diff options
| author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-10-03 17:15:36 +0200 | 
|---|---|---|
| committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-10-03 17:15:36 +0200 | 
| commit | 9248259708bd6ade5e334a2cdfb29d2a20acb0dd (patch) | |
| tree | 976a140d547557c8cdf98856510030fd35b83d1a /hosts | |
| parent | 59e54bd97f70711573d321f2d2aeee5da46bf95d (diff) | |
| download | nixos-9248259708bd6ade5e334a2cdfb29d2a20acb0dd.tar nixos-9248259708bd6ade5e334a2cdfb29d2a20acb0dd.tar.gz nixos-9248259708bd6ade5e334a2cdfb29d2a20acb0dd.tar.bz2 nixos-9248259708bd6ade5e334a2cdfb29d2a20acb0dd.tar.xz nixos-9248259708bd6ade5e334a2cdfb29d2a20acb0dd.zip | |
...
Diffstat (limited to 'hosts')
| -rw-r--r-- | hosts/sif/default.nix | 18 | ||||
| -rw-r--r-- | hosts/surtr/vpn/default.nix | 4 | ||||
| -rw-r--r-- | hosts/vidhar/borg/default.nix | 6 | ||||
| -rw-r--r-- | hosts/vidhar/network/dhcp/default.nix | 58 | ||||
| -rw-r--r-- | hosts/vidhar/network/dsl.nix | 8 | ||||
| -rw-r--r-- | hosts/vidhar/prometheus/default.nix | 7 | 
6 files changed, 68 insertions, 33 deletions
| diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix index b4713736..b38a387c 100644 --- a/hosts/sif/default.nix +++ b/hosts/sif/default.nix | |||
| @@ -290,7 +290,7 @@ in { | |||
| 290 | 290 | ||
| 291 | services = { | 291 | services = { | 
| 292 | udev.packages = with pkgs; [ uhk-agent ]; | 292 | udev.packages = with pkgs; [ uhk-agent ]; | 
| 293 | 293 | ||
| 294 | # tinc.yggdrasil.enable = true; | 294 | # tinc.yggdrasil.enable = true; | 
| 295 | 295 | ||
| 296 | uucp = { | 296 | uucp = { | 
| @@ -313,9 +313,9 @@ in { | |||
| 313 | fprintd.enable = true; | 313 | fprintd.enable = true; | 
| 314 | 314 | ||
| 315 | blueman.enable = true; | 315 | blueman.enable = true; | 
| 316 | 316 | ||
| 317 | colord.enable = true; | 317 | colord.enable = true; | 
| 318 | 318 | ||
| 319 | vnstat.enable = true; | 319 | vnstat.enable = true; | 
| 320 | 320 | ||
| 321 | upower.enable = true; | 321 | upower.enable = true; | 
| @@ -468,8 +468,8 @@ in { | |||
| 468 | 468 | ||
| 469 | hardware = { | 469 | hardware = { | 
| 470 | bluetooth = { | 470 | bluetooth = { | 
| 471 | enable = true; | 471 | enable = true; | 
| 472 | package = pkgs.bluezFull; | 472 | package = pkgs.bluez; | 
| 473 | settings = { | 473 | settings = { | 
| 474 | General = { | 474 | General = { | 
| 475 | Enable = "Source,Sink,Media,Socket"; | 475 | Enable = "Source,Sink,Media,Socket"; | 
| @@ -510,12 +510,14 @@ in { | |||
| 510 | daemonCPUSchedPolicy = "idle"; | 510 | daemonCPUSchedPolicy = "idle"; | 
| 511 | daemonIOSchedClass = "idle"; | 511 | daemonIOSchedClass = "idle"; | 
| 512 | 512 | ||
| 513 | buildServers.vidhar = { | 513 | buildServers.vidhar = let | 
| 514 | vidhar = flake.nixosConfigurations.vidhar; | ||
| 515 | in { | ||
