{ pkgs, lib, config, ... }: with lib; let cfg = config.cluster; pki = import ./pki.nix { inherit pkgs; ca = cfg.initca; }; in { options.cluster = { initca = mkOption { type = types.path; }; hostName = mkOption { type = types.nullOr types.str; default = null; }; address = mkOption { type = types.nullOr types.str; default = null; }; externalInterface = mkOption { type = types.nullOr types.str; default = null; }; defaultGateway = mkOption { type = types.nullOr types.str; default = null; }; nameservers = mkOption { type = types.listOf types.str; default = [ "8.8.8.8" ]; }; domain = mkOption { type = types.str; default = null; }; searchDomains = mkOption { type = types.listOf types.str; default = [ cfg.domain ]; }; cert = mkOption { type = types.attrs; default = null; }; clusterName = mkOption { type = types.str; default = null; }; extraHosts = mkOption { type = types.str; }; adminAuthorizedKeys = mkOption { type = types.listOf types.str; default = []; }; }; config = { users.extraUsers.admin.openssh.authorizedKeys.keys = cfg.adminAuthorizedKeys; users.extraUsers.root.openssh.authorizedKeys.keys = cfg.adminAuthorizedKeys; networking = { domain = cfg.domain; search = cfg.searchDomains; extraHosts = cfg.extraHosts; firewall.allowedTCPPortRanges = [ { from = 5000; to = 50000; } ]; firewall.allowedTCPPorts = [ 80 443 111 ]; firewall.allowedUDPPorts = [ 111 24007 24008 ]; } // ( if cfg.externalInterface == null then { hostName = cfg.hostName; } else { hostName = cfg.hostName; interfaces."${cfg.externalInterface}" = { useDHCP = false; ipv4.addresses = [ { address = cfg.address; prefixLength = 24; } ]; }; defaultGateway = cfg.defaultGateway; nameservers = cfg.nameservers; } ); security.pki.certificateFiles = [ pki.ca.cert ]; boot.kernel.sysctl = { "kernel.mm.transparent_hugepage.enabled" = "never"; "net.core.somaxconn" = "512"; }; environment.systemPackages = with pkgs; [ nfs-utils ]; }; imports = [ ../nixos/configuration.nix ]; }