...

4 files changed, 80 insertions, 31 deletions

diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix
index 3f5d17d5..fc77f03c 100644
--- a/hosts/vidhar/default.nix
+++ b/hosts/vidhar/default.nix
@@ -235,25 +235,30 @@ with lib;
         ];
       };
     };
-    systemd.services.loki.preStart = let
-      rulesYaml = generators.toYAML {} {
-        groups = [
-          { name = "power-failures";
-            rules = [
-              { record = "apcupsd_power_failures:per_day";
-                expr = "sum by (nodename) (rate({job=\"systemd-journal\"} | json | MESSAGE = \"Power failure.\"[1d])) * 86400";
-              }
-              { record = "apcupsd_power_failures:per_week";
-                expr = "sum by (nodename) (rate({job=\"systemd-journal\"} | json | MESSAGE = \"Power failure.\"[1w])) * 604800";
-              }
-            ];
-          }
-        ];
-      };
-    in ''
-      ${pkgs.coreutils}/bin/install -m 0755 -o ${config.services.loki.user} -g ${config.services.loki.group} -d ${config.services.loki.configuration.ruler.storage.local.directory}/fake
-      ${pkgs.coreutils}/bin/ln -sf ${pkgs.writeText "rules.yml" rulesYaml} ${config.services.loki.configuration.ruler.storage.local.directory}/fake/rules.yml
-    '';
+    systemd.services.loki = {
+      preStart = let
+        rulesYaml = generators.toYAML {} {
+          groups = [
+            { name = "power-failures";
+              rules = [
+                { record = "apcupsd_power_failures:per_day";
+                  expr = "sum by (nodename) (rate({job=\"systemd-journal\"} | json | MESSAGE = \"Power failure.\"[1d])) * 86400";
+                }
+                { record = "apcupsd_power_failures:per_week";
+                  expr = "sum by (nodename) (rate({job=\"systemd-journal\"} | json | MESSAGE = \"Power failure.\"[1w])) * 604800";
+                }
+              ];
+            }
+          ];
+        };
+      in ''
+        ${pkgs.coreutils}/bin/install -m 0755 -o ${config.services.loki.user} -g ${config.services.loki.group} -d ${config.services.loki.configuration.ruler.storage.local.directory}/fake
+        ${pkgs.coreutils}/bin/ln -sf ${pkgs.writeText "rules.yml" rulesYaml} ${config.services.loki.configuration.ruler.storage.local.directory}/fake/rules.yml
+      '';
+      serviceConfig.Environment = [
+        "ASSUME_NO_MOVING_GC_UNSAFE_RISK_IT_WITH=go1.19"
+      ];
+    };
     services.promtail = {
       enable = true;
       configuration = {
@@ -286,6 +291,9 @@ with lib;
         ];
       };
     };
+    systemd.services.promtail.serviceConfig.Environment = [
+      "ASSUME_NO_MOVING_GC_UNSAFE_RISK_IT_WITH=go1.19"
+    ];
 
     services.apcupsd = {
       enable = true;
diff --git a/hosts/vidhar/network/dhcp/default.nix b/hosts/vidhar/network/dhcp/default.nix
index dfaa4c9f..d3407f1d 100644
--- a/hosts/vidhar/network/dhcp/default.nix
+++ b/hosts/vidhar/network/dhcp/default.nix
@@ -23,6 +23,12 @@ with lib;
           };
 
