oceanbox/platform
6
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat: enable console on ttyS0 for IPMI SOL

Browse Source
This commit is contained in:
Administrator
2025-11-11 10:47:55 +01:00
parent 0f7f991cad
commit 0a3180fd2c
3 changed files with 439 additions and 402 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
ekman/c0/default.nix
View File

@@ -92,18 +92,7 @@ let
Destination = "10.255.242.0/24";
Gateway = "10.255.241.100";
}
]
++ (
if host.idx > 100 && host.idx < 118 then
[
{
Destination = "10.255.244.0/24";
Gateway = "10.255.241.99";
}
]
else
[ ]
);
];
};
"45-ibp1s0" = {
matchConfig.Name = "ibp1s0";
@@ -124,6 +113,16 @@ let
);
};
boot.kernelParams = [
"console=tty0"
"console=ttyS0,115200"
];
systemd.services."serial-getty@ttyS0" = {
enable = true;
wantedBy = [ "getty.target" ];
serviceConfig.Restart = "always";
};
imports = [
hw
../default.nix

244
ekman/fs-work/default.nix
View File

@@ -1,12 +1,20 @@
{ pkgs ? import <nixpkgs> {} }:
{
pkgs ? import <nixpkgs> { },
}:
let
name = "fs-work";
address = "10.255.241.90";
etcdCluster = import ../etcdCluster.nix;
in {
fs-work = { config, pkgs, ... }:
with pkgs; {
deployment.tags = [ "fs" "fs-backup" ];
in
{
fs-work =
{ config, pkgs, ... }:
with pkgs;
{
deployment.tags = [
"fs"
"fs-backup"
];
deployment.targetHost = address;
system.autoUpgrade.enable = lib.mkForce false;
@@ -17,56 +25,56 @@ in {
hybrid-sleep.enable = false;
};
# services.udev.extraRules = ''
# KERNEL=="ibp65s0", SUBSYSTEM=="net", ATTR{create_child}:="0x7666"
# '';
environment.systemPackages = with pkgs; [
# services.udev.extraRules = ''
# KERNEL=="ibp65s0", SUBSYSTEM=="net", ATTR{create_child}:="0x7666"
# '';
environment.systemPackages = with pkgs; [
rdma-core
hwloc
xfsprogs
];
];
cluster = {
k8sNode = true;
slurm = false;
mounts = {
rdma.enable = true;
automount.enable = true;
users = true;
opt = true;
work = false;
data = true;
ceph = true;
backup = false;
};
};
features = {
host = {
inherit address;
inherit name;
cluster = {
k8sNode = true;
slurm = false;
mounts = {
rdma.enable = true;
automount.enable = true;
users = true;
opt = true;
work = false;
data = true;
ceph = true;
backup = false;
};
};
os = {
networkmanager.enable = false;
externalInterface = "enp33s0f3np3";
nfs.enable = true;
nfs.exports = ''
/exports 10.255.241.0/24(insecure,rw,async,no_subtree_check,crossmnt,fsid=0,no_root_squash)
/exports 10.255.243.0/24(insecure,rw,async,no_subtree_check,crossmnt,fsid=0,no_root_squash)
/exports 10.255.244.0/24(insecure,rw,async,no_subtree_check,crossmnt,fsid=0,no_root_squash)
'';
};
features = {
host = {
inherit address;
inherit name;
};
k8s = {
os = {
networkmanager.enable = false;
externalInterface = "enp33s0f3np3";
nfs.enable = true;
nfs.exports = ''
/exports 10.255.241.0/24(insecure,rw,async,no_subtree_check,crossmnt,fsid=0,no_root_squash)
/exports 10.255.243.0/24(insecure,rw,async,no_subtree_check,crossmnt,fsid=0,no_root_squash)
/exports 10.255.244.0/24(insecure,rw,async,no_subtree_check,crossmnt,fsid=0,no_root_squash)
'';
};
k8s = {
enable = true;
node.enable = true;
master.enable = false;
inherit etcdCluster;
};
};
};
systemd.services.rc-local = {
systemd.services.rc-local = {
