oceanbox/platform
6
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

stub setup for new ekman cluster

Browse Source
This commit is contained in:
Jonas Juselius
2022-08-12 11:29:33 +02:00
parent 1932e0acf0
commit 4e30572bde
10 changed files with 904 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

269
clusters/ekman/cluster.nix Normal file
View File

@@ -0,0 +1,269 @@
{ pkgs, lib, config, ... }:
with lib;
let
cfg = config.features.host;
mkSANs = host: [
host.name
host.address
"127.0.0.1"
];
configuration = {
system.autoUpgrade.enable = lib.mkForce false;
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
kernelPackages = pkgs.linuxPackages_5_4;
kernelModules = [ "ib_umad" "ib_ipoib" ];
kernelParams = [
"console=ttyS0,115200"
"console=tty0"
];
};
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_CTYPE="en_DK.UTF-8";
LC_TIME="en_DK.UTF-8";
LC_PAPER="en_DK.UTF-8";
LC_NAME="en_DK.UTF-8";
LC_ADDRESS="en_DK.UTF-8";
LC_TELEPHONE="en_DK.UTF-8";
LC_MEASUREMENT="en_DK.UTF-8";
LC_IDENTIFICATION="en_DK.UTF-8";
};
};
time.timeZone = "Europe/Oslo";
features = {
os = {
# boot.uefi = true;
adminAuthorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCk5EKXxo/KLogjqSxSf/GkQdZ30UxB3wXc5k6Y6RRKQ/5iJ+XyYTbuqYOUp30p54apZzbayU2icahE/upr754lQicQwJtOXW/Iut57VRhSpq4P+mKCIdT58xCUkAZYr8Aja8UjHlYeJgFvp023K/fqmwbapu8R1gh4bzXm7uU1XeJoYfuOb+Cb8NGMn1ICrw2aztA0yVOXZ7tyJd2qyr1+6PuM/Ca2nKN4wLIX2vwyN3vZjR15nkIaHQGlTaJlNk2NEG1YTxsIQ9axDjNtyL80kjUr5M8zxW6s0h3451zr1b21EetP1i+1POIjS9uWXv5iabF+1Qb1GaS4FAYzzpqNY+moLzY7Zqfi05MPsMYkNoZ1Kg5aj0IuZb0OM9i6ZJrFs9nYAGG0uLSUTfrs957f9nokFyILGYg5xY46YN3uQrqfZifvcR0KaEdxEKvnfq0qrNG3uYLR/OYm2yblRcNbWgDoQ1hH7qa9uJM2JrPM07s4sJGkqfAib8Hwz9+l7jMrL6KIGUOA4aX0B1KZaIKKiZa42WlgdbeA17aW3laIqS5mZCkI3pLMYZAxe+A6rQi+V8ZAvDSyOL/Vws3lboXaN5QLu17R8uCY7MkIAvRBiZSpdWNeX3JO5m6zexkxkrFlxyEBf+ott4ATSw+eMYMs8i5xQRqPjgO1cABWkUdGpw== martin.moe.carstens@itpartner.no"
];
docker.enable = false;
mailRelay = {
enable = true;
adminEmail = "jonas.juselius@tromso.serit.no";
mailDomain = "itpartner.no";
mailGateway = "smtpgw.itpartner.no:465";
mailAuthUser = "utvikling";
};
};
cachix.enable = false;
monitoring.nodeExporter.enable = false;
pki = { ca = ./ca; };
hpc = {
enable = true;
slurm = {
client = true;
mungeKey = ./munge.key;
controlMachine = "ekman";
nodeName = [
"c0-1 Sockets=2 CoresPerSocket=64 ThreadsPerCore=1 RealMemory=256000 TmpDisk=500000 State=UNKNOWN"
"ekman Sockets=2 CoresPerSocket=64 ThreadsPerCore=1 RealMemory=256000 TmpDisk=500000 State=UNKNOWN"
];
partitionName = [
"batch Nodes=c0-1 Default=YES MaxTime=INFINITE State=UP"
"frontend Nodes=ekman MaxTime=1:00:00 State=UP"
];
};
beegfs = {
enable = false;
beegfs = {
bee0-0 = {
mgmtdHost = "bee0-0";
connAuthFile = "";
client = {
enable = true;
mountPoint = "/work";
};
};
};
};
};
k8s = {
enable = true;
node.enable = true;
clusterName = "ekman";
initca = ./ca;
cidr = "10.100.0.0/16";
master = {
name = "ekman";
address = "10.255.240.200";
extraSANs = [ "ekman.local" ];
};
