oceanbox/platform
6
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat: convert rossby-manage to networkd and resolved and fix dnsmasq

Browse Source
This commit is contained in:
Jonas Juselius
2025-10-08 20:02:26 +02:00
parent 26cfbd7130
commit f51f30004e
1 changed files with 19 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
rossby/manage/default.nix
View File

@@ -7,21 +7,21 @@ let
idx = 222; idx = 222;
name = "rossby"; name = "rossby";
address = "172.16.239.${toString idx}"; address = "172.16.239.${toString idx}";
ipoib = "10.1.6.${toString idx}"; ipoib = "10.16.239.${toString idx}";
pubkey = ../login/ssh_host_key.pub; pubkey = ../login/ssh_host_key.pub;
} }
rec { rec {
idx = 210; idx = 210;
name = "fs-work"; name = "fs-work";
address = "172.16.239.${toString idx}"; address = "172.16.239.${toString idx}";
ipoib = "10.1.6.${toString idx}"; ipoib = "10.16.239.${toString idx}";
pubkey = ../fs-work/ssh_host_key.pub; pubkey = ../fs-work/ssh_host_key.pub;
} }
]; ];
etcdCluster = import ../etcdCluster.nix; etcdCluster = import ../etcdCluster.nix;
name = "rossby-manage"; name = "rossby-manage";
address = "172.16.239.221"; address = "172.16.239.221";
ipoib = "10.1.6.221"; ipoib = "10.16.239.221";
in { in {
systemd.targets = { systemd.targets = {
sleep.enable = false; sleep.enable = false;
@@ -68,6 +68,7 @@ in {
os = { os = {
externalInterface = "enp65s0np0"; externalInterface = "enp65s0np0";
networkmanager.enable = false;
nfs.enable = false; nfs.enable = false;
nfs.exports = '' nfs.exports = ''
/exports 172.16.239.0/24(insecure,rw,async,no_subtree_check,crossmnt,fsid=0,no_root_squash) /exports 172.16.239.0/24(insecure,rw,async,no_subtree_check,crossmnt,fsid=0,no_root_squash)
@@ -143,10 +144,13 @@ in {
services.flannel.iface = "enp65s0np0"; services.flannel.iface = "enp65s0np0";
networking = { networking = {
useDHCP = false;
useNetworkd = true; useNetworkd = true;
useDHCP = false;
hostName = name; hostName = name;
# defaultGateway = "172.16.239.1"; defaultGateway = {
interface = "enp65s0np0";
address = "172.16.239.1";
};
firewall = { firewall = {
allowedTCPPorts = [ 6443 4725 ]; allowedTCPPorts = [ 6443 4725 ];
extraCommands = '' extraCommands = ''
@@ -159,6 +163,7 @@ in {
# iptables -t nat -A POSTROUTING -s 172.16.239.0/24 -j SNAT --to-source 10.255.242.3 # iptables -t nat -A POSTROUTING -s 172.16.239.0/24 -j SNAT --to-source 10.255.242.3
''; '';
}; };
}; };
systemd.network = { systemd.network = {
@@ -168,9 +173,11 @@ in {
DHCP = "no"; DHCP = "no";
matchConfig.Name = "enp65s0np0"; matchConfig.Name = "enp65s0np0";
address = [ "${address}/24" ]; address = [ "${address}/24" ];
routes = [ };
{ Gateway = "172.16.239.1"; } ipoib = {
]; matchConfig.Name = "ibp1s0";
DHCP = "no";
address = [ "${ipoib}/24" ];
}; };
}; };
}; };
@@ -178,6 +185,9 @@ in {
services.resolved = { services.resolved = {
enable = true; enable = true;
dnssec = "false"; dnssec = "false";
extraConfig = ''
DNSStubListener=no
'';
fallbackDns = [ fallbackDns = [
"1.1.1.1" "1.1.1.1"
"1.0.0.1" "1.0.0.1"
@@ -238,11 +248,6 @@ in {
services.dnsmasq.enable = true; services.dnsmasq.enable = true;
services.dnsmasq.settings = { services.dnsmasq.settings = {
domain = [ "cluster.local" ]; domain = [ "cluster.local" ];
server = [
"/.obx/100.100.100.100" # headscale dns
"8.8.8.8"
"1.1.1.1"
];
address = [ address = [
"/slurmctld.cluster.local/127.0.0.1" "/slurmctld.cluster.local/127.0.0.1"
]; ];
@@ -290,9 +295,7 @@ in {
extraUpFlags = [ extraUpFlags = [
"--login-server=https://headscale.svc.oceanbox.io" "--login-server=https://headscale.svc.oceanbox.io"
"--accept-dns=false" # see dnsmasq "--accept-dns=false" # see dnsmasq
"--accept-routes=true" "--accept-routes=false"
"--advertise-exit-node"
"--advertise-routes=172.16.239.0/24,172.16.238.0/24"
]; ];
}; };
services.networkd-dispatcher = { services.networkd-dispatcher = {