| 514 | address = "vidhar.yggdrasil"; | 516 | address = "vidhar.yggdrasil"; | 
| 515 | systems = ["x86_64-linux" "i686-linux"]; | 517 | systems = [vidhar.config.nixpkgs.system] ++ vidhar.config.nix.settings.extra-platforms; | 
| 518 | supportedFeatures = vidhar.config.nix.settings.system-features; | ||
| 516 | maxJobs = 12; | 519 | maxJobs = 12; | 
| 517 | speedFactor = 4; | 520 | speedFactor = 4; | 
| 518 | supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"]; | ||
| 519 | }; | 521 | }; | 
| 520 | }; | 522 | }; | 
| 521 | 523 | ||
| diff --git a/hosts/surtr/vpn/default.nix b/hosts/surtr/vpn/default.nix index cad3b5b4..7f3065f7 100644 --- a/hosts/surtr/vpn/default.nix +++ b/hosts/surtr/vpn/default.nix | |||
| @@ -143,9 +143,9 @@ in { | |||
| 143 | serviceConfig = { | 143 | serviceConfig = { | 
| 144 | Type = "oneshot"; | 144 | Type = "oneshot"; | 
| 145 | RemainAfterExit = true; | 145 | RemainAfterExit = true; | 
| 146 | ExecStop = "${pkgs.iproute}/bin/ip netns exec vpn ip link delete upstream"; | 146 | ExecStop = "${pkgs.iproute2}/bin/ip netns exec vpn ip link delete upstream"; | 
| 147 | }; | 147 | }; | 
| 148 | path = with pkgs; [ iproute procps ]; | 148 | path = with pkgs; [ iproute2 procps ]; | 
| 149 | script = '' | 149 | script = '' | 
| 150 | ip netns exec vpn sysctl \ | 150 | ip netns exec vpn sysctl \ | 
| 151 | net.ipv6.conf.all.forwarding=1 \ | 151 | net.ipv6.conf.all.forwarding=1 \ | 
| diff --git a/hosts/vidhar/borg/default.nix b/hosts/vidhar/borg/default.nix index 650c91ee..79c75c4d 100644 --- a/hosts/vidhar/borg/default.nix +++ b/hosts/vidhar/borg/default.nix | |||
| @@ -57,7 +57,7 @@ let | |||
| 57 | 57 | ||
| 58 | buildInputs = with pkgs; [makeWrapper]; | 58 | buildInputs = with pkgs; [makeWrapper]; | 
| 59 | 59 | ||
| 60 | python = inpPython.withPackages (ps: with ps; [humanize tqdm dateutil xdg python-unshare pyprctl halo]); | 60 | python = inpPython.withPackages (ps: with ps; [humanize tqdm python-dateutil xdg python-unshare pyprctl halo]); | 
| 61 | 61 | ||
| 62 | buildPhase = '' | 62 | buildPhase = '' | 
| 63 | substitute $src copy \ | 63 | substitute $src copy \ | 
| @@ -74,7 +74,7 @@ let | |||
| 74 | copy | 74 | copy | 
| 75 | 75 | ||
| 76 | wrapProgram $out/bin/copy \ | 76 | wrapProgram $out/bin/copy \ | 
| 77 | --prefix PATH : ${makeBinPath (with pkgs; [utillinux borgbackup])}:${config.security.wrapperDir} | 77 | --prefix PATH : ${makeBinPath (with pkgs; [util-linux borgbackup])}:${config.security.wrapperDir} | 
| 78 | ''; | 78 | ''; | 
| 79 | }); | 79 | }); | 
| 80 | 80 | ||
| @@ -93,7 +93,7 @@ let | |||
| 93 | ''; | 93 | ''; | 
| 94 | postInstall = '' | 94 | postInstall = '' | 
| 95 | wrapProgram $out/bin/borgsnap \ | 95 | wrapProgram $out/bin/borgsnap \ | 