ingressNodes = [
"ekman.local"
];
fileserver = "bee0-0";
charts = {
acme_email = "innovasjon@itpartner.no";
grafana_smtp_user = "utvikling";
grafana_smtp_password = "S0m3rp0m@de#21!";
};
};
};
services.kubernetes.kubelet.extraSANs = mkSANs {
name = cfg.name;
address = cfg.address;
};
networking = {
domain = mkDefault "oceanbox.io";
defaultGateway = mkDefault "10.1.61.1";
nameservers = mkDefault [ "8.8.8.8" ];
search = mkDefault [ "local" ];
extraHosts = import ./hosts.nix;
firewall.extraCommands = ''
iptables -I INPUT -s 10.255.240.0/24 -j ACCEPT
'';
};
environment.variables = {};
systemd.services."serial-getty@ttyS0".enable = true;
nix = {
maxJobs = 32;
trustedUsers = [ "@wheel" ];
# binaryCachePublicKeys = [
# "ekman-1:BCgUFnXc6wgpstwG0M09/Ccrrz45MxHpS62JSC9sxW5hWxMqBNNvU1otqs4pWUOyvdxLPKIk6P5WCJWp+AFJig=="
# ];
};
};
deployment = {
deployment.targetHost = cfg.address;
};
# i40efix = {
# boot = let kernelExtras = pkgs.callPackage ./kernel.nix {
# kernel = pkgs.linuxPackages_5_4.kernel;
# }; in {
# extraModulePackages = [ kernelExtras.i40e2 ];
# kernelModules = [ "ib_umad" "ib_ipoib" "i40e2" ];
# };
# };
i40efix = {
boot = {
extraModulePackages = [];
kernelModules = [ "ib_umad" "ib_ipoib" ];
};
};
shosts = {
environment.etc."ssh/shosts.equiv" = {
mode = "0644";
uid = 0;
gid = 0;
text = ''
10.255.240.200
10.255.240.201
'';
};
programs.ssh.knownHosts = {
ekman = {
hostNames = [
"ekman" "ekman.local" "ekman.oceanbox.io" "10.255.240.200"
];
publicKeyFile = ./pubkeys/ekman.pub;
};
c0-1 = { hostNames = [ "c0-1" "c0-1.local" "10.255.240.201" "10.255.241.201" ]; publicKeyFile = ./pubkeys/c0-1.pub; };
};
environment.systemPackages = [ openssh-shosts ];
security.wrappers = {
ssh-keysign = {
source = "${openssh-shosts}/libexec/ssh-keysign";
owner = "root";
group = "root";
permissions = "u+rs,g+rx,o+rx";
};
};
};
openssh-shosts = pkgs.openssh.overrideAttrs (attrs: {
buildFlags = [ "SSH_KEYSIGN=/run/wrappers/bin/ssh-keysign" ];
});
myvnc =
let
myvnc = pkgs.writeScriptBin "myvnc" ''
#!${pkgs.runtimeShell}
uid=`id -u`
port=$((9000+$uid))
shell=`getent passwd $(id -un) | awk -F : '{print $NF}'`
# vnc=${pkgs.tigervnc}/bin/vncserver
vnc=/nix/store/czp2b60dwk75widi8y287hr0xx1wgv2a-tigervnc-1.10.1/bin/vncserver
case $1 in
-p|--port) shift; port=$1 ;;
kill|stop)
display=$($vnc -list | sed -n 's/^\(:[0-9]\+\).*/\1/p'| head -1)
$vnc -kill $display
exit 0
;;
esac
ps ax | sed '/grep/d' | grep "Xvnc.*-rfbport $port" >/dev/null 2>&1
[ $? = 1 ] && $vnc -rfbport $port
echo "Xvnc server is running on port $port."
exec $shell -i
'';
buildCommand = ''
mkdir -p $out/bin
echo $src > $out/bin/myvnc
chmod 755 $out/bin/myvnc
'';
in {
environment.systemPackages = [ myvnc ];
};
in {
options.node = {
i40efix = mkEnableOption "Apply fix for i40e driver";
myvnc = mkEnableOption "Enable myvnc script";
};
config = mkMerge [
configuration
deployment
shosts
(mkIf config.node.i40efix i40efix)
(mkIf config.node.myvnc myvnc)
];
imports = [
../../modules
../../nixos
./users.nix
];
}

