sstent/nixos-cluster
1
0
Fork 0
mirror of https://github.com/sstent/nixos-cluster.git synced 2026-02-13 19:07:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

sync

Browse Source
This commit is contained in:
sstent
2025-08-15 12:25:44 +00:00
parent ded46ebce2
commit db35c08fc6
9 changed files with 67 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/odroid6/default.nix
View File

@@ -9,10 +9,12 @@
./hardware-configuration.nix ./hardware-configuration.nix
../../modules/odroid-m1-setleds.nix ../../modules/odroid-m1-setleds.nix
../../modules/odroid-m1.nix ../../modules/odroid-m1.nix
../../modules/keepalived.nix
]; ];
nixpkgs.hostPlatform.system = "aarch64-linux"; nixpkgs.hostPlatform.system = "aarch64-linux";
networking.hostName = "odroid6"; networking.hostName = "odroid6";
custom.VIP_Priority = 100;
networking.interfaces.end0.ipv4.addresses = [ networking.interfaces.end0.ipv4.addresses = [
{ {
address = "192.168.4.226"; address = "192.168.4.226";

1
hosts/odroid7/default.nix
View File

@@ -9,6 +9,7 @@
./hardware-configuration.nix ./hardware-configuration.nix
../../modules/odroid-m1-setleds.nix ../../modules/odroid-m1-setleds.nix
../../modules/odroid-m1.nix ../../modules/odroid-m1.nix
../../modules/keepalived.nix
]; ];
nixpkgs.hostPlatform.system = "aarch64-linux"; nixpkgs.hostPlatform.system = "aarch64-linux";

1
hosts/odroid8/default.nix
View File

@@ -10,6 +10,7 @@
../../modules/odroid-m1-setleds.nix ../../modules/odroid-m1-setleds.nix
../../modules/odroid-m1.nix ../../modules/odroid-m1.nix
../../modules/cifs.nix ../../modules/cifs.nix
../../modules/keepalived.nix
]; ];
nixpkgs.hostPlatform.system = "aarch64-linux"; nixpkgs.hostPlatform.system = "aarch64-linux";

6
hosts/opti1/default.nix
View File

@@ -7,11 +7,13 @@
}: { }: {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
# ../../modules/keepalived.nix
]; ];
nixpkgs.hostPlatform.system = "x86_64-linux"; nixpkgs.hostPlatform.system = "x86_64-linux";
networking.hostName = "opti1"; networking.hostName = "opti1";
# custom._Networkinterface = "enp0s31f6";
# custom.VIP_Priority = 100;
networking.interfaces.end0.ipv4.addresses = [ networking.interfaces.end0.ipv4.addresses = [
{ {
address = "192.168.4.36"; address = "192.168.4.36";
@@ -19,6 +21,8 @@
} }
]; ];
networking.defaultGateway = "192.168.4.1"; networking.defaultGateway = "192.168.4.1";
networking.nameservers = ["192.168.4.1" "8.8.8.8"]; networking.nameservers = ["192.168.4.1" "8.8.8.8"];
# Bootloader. # Bootloader.

8
hosts/opti1/hardware-configuration.nix
View File

@@ -12,7 +12,11 @@
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
boot.kernelParams = [ "net.ifnames=0" "biosdevname=1" ];
systemd.network.links."10-custom-ethernet" = {
matchConfig.MACAddress = "d8:9e:f3:83:df:d6";
linkConfig.Name = "end0";
};
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-uuid/7245da7d-e72b-403a-8b72-e99cdd8c02fa"; { device = "/dev/disk/by-uuid/7245da7d-e72b-403a-8b72-e99cdd8c02fa";
fsType = "ext4"; fsType = "ext4";
@@ -27,7 +31,7 @@
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp0s20f0u3.useDHCP = lib.mkDefault true; # networking.interfaces.wlp0s20f0u3.useDHCP = lib.mkDefault true;
# networking.usePredictableInterfaceNames = true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