description = "rc.local script";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
@@ -75,92 +83,104 @@ in {
Type = "oneshot";
};
script = ''
# if [ -e /sys/block/md126 ]; then
# echo "deadline" > /sys/block/md126/queue/scheduler
# # echo "4096" > /sys/block/md126/queue/nr_requests
# echo "4096" > /sys/block/md126/queue/read_ahead_kb
# echo "always" > /sys/kernel/mm/transparent_hugepage/enabled
# echo "always" > /sys/kernel/mm/transparent_hugepage/defrag
# fi
grep -q rdma /proc/fs/nfsd/portlist || echo "rdma 20049" > /proc/fs/nfsd/portlist
grep -q tcp /proc/fs/nfsd/portlist || echo "tcp 2049" > /proc/fs/nfsd/portlist
# if [ -e /sys/block/md126 ]; then
# echo "deadline" > /sys/block/md126/queue/scheduler
# # echo "4096" > /sys/block/md126/queue/nr_requests
# echo "4096" > /sys/block/md126/queue/read_ahead_kb
# echo "always" > /sys/kernel/mm/transparent_hugepage/enabled
# echo "always" > /sys/kernel/mm/transparent_hugepage/defrag
# fi
grep -q rdma /proc/fs/nfsd/portlist || echo "rdma 20049" > /proc/fs/nfsd/portlist
grep -q tcp /proc/fs/nfsd/portlist || echo "tcp 2049" > /proc/fs/nfsd/portlist
'';
};
};
boot.kernel.sysctl = {
boot.kernel.sysctl = {
"vm.dirty_background_ratio" = 5;
"vm.dirty_ratio" = 10;
"vm.vfs_cache_pressure" = 50;
"vm.min_free_kbytes" = 262144;
};
networking = {
useNetworkd = true;
useDHCP = false;
hostName = name;
firewall = {
allowedTCPPorts = [];
allowedUDPPorts = [];
extraCommands = ''
# iptables -t nat -A POSTROUTING -s 10.255.243.0/24 -j MASQUERADE
'';
};
};
systemd.network = {
networks."40-enp65s0f0np0" = {
DHCP = "no";
matchConfig.Name = "enp65s0f0np0";
address = [ "${address}/24" ];
networkConfig = { DNSDefaultRoute = true; };
routes = [
{ Gateway = "10.255.241.1"; }
{
Destination = "10.255.242.0/24";
Gateway = "10.255.241.100";
}
{
Destination = "172.16.239.0/24";
Gateway = "10.255.241.99";
}
];
networking = {
useNetworkd = true;
useDHCP = false;
hostName = name;
firewall = {
allowedTCPPorts = [ ];
allowedUDPPorts = [ ];
extraCommands = ''
# iptables -t nat -A POSTROUTING -s 10.255.243.0/24 -j MASQUERADE
'';
};
};
networks."40-enp1s0f1np1" = {
DHCP = "no";
matchConfig.Name = "enp1s0f1np1";
address = [ "10.255.244.90/24" ];
systemd.network = {
networks."40-enp65s0f0np0" = {
DHCP = "no";
matchConfig.Name = "enp65s0f0np0";
address = [ "${address}/24" ];
networkConfig = {
DNSDefaultRoute = true;
};
routes = [
{ Gateway = "10.255.241.1"; }
{
Destination = "10.255.242.0/24";
Gateway = "10.255.241.100";
}
{
Destination = "172.16.239.0/24";
Gateway = "10.255.241.99";
}
];
};
networks."40-enp1s0f1np1" = {
DHCP = "no";
matchConfig.Name = "enp1s0f1np1";
address = [ "10.255.244.90/24" ];
};
networks."42-ibp1s0f0" = {
DHCP = "no";
matchConfig.Name = "ibp1s0f0 ";
address = [ "10.255.243.90/24" ];
};
};
networks."42-ibp1s0f0" = {
DHCP = "no";
matchConfig.Name = "ibp1s0f0 ";
address = [ "10.255.243.90/24" ];
services.rpcbind.enable = true;
fileSystems = {
"/exports/work" = {
device = "/work";
options = [ "bind" ];
};
"/exports/opt" = {
device = "/opt";
options = [ "bind" ];
};
};
};
services.rpcbind.enable = true;
programs.singularity.enable = true;
fileSystems = {
"/exports/work" = {
device = "/work";
options = [ "bind" ];
