diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-10-03 17:15:36 +0200 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-10-03 17:15:36 +0200 |
commit | 9248259708bd6ade5e334a2cdfb29d2a20acb0dd (patch) | |
tree | 976a140d547557c8cdf98856510030fd35b83d1a /hosts/vidhar/network/dhcp/default.nix | |
parent | 59e54bd97f70711573d321f2d2aeee5da46bf95d (diff) | |
download | nixos-9248259708bd6ade5e334a2cdfb29d2a20acb0dd.tar nixos-9248259708bd6ade5e334a2cdfb29d2a20acb0dd.tar.gz nixos-9248259708bd6ade5e334a2cdfb29d2a20acb0dd.tar.bz2 nixos-9248259708bd6ade5e334a2cdfb29d2a20acb0dd.tar.xz nixos-9248259708bd6ade5e334a2cdfb29d2a20acb0dd.zip |
...
Diffstat (limited to 'hosts/vidhar/network/dhcp/default.nix')
-rw-r--r-- | hosts/vidhar/network/dhcp/default.nix | 58 |
1 files changed, 44 insertions, 14 deletions
diff --git a/hosts/vidhar/network/dhcp/default.nix b/hosts/vidhar/network/dhcp/default.nix index 067dc6d6..e14b15ac 100644 --- a/hosts/vidhar/network/dhcp/default.nix +++ b/hosts/vidhar/network/dhcp/default.nix | |||
@@ -1,4 +1,7 @@ | |||
1 | { flake, config, pkgs, lib, ... }: | 1 | { flake, config, pkgs, lib, ... }: |
2 | |||
3 | with lib; | ||
4 | |||
2 | { | 5 | { |
3 | config = { | 6 | config = { |
4 | services.kea = { | 7 | services.kea = { |
@@ -23,7 +26,7 @@ | |||
23 | { name = "ipxe"; | 26 | { name = "ipxe"; |
24 | test = "option[77].hex == 'iPXE'"; | 27 | test = "option[77].hex == 'iPXE'"; |
25 | next-server = "10.141.0.1"; | 28 | next-server = "10.141.0.1"; |
26 | boot-file-name = "netboot.ipxe"; | 29 | boot-file-name = "installer-x86_64-linux/netboot.ipxe"; |
27 | only-if-required = true; | 30 | only-if-required = true; |
28 | } | 31 | } |
29 | { name = "uefi-64"; | 32 | { name = "uefi-64"; |
@@ -146,7 +149,7 @@ | |||
146 | pools = [ { pool = "10.141.2.128 - 10.141.2.254"; } ]; | 149 | pools = [ { pool = "10.141.2.128 - 10.141.2.254"; } ]; |
147 | reservations = []; | 150 | reservations = []; |
148 | } | 151 | } |
149 | ]; | 152 | ]; |
150 | }; | 153 | }; |
151 | }; | 154 | }; |
152 | # dhcp6 = { | 155 | # dhcp6 = { |
@@ -195,16 +198,16 @@ | |||
195 | }; | 198 | }; |
196 | 199 | ||
197 | systemd.services.kea-dhcp-ddns-server = { | 200 | systemd.services.kea-dhcp-ddns-server = { |
198 | preStart = let | 201 | preStart = let |
199 | configLines = [ | 202 | configLines = [ |
200 | "<?include \"\${CREDENTIALS_DIRECTORY}/knot-tsig.json.frag\"?>" | 203 | "<?include \"\${CREDENTIALS_DIRECTORY}/knot-tsig.json.frag\"?>" |
201 | ] ++ lib.mapAttrsToList (k: v: | 204 | ] ++ mapAttrsToList (k: v: |
202 | "\"${k}\": ${builtins.toJSON v}" | 205 | "\"${k}\": ${builtins.toJSON v}" |
203 | ) config.services.kea.dhcp-ddns.settings; | 206 | ) config.services.kea.dhcp-ddns.settings; |
204 | 207 | ||
205 | config-template = pkgs.writeText "dhcp-ddns.conf" '' | 208 | config-template = pkgs.writeText "dhcp-ddns.conf" '' |
206 | {"DhcpDdns": { | 209 | {"DhcpDdns": { |
207 | ${lib.concatStringsSep ",\n " configLines} | 210 | ${concatStringsSep ",\n " configLines} |
208 | }} | 211 | }} |
209 | ''; | 212 | ''; |
210 | in '' | 213 | in '' |
@@ -212,8 +215,8 @@ | |||
212 | ''; | 215 | ''; |
213 | 216 | ||
214 | serviceConfig = { | 217 | serviceConfig = { |
215 | ExecStart = lib.mkForce '' | 218 | ExecStart = mkForce '' |