           client-classes = [
+            { name = "eos-ipxe";
+              test = "hexstring(pkt4.mac, ':') == '00:d8:61:79:c5:40' and option[77].hex == 'iPXE'";
+              next-server = "10.141.0.1";
+              boot-file-name = "http://nfsroot.vidhar.yggdrasil/eos/netboot.ipxe";
+              only-if-required = true;
+            }
             { name = "ipxe";
               test = "option[77].hex == 'iPXE'";
               next-server = "10.141.0.1";
@@ -85,7 +91,7 @@ with lib;
               ddns-send-updates = true;
               ddns-qualifying-suffix = "lan.yggdrasil";
               pools = [ { pool = "10.141.0.128 - 10.141.0.254"; } ];
-              require-client-classes = ["ipxe" "uefi-64" "uefi-32" "legacy"];
+              require-client-classes = map (cc: cc.name) config.services.kea.dhcp4.settings.client-classes;
               reservations = [
                 { hostname = "sif";
                   hw-address = "3c:e1:a1:52:24:35";
@@ -258,7 +264,25 @@ with lib;
                    ${pkgs.closureInfo { rootPaths = installerBuild.storeContents; }}/registration
                '')
               ) ["x86_64-linux"]
-            );
+            ) ++ [
+              (let
+                 eosBuild = (flake.nixosConfigurations.eos.extendModules {
+                   modules = [
+                     ({ ... }: {
+                       config.nfsroot.storeDevice = "10.141.0.1:nix-store";
+                       config.nfsroot.registrationUrl = "http://nfsroot.vidhar.yggdrasil/eos/registration";
+                     })
+                   ];
+                 }).config.system.build;
+               in builtins.toPath (pkgs.runCommandLocal "eos" {} ''
+                    mkdir -p $out/eos
+                    install -m 0444 -t $out/eos \
+                      ${eosBuild.initialRamdisk}/initrd \
+                      ${eosBuild.kernel}/bzImage \
+                      ${eosBuild.netbootIpxeScript}/netboot.ipxe \
+                      ${pkgs.closureInfo { rootPaths = eosBuild.storeContents; }}/registration
+                  ''))
+            ];
         };
       };
     };
diff --git a/hosts/vidhar/samba.nix b/hosts/vidhar/samba.nix
index 0ddf56a3..ffca9c6d 100644
--- a/hosts/vidhar/samba.nix
+++ b/hosts/vidhar/samba.nix
@@ -14,28 +14,45 @@
         guest account = nobody
         bind interfaces only = yes
         interfaces = lo lan
+        server signing = mandatory
+        server min protocol = SMB3
+        server smb encrypt = required
       '';
       shares = {
         homes = {
-          comment = "Home Directories";
+          comment = "Home directory for %S";
           path = "/home/%S";
-          browseable = "no";
+          browseable = false;
           "valid users" = "%S";
-          "read only" = "no";
+          "read only" = false;
           "create mask" = "0700";
           "directory mask" = "0700";
           "vfs objects" = "shadow_copy2";
           "shadow:snapdir" = ".zfs/snapshot";
+          "shadow:snapdirseverywhere" = true;
           "shadow:sort" = "desc";
           "shadow:format" = "%Y-%m-%dT%H:%M:%SZ";
         };
         eos = {
-          comment = "Disk image of eos";
+          comment = "Disk image of legacy eos";
           browseable = true;
           "valid users" = "mherold";
           writeable = "true";
           path = "/srv/eos";
         };
+        home-eos = {
+          comment = "Home directoriy for %u on PXE booted EOS";
+          path = "/srv/cifs/home-eos/%u";
+          volume = "%u@eos";
+          browseable = true;
+          "read only" = false;
+          "create mask" = "0700";
+          "directory mask" = "0700";
+          "vfs objects" = "shadow_copy2";
+          "shadow:snapdir" = ".zfs/snapshot";
+          "shadow:sort" = "desc";
+          "shadow:format" = "%Y-%m-%dT%H:%M:%SZ";
+        };
       };
     };
     services.samba-wsdd = {
diff --git a/hosts/vidhar/zfs.nix b/hosts/vidhar/zfs.nix
index 52b48aca..1de4b9b7 100644
--- a/hosts/vidhar/zfs.nix
+++ b/hosts/vidhar/zfs.nix
@@ -23,7 +23,7 @@
           fsType = "zfs";
           neededForBoot = true;
         };
-      
+
       "/var/lib/nixos" =
         { device = "ssd-raid1/local/var-lib-nixos";
           fsType = "zfs";
@@ -34,22 +34,22 @@
         { device = "ssd-raid1/local/var-lib-unbound";
           fsType = "zfs";
         };
-      
+
       # "/var/lib/dhcp" =
       #   { device = "ssd-raid1/local/var-lib-dhcp";
       #     fsType = "zfs";
       #   };
-      
+
       "/var/lib/chrony" =
         { device = "ssd-raid1/local/var-lib-chrony";
           fsType = "zfs";
         };
-      
+
       "/var/lib/samba" =
         { device = "ssd-raid1/local/var-lib-samba";
           fsType = "zfs";
         };
-      
+
       # "/var/lib/prometheus2" =
       #   { device = "ssd-raid1/local/var-lib-prometheus2";
       #     fsType = "zfs";
@@ -67,7 +67,7 @@
       #     fsType = "zfs";
       #     options = [ "zfsutil" ];
       #   };
-      
+
       # "/srv/tftp" =
       #   { device = "ssd-raid1/local/srv-tftp";
       #     fsType = "zfs";