oceanbox/platform
6
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Add fileserver.

Browse Source
This commit is contained in:
Jonas Juselius
2018-05-23 13:47:02 +02:00
parent 618fc7cc99
commit 17e4e740ea
3 changed files with 33 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
fs0.nix
View File

@@ -1,49 +1,48 @@
with import <nixpkgs> {}; with import <nixpkgs> {};
let let
pki = pkgs.callPackage ./lib/pki.nix {}; pki = pkgs.callPackage ./lib/pki.nix {};
certs = {
ca = pki.ca;
fs0 = pki.trust "fs0" ''
"fs0-0",
"fs0-1",
"fs0-2",
"10.253.18.106",
"10.1.2.164",
"10.253.18.100",
"127.0.0.1"
'';
};
clusterHosts = '' clusterHosts = ''
10.253.18.106 fs0-0 10.253.18.106 fs0-0 fs0-0.local
10.1.2.164 fs0-1 10.1.2.164 fs0-1 fs0-1.local
10.253.18.100 fs0-2 10.253.18.100 fs0-2 fs0-2.local
''; '';
nixosConfig = node: { nixosConfig = node: ip:
imports = [ (./hardware-configuration + "/${node}.nix") ./nixos/configuration.nix ]; let
cert = pki.trust node ''"${node}", "${ip}", "127.0.0.1"'';
in
{
imports = [
(./nixos/hardware-configuration + "/${node}.nix")
./nixos/configuration.nix
];
boot.kernelModules = [
"dm_snapshot"
"dm_mirror"
"dm_thin_pool"
];
networking = { networking = {
hostName = node; hostName = node;
extraHosts = clusterHosts; extraHosts = clusterHosts;
firewall.allowedTCPPortRanges = [ { from = 5000; to = 50000; } ];
firewall.allowedTCPPorts = [ 111 ];
firewall.allowedUDPPorts = [ 111 24007 24008 ];
}; };
services.glusterfs = { services.glusterfs = {
enable = true; enable = true;
tlsSettings = { tlsSettings = {
caCert = certs.ca.cert; caCert = pki.ca.cert;
tlsKeyPath = certs.fs0.key; tlsKeyPath = cert.key;
tlsPem = certs.fs0.cert; tlsPem = cert.cert;
}; };
}; };
networking.firewall.extraCommands = '' environment.systemPackages = [ pkgs.lvm2 ];
iptables -I INPUT -p all -s 10.253.18.100 -j ACCEPT
iptables -I INPUT -p all -s 10.253.18.106 -j ACCEPT
iptables -I INPUT -p all -s 10.1.2.164 -j ACCEPT
'';
}; };
in in
{ {
fs0-0 = { ... }: fs0-0 = { ... }:
let let
base = nixosConfig "fs0-0"; base = nixosConfig "fs0-0" "10.253.18.106";
in in
{ {
deployment.targetHost = "10.253.18.106"; deployment.targetHost = "10.253.18.106";
@@ -51,7 +50,7 @@ in
services.nfs.server = { services.nfs.server = {
enable=true; enable=true;
exports= '' exports= ''
/data/nfs0 10.253.18.0/24(insecure,rw,sync,no_subtree_check,crossmnt,fsid=0,no_root_squash) /vol/brick0/nfs0 10.253.18.0/24(insecure,rw,sync,no_subtree_check,crossmnt,fsid=0,no_root_squash)
''; '';
}; };
networking.firewall.allowedTCPPorts = [ 111 2049 ]; networking.firewall.allowedTCPPorts = [ 111 2049 ];
@@ -59,7 +58,7 @@ in
}; };
fs0-1 = { ... }: fs0-1 = { ... }:
let let
base = nixosConfig "fs0-1"; base = nixosConfig "fs0-1" "10.1.2.164";
in in
{ {
deployment.targetHost = "10.1.2.164"; deployment.targetHost = "10.1.2.164";

4
nixos/hardware-configuration/fs0-0.nix
View File

@@ -18,8 +18,8 @@
{ device = "/dev/disk/by-uuid/c1e78683-4fde-4029-a9f3-7631df649b2f"; { device = "/dev/disk/by-uuid/c1e78683-4fde-4029-a9f3-7631df649b2f";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/data" = fileSystems."/vol/brick0" =
{ device = "/dev/sdb1"; { device = "/dev/gfs_vg/brick0";
fsType = "ext4"; fsType = "ext4";
}; };

4
nixos/hardware-configuration/fs0-1.nix
View File

@@ -18,6 +18,10 @@
{ device = "/dev/disk/by-uuid/c130b88c-0699-4836-b967-47bdee0a5453"; { device = "/dev/disk/by-uuid/c130b88c-0699-4836-b967-47bdee0a5453";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/vol/brick0" =
{ device = "/dev/gfs_vg/brick0";
fsType = "ext4";
};
swapDevices = [ ]; swapDevices = [ ];