343
clusters/ekman/default.nix Normal file
View File

@@ -0,0 +1,343 @@
let
# Pin the deployment package-set to a specific version of nixpkgs
# pkgs = import (builtins.fetchTarball {
# url = "https://github.com/NixOS/nixpkgs/archive/e6377ff35544226392b49fa2cf05590f9f0c4b43.tar.gz";
# sha256 = "1fra9wwy5gvj5ibayqkzqpwdf715bggc0qbmrfch4fghwvl5m70l";
# }) {};
pkgs = import <nixpkgs> {};
etcdNodes = {
c0-0 = "10.255.240.200";
c0-1 = "10.255.240.201";
};
etcdCluster = {
enable = true;
existing = false;
nodes = etcdNodes;
};
nodes =
with builtins;
let nodes = genList (n: n + 1) 1; in
map (n: ({ name = "c0-${toString n}"; address = "10.255.240.20${toString n}"; })) nodes;
ekman = {
# deployment.tags = [ "frontend" ];
node.myvnc = true;
systemd.targets = {
sleep.enable = false;
suspend.enable = false;
hibernate.enable = false;
hybrid-sleep.enable = false;
};
features = {
host = {
address = "10.255.240.200";
name = "c0-0";
};
os = {
externalInterface = "eno1";
nfs.enable = true;
nfs.exports = ''
/exports 10.255.240.0/24(insecure,rw,sync,no_subtree_check,crossmnt,fsid=0,no_root_squash)
/exports 10.255.241.0/24(insecure,rw,sync,no_subtree_check,crossmnt,fsid=0,no_root_squash)
'';
};
hpc = {
slurm.server = true;
frontend = true;
};
k8s = {
master.enable = true;
node.enable = true;
inherit nodes;
inherit etcdCluster;
};
monitoring = {
server = {
enable = false;
scrapeHosts = [ "frontend" "bee0-0" ] ++ (builtins.map (x: x.name) nodes);
defaultAlertReceiver = {
email_configs = [
{ to = "jonas.juselius@oceanbox.io"; }
];
};
pageAlertReceiver = {
webhook_configs = [
{
url = "https://prometheus-msteams.k2.itpartner.no/ekman";
http_config = {
tls_config = { insecure_skip_verify = true; };
};
}
];
};
};
webUI.enable = false;
webUI.acmeEmail = "innovasjon@itpartner.no";
webUI.allow = [
"10.1.2.0/24"
"172.19.254.0/24"
"172.19.255.0/24"
];
infiniband-exporter = {
enable = true;
nameMap = ''
0x0c42a10300ddc4bc "frontend"
0x0c42a10300dbe7f4 "c0-1"
'';
};
slurm-exporter = {
enable = true;
port = 6080;
};
};
};
networking = {
useDHCP = false;
interfaces.enp33s0f0np0 = {
useDHCP = false;
ipv4.addresses = [ {
address = "10.255.240.200";
prefixLength = 24;
} ];
};
# interfaces.enp33s0f0np1 = {
# useDHCP = false;
# ipv4.addresses = [ {
# address = "10.1.61.100";
# prefixLength = 24;
# } ];
# };
# interfaces.ibp59s0 = {
# useDHCP = false;
# ipv4.addresses = [ {
# address = "10.255.241.200";
# prefixLength = 24;
# } ];
};
defaultGateway = "10.255.240.1";
firewall.extraCommands = ''
iptables -I INPUT -s 10.255.241.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.255.241.0/24 -j MASQUERADE
'';
};
fileSystems ={
"/exports/home" = {
device = "/home";
options = [ "bind" ];
};
"/frontend" = {
device = "/home";
options = [ "bind" ];
};
# "/opt" = {
# device = "10.255.63.80:/opt";
# fsType = "nfs";
# options = [ "soft" "rdma" "defaults" ];
# };
# "/data" = {
# device = "10.255.63.80:/data";
# fsType = "nfs";
# options = [ "soft" "rdma" "defaults" ];
# };
# "/vol/local-storage/vol1" = {
# device = "/vol/vol1";
# options = [ "bind" ];
# };
# "/vol/local-storage/vol2" = {
# device = "/vol/vol2";
# options = [ "bind" ];
# };
};
nix.extraOptions = ''
