fix: fix ekman part of botched merge

2025-09-12 14:38:36 +02:00
parent fcd136ed4e
commit eb7b1f8130
23 changed files with 261 additions and 368 deletions
--- a/ekman/login/default.nix
+++ b/ekman/login/default.nix
@@ -1,12 +1,11 @@
 { pkgs ? import <nixpkgs> {} }:
 let
-  name = "rossby";
-  address = "172.16.239.222";
-  etcdCluster = import ../etcdCluster.nix;
+  name = "ekman";
+  address = "10.255.241.100";
 in
 {
-  rossby-login = { config, pkgs, ... }: with pkgs; {
-    deployment.tags = [ "rossby-login" "login"  ];
+  ekman = { config, pkgs, ... }: with pkgs; {
+    deployment.tags = [ "ekman" "login"  ];
    deployment.targetHost = address;
    system.autoUpgrade.enable = lib.mkForce false;

@@ -21,13 +20,14 @@ in
      compute = true;
      k8sNode = true;
      mounts = {
-        rdma.enable = false;
+        rdma.enable = true;
        automount.enable = true;
-        users = false;
+        home = false;
        opt = false;
-        work = false;
-        data = false;
-        ceph = false;
+        work = true;
+        data = true;
+        backup = true;
+        ceph = true;
      };
    };

@@ -40,17 +40,18 @@ in
      myvnc.enable = false;

      os = {
-        externalInterface = "enp129s0f0";
+        externalInterface = "enp33s0f0np0";
        nfs.enable = true;
        nfs.exports = ''
-          /exports 172.16.239.0/24(insecure,rw,sync,no_subtree_check,crossmnt,fsid=0,no_root_squash)
+          /exports 10.255.241.0/24(insecure,rw,sync,no_subtree_check,crossmnt,fsid=0,no_root_squash)
+          /exports 10.255.243.0/24(insecure,rw,sync,no_subtree_check,crossmnt,fsid=0,no_root_squash)
        '';
      };

      hpc = {
        slurm.server = false;
        slurm.slurmrestd = false;
-        manager = false;
+        frontend = false;
        login = true;
        knem = false;
      };
@@ -58,7 +59,6 @@ in
      k8s = {
        master.enable = false;
        node.enable = true;
-        inherit etcdCluster;
      };

      desktop.enable = false;
@@ -66,7 +66,7 @@ in
      monitoring = {
      #   server = {
      #     enable = false;
-      #     scrapeHosts = [ "rossby-manage" "nfs0" "nfs1" ] ++ (builtins.map (x: x.name) computeNodes);
+      #     scrapeHosts = [ "frontend" "nfs0" "nfs1" ] ++ (builtins.map (x: x.name) computeNodes);
      #     defaultAlertReceiver = {
      #       email_configs = [
      #         { to = "jonas.juselius@oceanbox.io"; }
@@ -75,7 +75,7 @@ in
      #     pageAlertReceiver = {
      #       webhook_configs = [
      #         {
-      #           url = "https://prometheus-msteams.k2.itpartner.no/rossby";
+      #           url = "https://prometheus-msteams.k2.itpartner.no/ekman";
      #           http_config = {
      #             tls_config = { insecure_skip_verify = true; };
      #           };
@@ -93,7 +93,28 @@ in
        infiniband-exporter = {
          enable = true;
          nameMap = ''
-              # 0xe8ebd3030024981e "c0-1"
+              0x248a07030029d2fc "frontend"
+              0x248a07030029d104 "ekman"
+              0x5aa2e1fffe1edfca "fs-work"
+              0x1c34da0300787798 "fs-backup"
+              0xe8ebd3030024981e "c0-1"
+              0xe8ebd3030024a21a "c0-2"
+              0xe8ebd30300249a3a "c0-3"
+              0xe8ebd30300248b9e "c0-4"
+              0xe8ebd30300248b86 "c0-5"
+              0xe8ebd3030024998a "c0-6"
+              0xe8ebd30300248b8e "c0-7"
+              0xe8ebd3030024999e "c0-8"
+              0xe8ebd30300248fca "c0-9"
+              0xe8ebd3030024a216 "c0-10"
+              0xe8ebd30300248b96 "c0-11"
+              0xe8ebd30300248b9a "c0-12"
+              0xe8ebd303002495d2 "c0-13"
+              0xe8ebd303002495e2 "c0-14"
+              0xe8ebd30300248f42 "c0-15"
+              0xe8ebd303002495e6 "c0-16"
+              0xe8ebd3030024a2a2 "c0-17"
+              0xe8ebd3030024a2ae "c0-18"
          '';
        };
        slurm-exporter = {
@@ -108,22 +129,15 @@ in
    # '';

