summaryrefslogtreecommitdiff
path: root/hosts/vidhar/network/dhcp/default.nix
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2022-10-03 17:15:36 +0200
committerGregor Kleen <gkleen@yggdrasil.li>2022-10-03 17:15:36 +0200
commit9248259708bd6ade5e334a2cdfb29d2a20acb0dd (patch)
tree976a140d547557c8cdf98856510030fd35b83d1a /hosts/vidhar/network/dhcp/default.nix
parent59e54bd97f70711573d321f2d2aeee5da46bf95d (diff)
downloadnixos-9248259708bd6ade5e334a2cdfb29d2a20acb0dd.tar
nixos-9248259708bd6ade5e334a2cdfb29d2a20acb0dd.tar.gz
nixos-9248259708bd6ade5e334a2cdfb29d2a20acb0dd.tar.bz2
nixos-9248259708bd6ade5e334a2cdfb29d2a20acb0dd.tar.xz
nixos-9248259708bd6ade5e334a2cdfb29d2a20acb0dd.zip
...
Diffstat (limited to 'hosts/vidhar/network/dhcp/default.nix')
-rw-r--r--hosts/vidhar/network/dhcp/default.nix58
1 files changed, 44 insertions, 14 deletions
diff --git a/hosts/vidhar/network/dhcp/default.nix b/hosts/vidhar/network/dhcp/default.nix
index 067dc6d6..e14b15ac 100644
--- a/hosts/vidhar/network/dhcp/default.nix
+++ b/hosts/vidhar/network/dhcp/default.nix
@@ -1,4 +1,7 @@
1{ flake, config, pkgs, lib, ... }: 1{ flake, config, pkgs, lib, ... }:
2
3with lib;
4
2{ 5{
3 config = { 6 config = {
4 services.kea = { 7 services.kea = {
@@ -23,7 +26,7 @@
23 { name = "ipxe"; 26 { name = "ipxe";
24 test = "option[77].hex == 'iPXE'"; 27 test = "option[77].hex == 'iPXE'";
25 next-server = "10.141.0.1"; 28 next-server = "10.141.0.1";
26 boot-file-name = "netboot.ipxe"; 29 boot-file-name = "installer-x86_64-linux/netboot.ipxe";
27 only-if-required = true; 30 only-if-required = true;
28 } 31 }
29 { name = "uefi-64"; 32 { name = "uefi-64";
@@ -146,7 +149,7 @@
146 pools = [ { pool = "10.141.2.128 - 10.141.2.254"; } ]; 149 pools = [ { pool = "10.141.2.128 - 10.141.2.254"; } ];
147 reservations = []; 150 reservations = [];
148 } 151 }
149 ]; 152 ];
150 }; 153 };
151 }; 154 };
152 # dhcp6 = { 155 # dhcp6 = {
@@ -195,16 +198,16 @@
195 }; 198 };
196 199
197 systemd.services.kea-dhcp-ddns-server = { 200 systemd.services.kea-dhcp-ddns-server = {
198 preStart = let 201 preStart = let
199 configLines = [ 202 configLines = [
200 "<?include \"\${CREDENTIALS_DIRECTORY}/knot-tsig.json.frag\"?>" 203 "<?include \"\${CREDENTIALS_DIRECTORY}/knot-tsig.json.frag\"?>"
201 ] ++ lib.mapAttrsToList (k: v: 204 ] ++ mapAttrsToList (k: v:
202 "\"${k}\": ${builtins.toJSON v}" 205 "\"${k}\": ${builtins.toJSON v}"
203 ) config.services.kea.dhcp-ddns.settings; 206 ) config.services.kea.dhcp-ddns.settings;
204 207
205 config-template = pkgs.writeText "dhcp-ddns.conf" '' 208 config-template = pkgs.writeText "dhcp-ddns.conf" ''
206 {"DhcpDdns": { 209 {"DhcpDdns": {
207 ${lib.concatStringsSep ",\n " configLines} 210 ${concatStringsSep ",\n " configLines}
208 }} 211 }}
209 ''; 212 '';
210 in '' 213 in ''
@@ -212,8 +215,8 @@
212 ''; 215 '';
213 216
214 serviceConfig = { 217 serviceConfig = {
215 ExecStart = lib.mkForce '' 218 ExecStart = mkForce ''