secret-key-files = /etc/nix/ekman.private
'';
services.xserver = {
enable = true;
enableCtrlAltBackspace = true;
layout = "us";
xkbVariant = "altgr-intl";
xkbOptions = "eurosign:e";
displayManager = {
gdm.enable = true;
job.logToFile = true;
};
desktopManager.xfce.enable = true;
};
services.prometheus.alertmanager.configuration.global = {
smtp_smarthost = "smtpgw.itpartner.no:465";
smtp_auth_username = "utvikling";
smtp_auth_password = "S0m3rp0m@de#21!";
smtp_hello = "ekman.oceanbox.io";
smtp_from = "noreply@ekman.oceanbox.io";
};
# services.nginx = {
# virtualHosts = {
# "ds.matnoc.regnekraft.io" = {
# forceSSL = true;
# enableACME = true;
# serverAliases = [];
# locations."/" = {
# proxyPass = "http://localhost:9088";
# proxyWebsockets = false;
# extraConfig = ''
# allow 10.1.2.0/24;
# allow 172.19.254.0/24;
# allow 172.19.255.0/24;
# deny all;
# '';
# };
# };
# };
# };
# services.gitlab-runner = {
# enable = true;
# extraPackages = with pkgs; [
# singularity
# ];
# concurrent = 4;
# services = {
# sif = {
# registrationConfigFile = "/var/lib/secrets/gitlab-runner-registration";
# executor = "shell";
# tagList = [ "ekman" "sif" ];
# };
# };
# };
# security.sudo.extraConfig = ''
# gitlab-runner ALL=(ALL) NOPASSWD: /run/current-system/sw/bin/singularity
# '';
security.pam = {
services.sshd.googleAuthenticator.enable = true;
loginLimits = [
{
domain = "@users";
item = "rss";
type = "hard";
value = 16000000;
}
{
domain = "@users";
item = "cpu";
type = "hard";
value = 180;
}
];
};
# ssh-rsa is deprecated, but putty/winscp users use it
# services.openssh.extraConfig = ''
# pubkeyacceptedalgorithms ssh-rsa,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256
# '';
imports = [ ./cluster.nix ./hw/frontend.nix ];
};
compute = {
# deployment.tags = [ "compute" ];
fileSystems = {
"/frontend" = {
device = "10.255.240.200:/home";
fsType = "nfs";
options = [
"soft"
"defaults"
"noauto"
"x-systemd.automount"
];
};
# "/opt" = {
# device = "10.1.63.80:/opt";
# fsType = "nfs";
# options = [ "soft" "rdma" "defaults" ];
# };
# "/data" = {
# device = "10.1.63.80:/data";
# fsType = "nfs";
# options = [ "soft" "rdma" "defaults" ];
# };
};
systemd.automounts = [
{
where = "/frontend";
wantedBy = [ "default.target" ];
}
];
};
mkCompute = host:
let
ipoib = builtins.replaceStrings [".240."] [".241."] host.address;
hw = ./hw + "/${host.name}.nix";
in {
"${host.name}" = {
features = {
inherit host;
os.externalInterface = "enp33s0f0np0";
hpc.compute = true;
k8s = { inherit etcdCluster; };
};
node = {
i40efix = true;
};
networking = {
useDHCP = false;
interfaces.enp33s0f0np0 = {
useDHCP = false;
ipv4.addresses = [ {
address = host.address;
prefixLength = 24;
} ];
# ipv4.routes = [ {
# address = "10.1.62.2";
# prefixLength = 32;
# via = "10.1.61.100";
# } ];
};
# interfaces.ibp65s0 = {
# useDHCP = false;
# ipv4.addresses = [ {
# address = ipoib;
# prefixLength = 24;
# } ];
# };
};
imports = [ ./cluster.nix hw ];
}
// compute;
};
in {
## morph
# network = {
# inherit pkgs;
# description = "ekman";
# ordering = {
# tags = [ "frontend" "compute" ];
# };
# };
inherit ekman;
} // builtins.foldl' (a: n: a // mkCompute n) {} nodes

