WIP: Restructuring to new scheme

clusters/fs0/build.nix

@@ -0,0 +1,2 @@
+with import <nixpkgs> {};
+pkgs.callPackage ./certs.nix {}

clusters/fs0/certs.nix

@@ -0,0 +1,11 @@
+{ pkgs, ...}:
+let
+  pki = pkgs.callPackage ../lib/pki.nix {};
+in
+{
+    initca = pki.initca;
+    ca = pki.ca;
+    fs0-0 = pki.trust "fs0-0" ''"10.253.18.106", "127.0.0.1"'';
+    fs0-1 = pki.trust "fs0-1" ''"10.1.2.164", "127.0.0.1"'';
+}
+

clusters/fs0/deployment.nix

@@ -0,0 +1,68 @@
+with import <nixpkgs> {};
+let
+  pki = pkgs.callPackage ../lib/pki.nix {};
+  certs = pkgs.callPackage ./certs.nix {};
+  clusterHosts = ''
+    10.253.18.106 fs0-0 fs0-0.local
+    10.1.2.164    fs0-1 fs0-1.local
+    10.253.18.100 fs0-2 fs0-2.local
+  '';
+
+  nixosConfig = node:
+    let
+      cert = pki.toSet certs.${node};
+    in
+    {
+      imports = [
+        (../nixos/hardware-configuration + "/${node}.nix")
+        ../nixos/configuration.nix
+      ];
+      boot.kernelModules = [
+        "dm_snapshot"
+        "dm_mirror"
+        "dm_thin_pool"
+      ];
+      networking = {
+        hostName = node;
+        extraHosts = clusterHosts;
+        firewall.allowedTCPPortRanges = [ { from = 5000; to = 50000; } ];
+        firewall.allowedTCPPorts = [ 111 ];
+        firewall.allowedUDPPorts = [ 111 24007 24008 ];
+      };
+      services.glusterfs = {
+        enable = true;
+        tlsSettings = {
+          caCert = pki.ca.cert;
+          tlsKeyPath = cert.key;
+          tlsPem = cert.cert;
+        };
+      };
+      environment.systemPackages = [ pkgs.lvm2 ];
+    };
+in
+{
+  fs0-0 = { ... }:
+    let
+      base = nixosConfig "fs0-0";
+    in
+    {
+      deployment.targetHost = "10.253.18.106";
+      require = [ base ];
+      services.nfs.server = {
+        enable=true;
+        exports= ''
+          /vol/brick0/nfs0 10.253.18.0/24(insecure,rw,sync,no_subtree_check,crossmnt,fsid=0,no_root_squash)
+        '';
+      };
+      networking.firewall.allowedTCPPorts = [ 111 2049 ];
+      networking.firewall.allowedUDPPorts = [ 111 2049 ];
+    };
+  fs0-1 = { ... }:
+    let
+      base = nixosConfig "fs0-1";
+    in
+    {
+      deployment.targetHost = "10.1.2.164";
+      require = [ base ];
+    };
+}

clusters/fs0/fs0-0.nix

@@ -0,0 +1,29 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [ ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "mptspi" "floppy" "sd_mod" "sr_mod" ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/6b3d4c49-9719-49b3-8210-d53374cd0eff";
+      fsType = "ext4";
+    };
+  fileSystems."/var/log" =
+    { device = "/dev/disk/by-uuid/c1e78683-4fde-4029-a9f3-7631df649b2f";
+      fsType = "ext4";
+    };
+  fileSystems."/vol/brick0" =
+    { device = "/dev/gfs_vg/brick0";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+
+  nix.maxJobs = lib.mkDefault 1;
+}

clusters/fs0/fs0-1.nix

@@ -0,0 +1,30 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [ ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "mptspi" "floppy" "sd_mod" "sr_mod" ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/e8820516-9c21-46f4-9dde-a7a77bf67bbd";
+      fsType = "ext4";
+    };
+  fileSystems."/var/log" =
+    { device = "/dev/disk/by-uuid/c130b88c-0699-4836-b967-47bdee0a5453";
+      fsType = "ext4";
+    };
+  fileSystems."/vol/brick0" =
+    { device = "/dev/gfs_vg/brick0";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+
+  nix.maxJobs = lib.mkDefault 1;
+}
+