security.sudo.extraConfig = ''
%sif ALL=(ALL) NOPASSWD: /run/current-system/sw/bin/singularity
%admin ALL=(admin) NOPASSWD: ALL
'';
boot.kernelParams = [
"console=tty0"
"console=ttyS0,115200"
];
systemd.services."serial-getty@ttyS0" = {
enable = true;
wantedBy = [ "getty.target" ];
serviceConfig.Restart = "always";
};
"/exports/opt" = {
device = "/opt";
options = [ "bind" ];
};
};
programs.singularity.enable = true;
security.sudo.extraConfig = ''
%sif ALL=(ALL) NOPASSWD: /run/current-system/sw/bin/singularity
%admin ALL=(admin) NOPASSWD: ALL
'';
imports = [
imports = [
./hardware-configuration.nix
../default.nix
../mounts.nix
];
};
];
};
}

574
ekman/login/default.nix
View File

@@ -1,319 +1,337 @@
{ pkgs ? import <nixpkgs> {} }:
{
pkgs ? import <nixpkgs> { },
}:
let
name = "ekman";
address = "10.255.241.100";
in
{
ekman-login = { config, pkgs, ... }: with pkgs; {
deployment.tags = [ "login" "cluster" ];
deployment.targetHost = address;
system.autoUpgrade.enable = lib.mkForce false;
ekman-login =
{ config, pkgs, ... }:
with pkgs;
{
deployment.tags = [
"login"
"cluster"
];
deployment.targetHost = address;
system.autoUpgrade.enable = lib.mkForce false;
systemd.targets = {
sleep.enable = false;
suspend.enable = false;
hibernate.enable = false;
hybrid-sleep.enable = false;
};
cluster = {
compute = true;
k8sNode = true;
mounts = {
rdma.enable = true;
automount.enable = true;
users = false;
opt = false;
work = true;
data = true;
ceph = true;
backup = false;
};
};
features = {
host = {
inherit name;
inherit address;
systemd.targets = {
sleep.enable = false;
suspend.enable = false;
hibernate.enable = false;
hybrid-sleep.enable = false;
};
myvnc.enable = false;
cluster = {
compute = true;
k8sNode = true;
mounts = {
rdma.enable = true;
automount.enable = true;
users = false;
opt = false;
work = true;
data = true;
ceph = true;
backup = false;
};
};
os = {
networkmanager.enable = false;
externalInterface = "enp33s0f0np0";
nfs.enable = true;
nfs.exports = ''
/exports 10.255.241.0/24(insecure,rw,sync,no_subtree_check,crossmnt,fsid=0,no_root_squash)
/exports 10.255.243.0/24(insecure,rw,sync,no_subtree_check,crossmnt,fsid=0,no_root_squash)
features = {
host = {
inherit name;
inherit address;
};
myvnc.enable = false;
os = {
networkmanager.enable = false;
externalInterface = "enp33s0f0np0";
nfs.enable = true;
nfs.exports = ''
/exports 10.255.241.0/24(insecure,rw,sync,no_subtree_check,crossmnt,fsid=0,no_root_squash)
/exports 10.255.243.0/24(insecure,rw,sync,no_subtree_check,crossmnt,fsid=0,no_root_squash)
'';
};
hpc = {
slurm.server = false;
slurm.slurmrestd = false;
manageNode = false;
loginNode = true;
knem = false;
};
k8s = {
master.enable = false;
node.enable = true;
};
desktop.enable = false;
# server.enable = true;
monitoring = {
# server = {
# enable = false;
# scrapeHosts = [ "frontend" "nfs0" "nfs1" ] ++ (builtins.map (x: x.name) computeNodes);
# defaultAlertReceiver = {
# email_configs = [
# { to = "jonas.juselius@oceanbox.io"; }
# ];
# };
# pageAlertReceiver = {
# webhook_configs = [
# {
# url = "https://prometheus-msteams.k2.itpartner.no/ekman";
# http_config = {
# tls_config = { insecure_skip_verify = true; };
# };
# }
# ];
# };
# };
# webUI.enable = false;
# webUI.acmeEmail = "innovasjon@itpartner.no";
# webUI.allow = [
# "10.1.2.0/24"
# "172.19.254.0/24"
# "172.19.255.0/24"
# ];
};