216 ${pkgs.kea}/bin/kea-dhcp-ddns -c "''${RUNTIME_DIRECTORY}/dhcp-ddns.conf" ${lib.escapeShellArgs config.services.kea.dhcp-ddns.extraArgs} 219 ${pkgs.kea}/bin/kea-dhcp-ddns -c "''${RUNTIME_DIRECTORY}/dhcp-ddns.conf" ${escapeShellArgs config.services.kea.dhcp-ddns.extraArgs}
217 ''; 220 '';
218 LoadCredential = [ 221 LoadCredential = [
219 "knot-tsig.json.frag:${config.sops.secrets."kea-knot-tsig.json.frag".path}" 222 "knot-tsig.json.frag:${config.sops.secrets."kea-knot-tsig.json.frag".path}"
@@ -226,26 +229,53 @@
226 sopsFile = ./knot-tsig.json.frag; 229 sopsFile = ./knot-tsig.json.frag;
227 }; 230 };
228 231
229 systemd.services."installer-atftpd" = { 232 systemd.services."pxe-atftpd" = {
230 description = "TFTP Server for PXE Booting NixOS Installer"; 233 description = "TFTP Server for PXE Booting";
231 after = [ "network.target" ]; 234 after = [ "network.target" ];
232 wantedBy = [ "multi-user.target" ]; 235 wantedBy = [ "multi-user.target" ];
233 serviceConfig.ExecStart = let 236 serviceConfig.ExecStart = let
234 installerBuild = flake.nixosConfigurations.installer-x86_64-linux-netboot.config.system.build;
235 ipxe = pkgs.ipxe.override { 237 ipxe = pkgs.ipxe.override {
236 additionalTargets = { 238 additionalTargets = {
237 "bin-i386-efi/ipxe.efi" = "i386-ipxe.efi"; 239 "bin-i386-efi/ipxe.efi" = "i386-ipxe.efi";
238 }; 240 };
239 }; 241 };
240 tftpRoot = pkgs.runCommandLocal "installer-netboot" {} '' 242 tftpRoot = pkgs.runCommandLocal "netboot" {} ''
241 mkdir -p $out 243 mkdir -p $out
242 install -m 0444 -t $out \ 244 install -m 0444 -t $out \
243 ${installerBuild.netbootRamdisk}/initrd \
244 ${installerBuild.kernel}/bzImage \
245 ${installerBuild.netbootIpxeScript}/netboot.ipxe \
246 ${ipxe}/ipxe.efi ${ipxe}/i386-ipxe.efi ${ipxe}/undionly.kpxe 245 ${ipxe}/ipxe.efi ${ipxe}/i386-ipxe.efi ${ipxe}/undionly.kpxe
246
247 ${concatMapStringsSep "\n" (system:
248 let
249 installerBuild = (flake.nixosConfigurations.${"installer-${system}-nfsroot"}.extendModules {
250 modules = [
251 ({ ... }: { config.nfsroot.storeDevice = "vidhar:nix-store"; })
252 ];
253 }).config.system.build;
254 in ''
255 mkdir -p $out/installer-${system}
256 install -m 0444 -t $out/installer-${system} \
257 ${installerBuild.initialRamdisk}/initrd \
258 ${installerBuild.kernel}/bzImage \
259 ${installerBuild.netbootIpxeScript}/netboot.ipxe
260 ''
261 ) ["x86_64-linux"]}
247 ''; 262 '';
248 in "${pkgs.atftp}/sbin/atftpd --daemon --no-fork --bind-address=10.141.0.1 ${tftpRoot}"; 263 in "${pkgs.atftp}/sbin/atftpd --daemon --no-fork --bind-address=10.141.0.1 ${tftpRoot}";
249 }; 264 };
265
266 services.nfs.server = {
267 enable = true;
268 createMountPoints = true;
269 exports = ''
270 /export/nix-root 10.141.0.0/24(ro)
271 '';
272 };
273
274 fileSystems = {
275 "/export/nix-root" = {
276 device = "/nix/store";
277 options = [ "bind" ];
278 };
279 };
250 }; 280 };
251} 281}