2
justfile
View File

@@ -8,7 +8,7 @@ deploy-dry NODE:
nixos-rebuild --flake .#{{NODE}} --fast --target-host root@{{NODE}}.node.dc1.consul --build-host root@{{NODE}}.node.dc1.consul dry-activate nixos-rebuild --flake .#{{NODE}} --fast --target-host root@{{NODE}}.node.dc1.consul --build-host root@{{NODE}}.node.dc1.consul dry-activate
deploy-all: deploy-all:
just deploy odroid5 just deploy opti1
just deploy odroid6 just deploy odroid6
just deploy odroid7 just deploy odroid7
just deploy odroid8 just deploy odroid8

15
modules/common.nix
View File

@@ -10,7 +10,6 @@
# ./mnt-clusterstore.nix # ./mnt-clusterstore.nix
./nomad.nix ./nomad.nix
./consul.nix ./consul.nix
./cifs.nix
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
]; ];
@@ -21,6 +20,20 @@
description = "Path to the Secrets storage"; description = "Path to the Secrets storage";
}; };
options.custom._Networkinterface = lib.mkOption {
type = lib.types.str;
default = "end0";
description = "Network interface name to bind to.";
example = "enp3s0";
};
options.custom.VIP_Priority = lib.mkOption {
type = lib.types.int;
default = 50;
description = "Keep alived prority for voting";
};
config = { config = {
system.stateVersion = "23.11"; # Did you read the comment? system.stateVersion = "23.11"; # Did you read the comment?
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;

24
modules/consul.nix
View File

@@ -6,6 +6,8 @@
... ...
}: let }: let
secretstore = config._secretstore; secretstore = config._secretstore;
NetworkInterface = config.custom._Networkinterface;
# oldpkgs = import (builtins.fetchGit { # oldpkgs = import (builtins.fetchGit {
# # Descriptive name to make the store path easier to identify # # Descriptive name to make the store path easier to identify
# name = "git_consul_1_9"; # name = "git_consul_1_9";
@@ -25,6 +27,9 @@ in {
format = "binary"; format = "binary";
owner = "consul"; owner = "consul";
group = "consul"; group = "consul";
}; };
networking.firewall = { networking.firewall = {
@@ -37,7 +42,7 @@ in {
enable = true; enable = true;
webUi = true; webUi = true;
# consulAddr = "0.0.0.0:8500"; # consulAddr = "0.0.0.0:8500";
interface.bind = "end0"; interface.bind = "${NetworkInterface}";
extraConfigFiles = [config.sops.secrets."consul_encrypt.json".path]; extraConfigFiles = [config.sops.secrets."consul_encrypt.json".path];
extraConfig = { extraConfig = {
bootstrap = false; bootstrap = false;
@@ -54,18 +59,19 @@ in {
raft_multiplier = 7; raft_multiplier = 7;
}; };
recursors = [ recursors = [
"192.168.1.1" "192.168.4.1"
"8.8.8.8" "8.8.8.8"
]; ];
retry_join = [ retry_join = [
"192.168.1.221" "192.168.4.221"
"192.168.1.222" "192.168.4.222"
"192.168.1.225" "192.168.4.225"
"192.168.1.226" "192.168.4.226"
"192.168.1.227" "192.168.4.227"
"192.168.1.223" "192.168.4.223"
"192.168.1.224" "192.168.4.224"
"192.168.4.36"
]; ];
}; };
}; };

22
modules/keepalived.nix Normal file
View File

@@ -0,0 +1,22 @@
{ config, pkgs, lib, ... }:
with lib; let
NetworkInterface = config.custom._Networkinterface;
VIP_Priority = config.custom.VIP_Priority;
in {
services.keepalived = {
enable = true;
openFirewall = true;
vrrpInstances.VIP_250 = {
interface = "${NetworkInterface}";
virtualRouterId = 51;
priority = VIP_Priority;
unicastPeers = ["192.168.4.226" "192.168.4.227" "192.168.4.228" "192.168.4.36"];
virtualIps = [{addr = "192.168.4.250/22";}];
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ]; # optional
}