};
# services.udev.extraRules = ''
# KERNEL=="ibp65s0", SUBSYSTEM=="net", ATTR{create_child}:="0x7666"
# '';
# boot.kernelPackages = pkgs.linuxKernel.packages.linux_6_6;
services.flannel.iface = "enp33s0f3np3";
networking = {
useNetworkd = true;
useDHCP = false;
hostName = name;
firewall = {
allowedTCPPorts = [ 6443 ];
extraCommands = ''
# needed for nodeport access on k1 and k2
# iptables -t nat -A POSTROUTING -s 10.255.241.0/24 ! -d 10.255.0.0/16 -j SNAT --to-source 10.255.242.2
iptables -t nat -A POSTROUTING -s 10.255.243.0/24 -j MASQUERADE
'';
};
};
systemd.network = {
networks = {
"40-enp33s0f0np0" = {
DHCP = "no";
matchConfig.Name = "enp33s0f0np0";
address = [ "10.255.242.2/24" ];
routes = [
{ Gateway = "10.255.242.1"; }
];
};
"40-enp33s0f3np3" = {
DHCP = "no";
matchConfig.Name = "enp33s0f3np3";
address = [ "${address}/24" ];
networkConfig = {
DNSDefaultRoute = true;
};
routes = [
{
Destination = "172.16.239.0/24";
Gateway = "10.255.241.210";
}
];
};
"41-enp65s0f1np1" = {
DHCP = "no";
matchConfig.Name = "enp65s0f1np1";
address = [ "10.255.244.100/24" ];
};
"45-ibp65s0f0" = {
DHCP = "no";
matchConfig.Name = "ibp65s0f0";
address = [ "10.255.243.100/24" ];
};
};
};
services.resolved = {
# DNS=[::1]:53
extraConfig = ''
DNSStubListener=no
'';
};
hpc = {
slurm.server = false;
slurm.slurmrestd = false;
manageNode = false;
loginNode = true;
knem = false;
};
k8s = {
master.enable = false;
node.enable = true;
};
desktop.enable = false;
# server.enable = true;
monitoring = {
# server = {
# enable = false;
# scrapeHosts = [ "frontend" "nfs0" "nfs1" ] ++ (builtins.map (x: x.name) computeNodes);
# defaultAlertReceiver = {
# email_configs = [
# { to = "jonas.juselius@oceanbox.io"; }
# ];
# };
# pageAlertReceiver = {
# webhook_configs = [
# {
# url = "https://prometheus-msteams.k2.itpartner.no/ekman";
# http_config = {
# tls_config = { insecure_skip_verify = true; };
# };
# }
# ];
# };
# };
# webUI.enable = false;
# webUI.acmeEmail = "innovasjon@itpartner.no";
# webUI.allow = [
# "10.1.2.0/24"
# "172.19.254.0/24"
# "172.19.255.0/24"
# ];
};
};
# services.udev.extraRules = ''
# KERNEL=="ibp65s0", SUBSYSTEM=="net", ATTR{create_child}:="0x7666"
# '';
# boot.kernelPackages = pkgs.linuxKernel.packages.linux_6_6;
services.flannel.iface = "enp33s0f3np3";
networking = {
useNetworkd = true;
useDHCP = false;
hostName = name;
firewall = {
allowedTCPPorts = [ 6443 ];
extraCommands = ''
# needed for nodeport access on k1 and k2
# iptables -t nat -A POSTROUTING -s 10.255.241.0/24 ! -d 10.255.0.0/16 -j SNAT --to-source 10.255.242.2
iptables -t nat -A POSTROUTING -s 10.255.243.0/24 -j MASQUERADE
'';
};
};
systemd.network = {
networks = {
"40-enp33s0f0np0" = {
DHCP = "no";
matchConfig.Name = "enp33s0f0np0";
address = [ "10.255.242.2/24" ];
routes = [
{ Gateway = "10.255.242.1"; }
];
fileSystems = {
"/exports/users" = {
device = "/home";
options = [ "bind" ];
};
"40-enp33s0f3np3" = {
DHCP = "no";
matchConfig.Name = "enp33s0f3np3";
address = [ "${address}/24" ];
networkConfig = { DNSDefaultRoute = true; };