| 96 | --prefix PATH : ${makeBinPath (with pkgs; [utillinux borgbackup])}:${config.security.wrapperDir} | 96 | --prefix PATH : ${makeBinPath (with pkgs; [util-linux borgbackup])}:${config.security.wrapperDir} | 
| 97 | ''; | 97 | ''; | 
| 98 | 98 | ||
| 99 | providers.python-unshare = "nixpkgs"; | 99 | providers.python-unshare = "nixpkgs"; | 
| diff --git a/hosts/vidhar/network/dhcp/default.nix b/hosts/vidhar/network/dhcp/default.nix index 067dc6d6..e14b15ac 100644 --- a/hosts/vidhar/network/dhcp/default.nix +++ b/hosts/vidhar/network/dhcp/default.nix | |||
| @@ -1,4 +1,7 @@ | |||
| 1 | { flake, config, pkgs, lib, ... }: | 1 | { flake, config, pkgs, lib, ... }: | 
| 2 | |||
| 3 | with lib; | ||
| 4 | |||
| 2 | { | 5 | { | 
| 3 | config = { | 6 | config = { | 
| 4 | services.kea = { | 7 | services.kea = { | 
| @@ -23,7 +26,7 @@ | |||
| 23 | { name = "ipxe"; | 26 | { name = "ipxe"; | 
| 24 | test = "option[77].hex == 'iPXE'"; | 27 | test = "option[77].hex == 'iPXE'"; | 
| 25 | next-server = "10.141.0.1"; | 28 | next-server = "10.141.0.1"; | 
| 26 | boot-file-name = "netboot.ipxe"; | 29 | boot-file-name = "installer-x86_64-linux/netboot.ipxe"; | 
| 27 | only-if-required = true; | 30 | only-if-required = true; | 
| 28 | } | 31 | } | 
| 29 | { name = "uefi-64"; | 32 | { name = "uefi-64"; | 
| @@ -146,7 +149,7 @@ | |||
| 146 | pools = [ { pool = "10.141.2.128 - 10.141.2.254"; } ]; | 149 | pools = [ { pool = "10.141.2.128 - 10.141.2.254"; } ]; | 
| 147 | reservations = []; | 150 | reservations = []; | 
| 148 | } | 151 | } | 
| 149 | ]; | 152 | ]; | 
| 150 | }; | 153 | }; | 
| 151 | }; | 154 | }; | 
| 152 | # dhcp6 = { | 155 | # dhcp6 = { | 
| @@ -195,16 +198,16 @@ | |||
| 195 | }; | 198 | }; | 
| 196 | 199 | ||
| 197 | systemd.services.kea-dhcp-ddns-server = { | 200 | systemd.services.kea-dhcp-ddns-server = { | 
| 198 | preStart = let | 201 | preStart = let | 
| 199 | configLines = [ | 202 | configLines = [ | 
| 200 | "<?include \"\${CREDENTIALS_DIRECTORY}/knot-tsig.json.frag\"?>" | 203 | "<?include \"\${CREDENTIALS_DIRECTORY}/knot-tsig.json.frag\"?>" | 
| 201 | ] ++ lib.mapAttrsToList (k: v: | 204 | ] ++ mapAttrsToList (k: v: | 
| 202 | "\"${k}\": ${builtins.toJSON v}" | 205 | "\"${k}\": ${builtins.toJSON v}" | 
| 203 | ) config.services.kea.dhcp-ddns.settings; | 206 | ) config.services.kea.dhcp-ddns.settings; | 
| 204 | 207 | ||
| 205 | config-template = pkgs.writeText "dhcp-ddns.conf" '' | 208 | config-template = pkgs.writeText "dhcp-ddns.conf" '' | 
| 206 | {"DhcpDdns": { | 209 | {"DhcpDdns": { | 
| 207 | ${lib.concatStringsSep ",\n " configLines} | 210 | ${concatStringsSep ",\n " configLines} | 
| 208 | }} | 211 | }} | 
| 209 | ''; | 212 | ''; | 
| 210 | in '' | 213 | in '' | 
| @@ -212,8 +215,8 @@ | |||
| 212 | ''; | 215 | ''; | 
| 213 | 216 | ||
| 214 | serviceConfig = { | 217 | serviceConfig = { | 
| 215 | ExecStart = lib.mkForce '' | 218 | ExecStart = mkForce '' | 
