stokes: misc stuff, new users

2022-01-24 15:00:52 +01:00
parent 9bf1722b03
commit 67a53eb442
4 changed files with 76 additions and 325 deletions
--- a/clusters/stokes/default.nix
+++ b/clusters/stokes/default.nix
@@ -1,8 +1,8 @@
 let
  # Pin the deployment package-set to a specific version of nixpkgs
  # pkgs = import (builtins.fetchTarball {
-  #   url = "https://github.com/NixOS/nixpkgs/archive/e9148dc1c30e02aae80cc52f68ceb37b772066f3.tar.gz";
-  #   sha256 = "1ckzhh24mgz6jd1xhfgx0i9mijk6xjqxwsshnvq789xsavrmsc36";
+  #   url = "https://github.com/NixOS/nixpkgs/archive/e6377ff35544226392b49fa2cf05590f9f0c4b43.tar.gz";
+  #   sha256 = "1fra9wwy5gvj5ibayqkzqpwdf715bggc0qbmrfch4fghwvl5m70l";
  # }) {};
  pkgs = import <nixpkgs> {};

@@ -24,6 +24,7 @@ let
    map (n: ({ name = "c0-${toString n}"; address = "10.1.61.10${toString n}"; })) nodes;

  stokes = {
+    # deployment.tags = [ "frontend" ];
    node.myvnc = true;

    systemd.targets = {
@@ -162,8 +163,6 @@ let
      };
    };

-    security.pam.services.sshd.googleAuthenticator.enable = true;
-
    nix.extraOptions = ''
      secret-key-files = /etc/nix/stokes.private
    '';
@@ -209,10 +208,49 @@ let
      };
    };

+    # services.gitlab-runner = {
+    #   enable = true;
+    #   extraPackages = with pkgs; [
+    #     singularity
+    #   ];
+    #   concurrent = 4;
+    #   services = {
+    #     sif = {
+    #       registrationConfigFile = "/var/lib/secrets/gitlab-runner-registration";
+    #       executor = "shell";
+    #       tagList = [ "stokes" "sif" ];
+    #     };
+    #   };
+    # };
+
+    # security.sudo.extraConfig = ''
+    #   gitlab-runner ALL=(ALL) NOPASSWD: /run/current-system/sw/bin/singularity
+    # '';
+
+    security.pam = {
+      services.sshd.googleAuthenticator.enable = true;
+      loginLimits = [
+        {
+          domain = "@users";
+          item = "rss";
+          type = "hard";
+          value = 16000000;
+        }
+        {
+          domain = "@users";
+          item = "cpu";
+          type = "hard";
+          value = 180;
+        }
+      ];
+    };
+
    imports = [ ./cluster.nix ./hw/frontend.nix ];
  };

  compute = {
+    # deployment.tags = [ "compute" ];
+
    fileSystems = {
      "/home/stokes" = {
        device = "10.1.63.100:/home";
@@ -273,6 +311,16 @@ let
    }
    // compute;
 };
-in
-  { inherit stokes; } // builtins.foldl' (a: n: a // mkCompute n) {} nodes
+in {
+    ## morph
+    # network =  {
+    #   inherit pkgs;
+    #   description = "stokes";
+    #   ordering = {
+    #     tags = [ "frontend" "compute" ];
+    #   };
+    # };
+
+    inherit stokes;
+} // builtins.foldl' (a: n: a // mkCompute n) {} nodes