10
clusters/ekman/hosts.nix Normal file
View File

@@ -0,0 +1,10 @@
''
10.255.240.200 frontend frontend.local c0-0 ekman ekman.oceanbox.io
10.255.240.201 c0-1 c0-1.local
# 10.1.61.80 bee0-0 bee0-0.local
# 10.1.63.101 ib0-1 ib0-1.local
# 10.1.63.80 ibmds0-0 ibmds0-0.local
''

39
clusters/ekman/hw/c0-1.nix Normal file
View File

@@ -0,0 +1,39 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/102a2e89-1ffb-4f8b-810e-b742b6f9da98";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/54C4-7983";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/29ba5bab-0777-4ac1-96af-3952e28d570c"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp33s0f0np0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp33s0f1np1.useDHCP = lib.mkDefault true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

39
clusters/ekman/hw/frontend.nix Normal file
View File

@@ -0,0 +1,39 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/e19cbe18-e194-47f6-8eb5-c60b5be1bb7a";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/6A07-053A";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/2100e403-0dff-4314-b85a-cad99820aacf"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp33s0f0np0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp33s0f1np1.useDHCP = lib.mkDefault true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

46
clusters/ekman/kernel.nix Normal file
View File

@@ -0,0 +1,46 @@
{pkgs, lib, stdenv, fetchurl, config, kernel ? pkgs.linux, ...}:
let
i40e =
stdenv.mkDerivation rec {
name = "i40e-${version}-${kernel.version}";
version = "2.13.10";
src = pkgs.fetchFromGitHub {
owner = "dmarion";
repo = "i40e";
rev = "7228a7c3b362c3170baa2f9a9c6870a900e78dbd";
sha256 = "087kvq9wrc1iw6vig8cqcx7cb6346wx8qxzb85c3n8638vq1vrxr";
};
hardeningDisable = [ "pic" ];
configurePhase = ''
cd src
kernel_version=${kernel.modDirVersion}
sed -i -e 's|/lib/modules|${kernel.dev}/lib/modules|' Makefile
sed -i -e 's|/lib/modules|${kernel.dev}/lib/modules|' common.mk
export makeFlags="BUILD_KERNEL=$kernel_version"
'';
installPhase = ''
install -v -D -m 644 i40e.ko "$out/lib/modules/$kernel_version/kernel/drivers/net/i40e/i40e2.ko"
'';
dontStrip = true;
enableParallelBuilding = true;
meta = {
description = "Linux kernel drivers for Intel Ethernet adapters and LOMs (LAN On Motherboard)";
homepage = https://github.com/dmarion/i40e;
license = lib.licenses.gpl2;
};
};
in
{
i40e2 = i40e;
overlay = self: super: {
linuxPackages_5_4 = super.linuxPackages_5_4 // { inherit i40e; };
};
}