| 216 | ${pkgs.kea}/bin/kea-dhcp-ddns -c "''${RUNTIME_DIRECTORY}/dhcp-ddns.conf" ${lib.escapeShellArgs config.services.kea.dhcp-ddns.extraArgs} | 219 | ${pkgs.kea}/bin/kea-dhcp-ddns -c "''${RUNTIME_DIRECTORY}/dhcp-ddns.conf" ${escapeShellArgs config.services.kea.dhcp-ddns.extraArgs} | 
| 217 | ''; | 220 | ''; | 
| 218 | LoadCredential = [ | 221 | LoadCredential = [ | 
| 219 | "knot-tsig.json.frag:${config.sops.secrets."kea-knot-tsig.json.frag".path}" | 222 | "knot-tsig.json.frag:${config.sops.secrets."kea-knot-tsig.json.frag".path}" | 
| @@ -226,26 +229,53 @@ | |||
| 226 | sopsFile = ./knot-tsig.json.frag; | 229 | sopsFile = ./knot-tsig.json.frag; | 
| 227 | }; | 230 | }; | 
| 228 | 231 | ||
| 229 | systemd.services."installer-atftpd" = { | 232 | systemd.services."pxe-atftpd" = { | 
| 230 | description = "TFTP Server for PXE Booting NixOS Installer"; | 233 | description = "TFTP Server for PXE Booting"; | 
| 231 | after = [ "network.target" ]; | 234 | after = [ "network.target" ]; | 
| 232 | wantedBy = [ "multi-user.target" ]; | 235 | wantedBy = [ "multi-user.target" ]; | 
| 233 | serviceConfig.ExecStart = let | 236 | serviceConfig.ExecStart = let | 
| 234 | installerBuild = flake.nixosConfigurations.installer-x86_64-linux-netboot.config.system.build; | ||
| 235 | ipxe = pkgs.ipxe.override { | 237 | ipxe = pkgs.ipxe.override { | 
| 236 | additionalTargets = { | 238 | additionalTargets = { | 
| 237 | "bin-i386-efi/ipxe.efi" = "i386-ipxe.efi"; | 239 | "bin-i386-efi/ipxe.efi" = "i386-ipxe.efi"; | 
| 238 | }; | 240 | }; | 
| 239 | }; | 241 | }; | 
| 240 | tftpRoot = pkgs.runCommandLocal "installer-netboot" {} '' | 242 | tftpRoot = pkgs.runCommandLocal "netboot" {} '' | 
| 241 | mkdir -p $out | 243 | mkdir -p $out | 
| 242 | install -m 0444 -t $out \ | 244 | install -m 0444 -t $out \ | 
| 243 | ${installerBuild.netbootRamdisk}/initrd \ | ||
| 244 | ${installerBuild.kernel}/bzImage \ | ||
| 245 | ${installerBuild.netbootIpxeScript}/netboot.ipxe \ | ||
| 246 | ${ipxe}/ipxe.efi ${ipxe}/i386-ipxe.efi ${ipxe}/undionly.kpxe | 245 | ${ipxe}/ipxe.efi ${ipxe}/i386-ipxe.efi ${ipxe}/undionly.kpxe | 
| 246 | |||
| 247 | ${concatMapStringsSep "\n" (system: | ||
| 248 | let | ||
| 249 | installerBuild = (flake.nixosConfigurations.${"installer-${system}-nfsroot"}.extendModules { | ||
| 250 | modules = [ | ||
| 251 | ({ ... }: { config.nfsroot.storeDevice = "vidhar:nix-store"; }) | ||
| 252 | ]; | ||
| 253 | }).config.system.build; | ||
| 254 | in '' | ||
| 255 | mkdir -p $out/installer-${system} | ||
| 256 | install -m 0444 -t $out/installer-${system} \ | ||
| 257 | ${installerBuild.initialRamdisk}/initrd \ | ||
| 258 | ${installerBuild.kernel}/bzImage \ | ||
| 259 | ${installerBuild.netbootIpxeScript}/netboot.ipxe | ||
| 260 | '' | ||