routes = [
{
Destination = "172.16.239.0/24";
Gateway = "10.255.241.210";
}
];
"/exports/opt/bin" = {
device = "/opt/bin";
options = [ "bind" ];
};
"41-enp65s0f1np1" = {
DHCP = "no";
matchConfig.Name = "enp65s0f1np1";
address = [ "10.255.244.100/24" ];
"/exports/opt/sif" = {
device = "/opt/sif";
options = [ "bind" ];
};
"45-ibp65s0f0" = {
DHCP = "no";
matchConfig.Name = "ibp65s0f0";
address = [ "10.255.243.100/24" ];
"/exports/nfs-provisioner" = {
device = "/vol/nfs-provisioner";
options = [ "bind" ];
};
"/users" = {
device = "/home";
options = [ "bind" ];
};
"/vol/local-storage/vol1" = {
device = "/vol/vol1";
options = [ "bind" ];
};
"/vol/local-storage/vol2" = {
device = "/vol/vol2";
options = [ "bind" ];
};
};
};
services.resolved = {
# DNS=[::1]:53
extraConfig = ''
DNSStubListener=no
nix.extraOptions = ''
secret-key-files = /etc/nix/ekman.key
'';
};
fileSystems = {
"/exports/users" = {
device = "/home";
options = [ "bind" ];
};
"/exports/opt/bin" = {
device = "/opt/bin";
options = [ "bind" ];
};
"/exports/opt/sif" = {
device = "/opt/sif";
options = [ "bind" ];
};
"/exports/nfs-provisioner" = {
device = "/vol/nfs-provisioner";
options = [ "bind" ];
};
"/users" = {
device = "/home";
options = [ "bind" ];
};
"/vol/local-storage/vol1" = {
device = "/vol/vol1";
options = [ "bind" ];
};
"/vol/local-storage/vol2" = {
device = "/vol/vol2";
options = [ "bind" ];
};
};
# services.xserver = {
# enable = false;
# enableCtrlAltBackspace = true;
# layout = "us";
# xkbVariant = "altgr-intl";
# xkbOptions = "eurosign:e";
# displayManager = {
# gdm.enable = false;
# job.logToFile = true;
# };
# # desktopManager.xfce.enable = true;
# };
nix.extraOptions = ''
secret-key-files = /etc/nix/ekman.key
'';
# services.xserver = {
# enable = false;
# enableCtrlAltBackspace = true;
# layout = "us";
# xkbVariant = "altgr-intl";
# xkbOptions = "eurosign:e";
# displayManager = {
# gdm.enable = false;
# job.logToFile = true;
# };
# # desktopManager.xfce.enable = true;
# };
services.prometheus.alertmanager.configuration.global = {
services.prometheus.alertmanager.configuration.global = {
smtp_smarthost = "smtpgw.itpartner.no";
# smtp_auth_username = "utvikling";
# smtp_auth_password = "S0m3rp0m@de#21!";
smtp_hello = "ekman.oceanbox.io";
smtp_from = "noreply@ekman.oceanbox.io";
};
};
# services.nginx = {
# virtualHosts = {
# "ds.matnoc.regnekraft.io" = {
# forceSSL = true;
# enableACME = true;
# serverAliases = [];
# locations."/" = {
# proxyPass = "http://localhost:9088";
# proxyWebsockets = false;
# extraConfig = ''
# allow 10.1.2.0/24;
# allow 172.19.254.0/24;
# allow 172.19.255.0/24;
# deny all;
# '';
# };
# };
# };
# };
# services.nginx = {
# virtualHosts = {
# "ds.matnoc.regnekraft.io" = {
# forceSSL = true;
# enableACME = true;
# serverAliases = [];
# locations."/" = {
# proxyPass = "http://localhost:9088";
# proxyWebsockets = false;
# extraConfig = ''
# allow 10.1.2.0/24;
# allow 172.19.254.0/24;
# allow 172.19.255.0/24;
# deny all;
# '';
# };
# };
# };
# };
# services.gitlab-runner = {
# enable = true;
# extraPackages = with pkgs; [
# singularity
# ];
# concurrent = 4;
# services = {
# sif = {
# registrationConfigFile = "/var/lib/secrets/gitlab-runner-registration";
# executor = "shell";
# tagList = [ "ekman" "sif" ];
# };
# };
# };
# services.gitlab-runner = {
# enable = true;
# extraPackages = with pkgs; [
# singularity
# ];
# concurrent = 4;
# services = {
# sif = {
# registrationConfigFile = "/var/lib/secrets/gitlab-runner-registration";
# executor = "shell";
# tagList = [ "ekman" "sif" ];
# };
# };
# };
security.sudo.extraConfig = ''