    # boot.kernelPackages = pkgs.linuxKernel.packages.linux_6_6;
-    services.flannel.iface = "enp129s0f0";
+    services.flannel.iface = "enp33s0f3np3";

    networking = {
      useDHCP = false;
      hostName = name;
-<<<<<<<< HEAD:rossby/login/default.nix
-      interfaces.enp129s0f0 = {
-        useDHCP = false;
-        ipv4.addresses = [ {
-          inherit address;
-========
      interfaces.enp33s0f3np3 = {
        useDHCP = false;
        ipv4.addresses = [ {
          address = address;
->>>>>>>> ekman:ekman/login/default.nix
          prefixLength = 24;
        } ];
        # ipv4.routes = [
@@ -134,27 +148,27 @@ in
        #     }
        # ];
      };
-      # interfaces."ibp65s0f0" = {
-      #   useDHCP = false;
-      #   ipv4.addresses = [ {
-      #     address = "10.255.243.100";
-      #     prefixLength = 24;
-      #   } ];
-      # };
-      # interfaces."enp65s0f1np1" = {
-      #   useDHCP = false;
-      #   ipv4.addresses = [ {
-      #     address = "10.255.244.100";
-      #     prefixLength = 24;
-      #   } ];
-      # };
-      # interfaces.enp33s0f0np0 = {
-      #   useDHCP = false;
-      #   ipv4.addresses = [ {
-      #     address = "10.255.242.2";
-      #     prefixLength = 24;
-      #   } ];
-      #   ipv4.routes = [
+      interfaces."ibp65s0f0" = {
+        useDHCP = false;
+        ipv4.addresses = [ {
+          address = "10.255.243.100";
+          prefixLength = 24;
+        } ];
+      };
+      interfaces."enp65s0f1np1" = {
+        useDHCP = false;
+        ipv4.addresses = [ {
+          address = "10.255.244.100";
+          prefixLength = 24;
+        } ];
+      };
+      interfaces.enp33s0f0np0 = {
+        useDHCP = false;
+        ipv4.addresses = [ {
+          address = "10.255.242.2";
+          prefixLength = 24;
+        } ];
+        ipv4.routes = [
            # {
            #     address = "10.1.8.0";
            #     prefixLength = 24;
@@ -165,13 +179,15 @@ in
            #     prefixLength = 24;
            #     via = "10.255.242.1";
            # }
-        # ];
-      # };
-      defaultGateway = "172.16.239.1";
+        ];
+      };
+      defaultGateway = "10.255.242.1";
      firewall = {
        allowedTCPPorts = [ 4443 ];
        extraCommands = ''
-          # iptables -t nat -A POSTROUTING -s 10.255.243.0/24 -j MASQUERADE
+          # needed for nodeport access on k1 and k2
+          # iptables -t nat -A POSTROUTING -s 10.255.241.0/24 ! -d 10.255.0.0/16 -j SNAT --to-source 10.255.242.2
+          iptables -t nat -A POSTROUTING -s 10.255.243.0/24 -j MASQUERADE
        '';
      };
    };
@@ -197,7 +213,7 @@ in
        device = "/vol/nfs-provisioner";
        options = [ "bind" ];
      };
-      "/users" = {
+      "/frontend" = {
        device = "/home";
        options = [ "bind" ];
      };
@@ -212,7 +228,7 @@ in
    };

    nix.extraOptions = ''
-      # secret-key-files = /etc/nix/rossby.key
+      secret-key-files = /etc/nix/ekman.key
    '';

    # services.xserver = {
@@ -232,8 +248,8 @@ in
        smtp_smarthost = "smtpgw.itpartner.no";
        # smtp_auth_username = "utvikling";
        # smtp_auth_password = "S0m3rp0m@de#21!";
-        smtp_hello = "rossby.oceanbox.io";
-        smtp_from = "noreplyrossby.oceanbox.io";
+        smtp_hello = "ekman.oceanbox.io";
+        smtp_from = "noreply@ekman.oceanbox.io";
    };

    # services.nginx = {
@@ -266,7 +282,7 @@ in
    #     sif = {
    #       registrationConfigFile = "/var/lib/secrets/gitlab-runner-registration";
    #       executor = "shell";
-    #       tagList = [ "rossby" "sif" ];
+    #       tagList = [ "ekman" "sif" ];
    #     };
    #   };
    # };
@@ -326,13 +342,14 @@ in
        "--login-server=https://headscale.svc.oceanbox.io"
        "--accept-dns"
        "--advertise-exit-node"
-        "--advertise-tags=tag:rossby"
+        "--advertise-routes=10.255.241.241.0/24"
+        "--advertise-tags=tag:ekman"
      ];
    };

    imports = [
      ./hardware-configuration.nix
-      ../default.nix
+      ../cluster.nix
      ../mounts.nix
      ../myvnc.nix
    ];