2
clusters/ekman/munge.key Normal file
View File

@@ -0,0 +1,2 @@
ç£/ik±/¨÷|ñR¯E¥R®$ÃQfj5·<35>rd<0E>С¶7“{¢99âTÂîÛÃiÄŒ,ÐŒÍhçïÙ8töv:%T”
|ÈÚÈ´þΕ§VŒ00w<30>|ŸÏ®÷íà|È_ŸY{3L_!F1TdÔ&F7õ™B°R

1
clusters/ekman/pubkeys/c0-1.pub Normal file
View File

@@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC11miL1X2hmZ+FZngDIMUECt8Mr7etEF1yXOXMBPwKSLhMaJnIo7+3C1oVlxf0MZjYMA0neIpSB/PpD1PZU89QBrL/HlnEHVChlNoPuTjN3SoMVSwClCf94VW4c5obK4b0EVbJujudreMC7q4sDOzcMVsBwWCZYmOroM1AqQ2dcZFWpj9hk7RWm3UlxnGG8ZPB9i6zzuKECp9W00RznxLaX0Ys6acXIrhg7N1CIZSWyQwQ6hb5bAz6rbTMgub3YZktckVgTlWnpyW6jfR4+xJW5fM5uVcW1kgSP/xQ+sAnAvH099ogBZSlv59oBL/jIGAVQwKptxkacues6drsohAocmstxVRyatBtEMBp5Grn+pzoDH6cIYTXy3qAgpUzQCnSsW6ttG2cVtPvw/3OSgYsJ1J0VHWfJ8AVBDpRahOa20A7hXR0RzbeRJ4xX4Fu4ndcaR+GTdLSBfb/WSyn1751WZmxqegFnjhuKNcxqKj2tjzm9/oKPtO0Ri8bIDVtLSjTJ4Vhed5I2X50Du9YBcbee1FtqHZV09OCfGRWKL39721b+gmC0JYKHCU6NpAnxa1jjrDJieYCKDsmQtXfWm1mtXeVir4I31ufWUJoGc0YTl/qWpcCVKPDmQHBRLvv7pqU2Fz/FkW+7mePf73Ympc1PRfxNoiP8oeQyPzsmN0liw== root@OBNODE01

1
clusters/ekman/pubkeys/ekman.pub Normal file
View File

@@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCySwxKuwdqn+jaEi73BPSFslUoLW2St3FKZ1iojQa7H73SZDWQGCyyR9bwmMpjWUCXt/7aZmljF78MF9t/dE/ZJAQfxYv/rt6QCYDWLZBalyNQ2X3R7U2WNlZPF3KwnxnmOJOPCDKnHrbsGaUG7z6oERaCSgngY8haOVsHJIo55gpjBCkAT/WhvFQ4vcaECuJWVg619lebDVTAVNZDdI7I8KzezMOSX+dH1Z/nr90pq54ZunK5RmaMuYo7tb/PeD3T1/cbK8PUyZsx29iih8PtOwoIkeIaszvrk1BeJmFkhfUyuXZp3/a2BlZ01pIIf2RVpimsqCuk4vYw3OB8MQZDihBniYaNjvogsl7VGoVfGiJHb1az3P8NUYDl0kn7MaNJC5Mboaqj9DCDTAht6mTl3qLkDvpMnIAbxxRCNwqSxhfUvOZJRVe3qKWeKfggOeAWFwxy/Ij3EpiD5eiA/PnuZEA0iuJ+EPEbjJdlcUxy9ZjGgn3t0f5VygMV9E6v9fVF+79ocWqyuugwO/4WTWC/jqq5dfujNfsQ3QZ+wfsyuyZsDiCsqdk0GS3sE7ngy4aDs4G4qdkzB0USFaydv7R/Rbvsy2sLwivB+pLboVrnAVtDIlHuaKtMR1De/K9G4vvjEQ89T4Os3bMwkMY15HnEX5mO5vARnnz+VfGcKCbIIQ== root@OBNODE02