216 | ${pkgs.kea}/bin/kea-dhcp-ddns -c "''${RUNTIME_DIRECTORY}/dhcp-ddns.conf" ${lib.escapeShellArgs config.services.kea.dhcp-ddns.extraArgs} | 219 | ${pkgs.kea}/bin/kea-dhcp-ddns -c "''${RUNTIME_DIRECTORY}/dhcp-ddns.conf" ${escapeShellArgs config.services.kea.dhcp-ddns.extraArgs} |
217 | ''; | 220 | ''; |
218 | LoadCredential = [ | 221 | LoadCredential = [ |
219 | "knot-tsig.json.frag:${config.sops.secrets."kea-knot-tsig.json.frag".path}" | 222 | "knot-tsig.json.frag:${config.sops.secrets."kea-knot-tsig.json.frag".path}" |
@@ -226,26 +229,53 @@ | |||
226 | sopsFile = ./knot-tsig.json.frag; | 229 | sopsFile = ./knot-tsig.json.frag; |
227 | }; | 230 | }; |
228 | 231 | ||
229 | systemd.services."installer-atftpd" = { | 232 | systemd.services."pxe-atftpd" = { |
230 | description = "TFTP Server for PXE Booting NixOS Installer"; | 233 | description = "TFTP Server for PXE Booting"; |
231 | after = [ "network.target" ]; | 234 | after = [ "network.target" ]; |
232 | wantedBy = [ "multi-user.target" ]; | 235 | wantedBy = [ "multi-user.target" ]; |
233 | serviceConfig.ExecStart = let | 236 | serviceConfig.ExecStart = let |
234 | installerBuild = flake.nixosConfigurations.installer-x86_64-linux-netboot.config.system.build; | ||
235 | ipxe = pkgs.ipxe.override { | 237 | ipxe = pkgs.ipxe.override { |
236 | additionalTargets = { | 238 | additionalTargets = { |
237 | "bin-i386-efi/ipxe.efi" = "i386-ipxe.efi"; | 239 | "bin-i386-efi/ipxe.efi" = "i386-ipxe.efi"; |
238 | }; | 240 | }; |
239 | }; | 241 | }; |
240 | tftpRoot = pkgs.runCommandLocal "installer-netboot" {} '' | 242 | tftpRoot = pkgs.runCommandLocal "netboot" {} '' |
241 | mkdir -p $out | 243 | mkdir -p $out |
242 | install -m 0444 -t $out \ | 244 | install -m 0444 -t $out \ |
243 | ${installerBuild.netbootRamdisk}/initrd \ | ||
244 | ${installerBuild.kernel}/bzImage \ | ||
245 | ${installerBuild.netbootIpxeScript}/netboot.ipxe \ | ||
246 | ${ipxe}/ipxe.efi ${ipxe}/i386-ipxe.efi ${ipxe}/undionly.kpxe | 245 | ${ipxe}/ipxe.efi ${ipxe}/i386-ipxe.efi ${ipxe}/undionly.kpxe |
246 | |||
247 | ${concatMapStringsSep "\n" (system: | ||
248 | let | ||
249 | installerBuild = (flake.nixosConfigurations.${"installer-${system}-nfsroot"}.extendModules { | ||
250 | modules = [ | ||
251 | ({ ... }: { config.nfsroot.storeDevice = "vidhar:nix-store"; }) | ||
252 | ]; | ||
253 | }).config.system.build; | ||
254 | in '' | ||
255 | mkdir -p $out/installer-${system} | ||
256 | install -m 0444 -t $out/installer-${system} \ | ||
257 | ${installerBuild.initialRamdisk}/initrd \ | ||
258 | ${installerBuild.kernel}/bzImage \ | ||
259 | ${installerBuild.netbootIpxeScript}/netboot.ipxe | ||
260 | '' | ||
261 | ) ["x86_64-linux"]} | ||
247 | ''; | 262 | ''; |
248 | in "${pkgs.atftp}/sbin/atftpd --daemon --no-fork --bind-address=10.141.0.1 ${tftpRoot}"; | 263 | in "${pkgs.atftp}/sbin/atftpd --daemon --no-fork --bind-address=10.141.0.1 ${tftpRoot}"; |
249 | }; | 264 | }; |
265 | |||
266 | services.nfs.server = { | ||
267 | enable = true; | ||
268 | createMountPoints = true; | ||
269 | exports = '' | ||
270 | /export/nix-root 10.141.0.0/24(ro) | ||
271 | ''; | ||
272 | }; | ||
273 | |||
274 | fileSystems = { | ||
275 | "/export/nix-root" = { | ||
276 | device = "/nix/store"; | ||
277 | options = [ "bind" ]; | ||
278 | }; | ||
279 | }; | ||
250 | }; | 280 | }; |
251 | } | 281 | } |