%sif ALL=(ALL) NOPASSWD: /run/current-system/sw/bin/singularity
%admin ALL=(admin) NOPASSWD: ALL
# gitlab-runner ALL=(ALL) NOPASSWD: /run/current-system/sw/bin/singularity
'';
security.sudo.extraConfig = ''
%sif ALL=(ALL) NOPASSWD: /run/current-system/sw/bin/singularity
%admin ALL=(admin) NOPASSWD: ALL
# gitlab-runner ALL=(ALL) NOPASSWD: /run/current-system/sw/bin/singularity
'';
security.pam = {
services.sshd.googleAuthenticator.enable = true;
loginLimits = [
{
domain = "@users";
item = "rss";
type = "hard";
value = 16000000;
}
{
domain = "@users";
item = "cpu";
type = "hard";
value = 180;
}
];
};
security.pam = {
services.sshd.googleAuthenticator.enable = true;
loginLimits = [
{
domain = "@users";
item = "rss";
type = "hard";
value = 16000000;
}
{
domain = "@users";
item = "cpu";
type = "hard";
value = 180;
}
];
};
system.activationScripts = {
system.activationScripts = {
home-permissions.text = ''
chmod 755 /home/olean
chmod 755 /home/frankgaa
chmod 755 /home/jonas
chmod 755 /home/mrtz
chmod 755 /home/avle
chmod 755 /home/stig
chmod 755 /home/bast
chmod 755 /home/simenlk
chmod 755 /work/kraken
chmod 755 /home/olean
chmod 755 /home/frankgaa
chmod 755 /home/jonas
chmod 755 /home/mrtz
chmod 755 /home/avle
chmod 755 /home/stig
chmod 755 /home/bast
chmod 755 /home/simenlk
chmod 755 /work/kraken
'';
};
};
# ssh-rsa is deprecated, but putty/winscp users use it
services.openssh.extraConfig = ''
# pubkeyacceptedalgorithms ssh-rsa,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256
PubkeyAuthOptions verify-required
'';
# ssh-rsa is deprecated, but putty/winscp users use it
services.openssh.extraConfig = ''
# pubkeyacceptedalgorithms ssh-rsa,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256
PubkeyAuthOptions verify-required
'';
environment.systemPackages = [ ];
environment.systemPackages = [];
virtualisation.docker.enable = pkgs.lib.mkForce true;
virtualisation.docker.enable = pkgs.lib.mkForce true;
services.tailscale = {
enable = true;
authKeyFile = "/var/lib/secrets/tailscale.key";
useRoutingFeatures = "client";
extraUpFlags = [
"--login-server=https://headscale.svc.oceanbox.io"
"--accept-dns=true"
"--advertise-tags=tag:hpc"
];
};
services.tailscale = {
enable = true;
authKeyFile = "/var/lib/secrets/tailscale.key";
useRoutingFeatures = "client";
extraUpFlags = [
"--login-server=https://headscale.svc.oceanbox.io"
"--accept-dns=true"
"--advertise-tags=tag:hpc"
boot.kernelParams = [
"console=tty0"
"console=ttyS0,115200"
];
systemd.services."serial-getty@ttyS0" = {
enable = true;
wantedBy = [ "getty.target" ];
serviceConfig.Restart = "always";
};
imports = [
./hardware-configuration.nix
../default.nix
../mounts.nix
../myvnc.nix
];
};
imports = [
./hardware-configuration.nix
../default.nix
../mounts.nix
../myvnc.nix
];
};
}