154
clusters/ekman/users.nix Normal file
View File

@@ -0,0 +1,154 @@
{ pkgs, ... }:
{
users.groups = {
admin = { gid = 10000; };
jonas = { gid = 1000; };
olean = { gid = 1001; };
frankgaa = { gid = 1002; };
bast = { gid = 1003; };
stig = { gid = 1004; };
sif = {
gid = 11000;
members = [
"jonas"
"olean"
"bast"
"frankgaa"
"stig"
];
};
};
users.users = {
admin = {
description = "Administrator";
home = "/home/admin";
group = "admin";
extraGroups = [
"users"
"wheel"
"root"
"adm"
"admin"
"cdrom"
"fuse"
"wireshark"
"libvirtd"
"networkmanager"
"tty"
"keys"
];
uid = 10000;
isNormalUser = true;
createHome = false;
useDefaultShell = false;
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas-3"
];
};
jonas = {
description = "Jonas Juselius";
home = "/home/jonas";
group = "jonas";
extraGroups = [
"users"
"wheel"
"root"
"adm"
"admin"
"cdrom"
"fuse"
"wireshark"
"libvirtd"
"networkmanager"
"tty"
"keys"
];
uid = 1000;
isNormalUser = true;
createHome = false;
useDefaultShell = false;
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas-3"
];
};
olean = {
description = "Ole Anders Nøst";
home = "/home/olean";
group = "olean";
extraGroups = [
"users"
];
uid = 1001;
isNormalUser = true;
createHome = false;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAlfc2r3mNkvmdta+H/5zfdFe6317zmCdhhPYbipaGVFPUZO2cCTgSso28oDvOpCDldo/wl3jUxYNDlwH8LYMqKT3aGaOZr8JbxYzd+L+5GM2KTD+4YRmPtpYS/LWcc3j+fiFXSgX6Mrrgf6ineCRuBxSooDVE+pBakM1U7d5NE25apaAvclzFTmZBg0Sf9e5sgHkR99r9DUeGEQWGNZVUGwti39dFVp+aC9dsA+1/OtNB/HMF5G1MMk9dqvN7n7i9o9Plef2DParn4QU1GhmUKeEiBe4OAmSP+WwD4YvK6iXSKZG6tuTEspw+mR3rK5gBHrEiaNlCtp7O9BnAw4Wjhw== rsa-key-20201218"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCp3QEG9uJq4EKMRWlBkqg/EQD6+2E90E6/1i+JLbiBYBSV6Yqac6KzyJezaVXzch+qm6FFXas3thaBScbA4cELkETaxyNzYG6sNcLyEhlQn51pEsq2mFiq8IiaMaDc55/2HTbXVrpNoTNQFt6lBwHziKQYuUI0H0cxze+ppp0ZJOu1MsayW8JOv75YSv6WFIDRR+KP6dOEBu1PsP6plTZwK94ogjQ+3KHGcMAnE3cf8VCEF8akNC6GRmCgXNZE4I9MmKTDr217OoFpnXAx5/KTvGo+USkXc6xn/vbQsni4ExwGlMTg97RK49wIHD1NfGxZ3sv7mZ+UQPqqmSxCG+zueJrR6BSBfbm7fw5KvRn69rOihapeo/6GoqqVDe4yn1imtojjHN6+9pgJ9E6o108qbXRw2X6t1KUuXrB+fTfUKvy0kWiJFIMDSUtKF/nhiES+aCI4b4WBwyg5hdKGvgJdjyUS7P/jYgqWRe+qmknAERtQKlFDA/C6ChsTXerFD5Ikvu3dajJUiDehszEON5F4JlxSf2VpUFCDLVNqV/GjJqOg90mXGDk82c+0ZHIUsPLsdqR+t/xnOSv1Ks9I5fId6g+3OlR1ifnb3Qm48QGKbi/CM8M/QXzv4VgeIkRTR0Oi4W0P1tpUSyPd1nyGaM/B/FqN52XIUjRqIfu0emwgiw== olean@navier"
