true";
"docker.auth.config" = "/root/.docker/config.json";
};
};
};
};
}

50
modules/odroid-m1-setleds.nix Normal file
View File

@@ -0,0 +1,50 @@
{ lib, pkgs, config, inputs, ... }: {
systemd.services.setleds = {
script = ''
echo "Setting Odroid LEDs"
echo none > /sys/class/leds/blue\:heartbeat/trigger
cat /sys/class/leds/blue\:heartbeat/trigger
'';
wantedBy = [ "multi-user.target" ];
};
virtualisation.docker.enable = true;
services.nomad = {
package = pkgs.nomad_1_6;
dropPrivileges = false;
enableDocker = true;
enable = true;
settings = {
client = {
enabled = true;
node_class = "";
no_host_uuid = false;
servers = ["192.168.1.221:4647" "192.168.1.225:4647" "192.168.1.226:4647" "192.168.1.227:4647" "192.168.1.222:4647" "192.168.1.223:4647" "192.168.1.224:4647"];
max_kill_timeout = "30s";
network_speed = 0;
cpu_total_compute = 0;
gc_interval = "1m";
gc_disk_usage_threshold = 80;
gc_inode_usage_threshold = 70;
gc_parallel_destroys = 2;
reserved = {
cpu = 0;
memory = 200;
disk = 0;
};
options = {
"docker.caps.whitelist" = "SYS_ADMIN,NET_ADMIN,chown,dac_override,fsetid,fowner,mknod,net_raw,setgid,setuid,setfcap,setpcap,net_bind_service,sys_chroot,kill,audit_write,sys_module";
"driver.raw_exec.enable" = "1";
"docker.volumes.enabled" = "True";
"docker.privileged.enabled" = "true";
"docker.auth.config" = "/root/.docker/config.json";
};
};
};
};
}

36
modules/odroid-m1.nix Normal file
View File

@@ -0,0 +1,36 @@
{ lib, pkgs, config, inputs, ... }: {
imports = [
./kboot-conf
];
boot.loader.grub.enable = false;
boot.loader.kboot-conf.enable = true;
# Use kernel >6.6
boot.kernelPackages = pkgs.linuxPackages_latest;
# Stop ZFS breasking the build
boot.supportedFilesystems = lib.mkForce [ "btrfs" "cifs" "f2fs" "jfs" "ntfs" "reiserfs" "vfat" "xfs" ];
# I'm not completely sure if some of these could be omitted,
# but want to make sure disk access works
boot.initrd.availableKernelModules = [
"nvme"
"nvme-core"
"phy-rockchip-naneng-combphy"
"phy-rockchip-snps-pcie3"
];
# Petitboot uses this port and baud rate on the boards serial port,
# it's probably good to keep the options same for the running
# kernel for serial console access to work well
boot.kernelParams = [ "console=ttyS2,1500000" ];
hardware.deviceTree.name = "rockchip/rk3568-odroid-m1.dtb";
# Turn on flakes.
##nix.package = pkgs.nixVersions.stable;
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
system.stateVersion = "23.11"; # Did you read the comment?
}