];
};
frankgaa = {
description = "Frank Gaardsted";
home = "/home/frankgaa";
group = "frankgaa";
extraGroups = [
"users"
];
uid = 1002;
isNormalUser = true;
createHome = false;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTq/IAtLkvHaPKTsp5U9YnhBj7PLFflS9vWpm5e/bFXQkSShkqUOktff1GITIN+RTpUS8zF9UkJA8fj5K382DhIn4jVb9HvQzmHNBTxU5ClpOuKhfibrts5IKMLAiN1enwZYu0iUIVfDKTYmqgAnjN8B6OyzIAB8bsBUMdN29PEwJT4cCVRRySLRfoWiXiZKow71FzXIACgxMwGhj2fpslKQoat2LGny03XR7EZrv36u1OktT28Gxf4ZrGpT9+3SAyf7aW20xHALU/dHXVsfsuqnoqw1InZ5VhvIVtoIj+5Vc5dkTXkychL0Hb+WxiH5O/3T18YUqes08UPZX5G9kB fga@akvaplan.niva.no"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDXv//iSTq5k1iYPZq9MKuF2OCE2UQPdR6TglWAeAnwL72UoKG068qDK3Ys+mFRY/S957hLn0FPFJPigcSaLzBq2v3G6kKySg68XWQfxBTSi5Wg81taNoJKQK+QAKfU2FiW9i1dLkvRKEXlY3tmF2mZLwqvrClRQMw8Nz0PQ5LnQfRgge07aXA3nDEf/nRuIaPG8zEki56lOONMWz4bGTjPn1y6y9gYAmskOc9w7uEOAy3VxkoR8fKvQM0ZTgt+6+68QxReyaDHH+12AqDxDy4wTCNX1LU902NDxyJZrUa2Xv9me2qN5O7hDOL/8S19MkJPBDEttMtA2rsFQlD9WYqycqgFhbOzLb7gixK1lrL3CYHsE9fXD2LuitSDXf79HFnCVHD5HJG7CbpIJLNNeTOCx94vspf9J8OENNdnNCgMFC1FKV/vdCiZ/RAOUCINrekvrX8FNjlXIhHOeK/gG6gP61oWpx3qbOExeMQTqWa9cGeHPtIdPiJVCza9Mg4X+0D9DCaP7KVLAxKioWqyd2WsyYeVhXA0OqnkEQk/jPZUjnxL1rnlH3I6QtVxHyqKcmmWEoRUnXId0ASUqx2hmsmI0TZD197PLFq53VO86v7jlAXLyzwmPh5VWdTOywklRpM29sZplVG/6gkHm/vM0DVSTEjVW+4mMFlzaiKgujH2fw== frankgaa@frankenstein"
];
};
bast = {
description = "Radovan Bast";
home = "/home/bast";
group = "bast";
extraGroups = [
"users"
"wheel"
"root"
];
uid = 1003;
isNormalUser = true;
createHome = false;
useDefaultShell = false;
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFbrEhm1acesXmbgfO5lN1gcTFXqusq61QyCZXunYJpl"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIdcJteh9d/N1o8BbdEMRVxeMjm28saon/Oh2tV0+TYj"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEg6tHlB5xco85d4XJja71hz1nEe9wFF1+ht8oKULkwh"
];
};
stig = {
description = "Stig Rune Jensen";
home = "/home/stig";
group = "stig";
extraGroups = [
"users"
"wheel"
"root"
];
uid = 1004;
isNormalUser = true;
createHome = false;
useDefaultShell = false;
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
];
};
};
}