| 261 | ) ["x86_64-linux"]} | ||
| 247 | ''; | 262 | ''; | 
| 248 | in "${pkgs.atftp}/sbin/atftpd --daemon --no-fork --bind-address=10.141.0.1 ${tftpRoot}"; | 263 | in "${pkgs.atftp}/sbin/atftpd --daemon --no-fork --bind-address=10.141.0.1 ${tftpRoot}"; | 
| 249 | }; | 264 | }; | 
| 265 | |||
| 266 | services.nfs.server = { | ||
| 267 | enable = true; | ||
| 268 | createMountPoints = true; | ||
| 269 | exports = '' | ||
| 270 | /export/nix-root 10.141.0.0/24(ro) | ||
| 271 | ''; | ||
| 272 | }; | ||
| 273 | |||
| 274 | fileSystems = { | ||
| 275 | "/export/nix-root" = { | ||
| 276 | device = "/nix/store"; | ||
| 277 | options = [ "bind" ]; | ||
| 278 | }; | ||
| 279 | }; | ||
| 250 | }; | 280 | }; | 
| 251 | } | 281 | } | 
| diff --git a/hosts/vidhar/network/dsl.nix b/hosts/vidhar/network/dsl.nix index a5f4daf2..461e74d2 100644 --- a/hosts/vidhar/network/dsl.nix +++ b/hosts/vidhar/network/dsl.nix | |||
| @@ -11,7 +11,7 @@ in { | |||
| 11 | default = "dsl"; | 11 | default = "dsl"; | 
| 12 | }; | 12 | }; | 
| 13 | }; | 13 | }; | 
| 14 | 14 | ||
| 15 | config = { | 15 | config = { | 
| 16 | networking.vlans = { | 16 | networking.vlans = { | 
| 17 | telekom = { | 17 | telekom = { | 
| @@ -19,7 +19,7 @@ in { | |||
| 19 | interface = "eno2"; | 19 | interface = "eno2"; | 
| 20 | }; | 20 | }; | 
| 21 | }; | 21 | }; | 
| 22 | 22 | ||
| 23 | services.pppd = { | 23 | services.pppd = { | 
| 24 | enable = true; | 24 | enable = true; | 
| 25 | peers.telekom.config = '' | 25 | peers.telekom.config = '' | 
| @@ -40,7 +40,7 @@ in { | |||
| 40 | }; | 40 | }; | 
| 41 | systemd.services."pppd-telekom" = { | 41 | systemd.services."pppd-telekom" = { | 
| 42 | stopIfChanged = true; | 42 | stopIfChanged = true; | 
| 43 | 43 | ||
| 44 | serviceConfig = lib.mkForce { | 44 | serviceConfig = lib.mkForce { | 
| 45 | Type = "notify"; | 45 | Type = "notify"; | 
| 46 | PIDFile = "/run/pppd/${pppInterface}.pid"; | 46 | PIDFile = "/run/pppd/${pppInterface}.pid"; | 
| @@ -62,7 +62,7 @@ in { | |||
| 62 | "ppp/ip-up" = { | 62 | "ppp/ip-up" = { | 
| 63 | text = '' | 63 | text = '' | 
| 64 | #!${pkgs.runtimeShell} | 64 | #!${pkgs.runtimeShell} | 
| 65 | ${pkgs.iproute}/bin/ip route add default via "$5" dev "${pppInterface}" metric 512 | 65 | ${pkgs.iproute2}/bin/ip route add default via "$5" dev "${pppInterface}" metric 512 | 
| 66 | ''; | 66 | ''; | 
| 67 | mode = "0555"; | 67 | mode = "0555"; | 
| 68 | }; | 68 | }; | 
| diff --git a/hosts/vidhar/prometheus/default.nix b/hosts/vidhar/prometheus/default.nix index 7ac86c30..8e5ff0ea 100644 --- a/hosts/vidhar/prometheus/default.nix +++ b/hosts/vidhar/prometheus/default.nix | |||
| @@ -61,9 +61,12 @@ in { | |||
| 61 | }; | 61 | }; | 
| 62 | apcupsd.enable = true; | 62 | apcupsd.enable = true; | 
| 63 | systemd = { | 63 | systemd = { | 
| 64 | enable = true; | 64 | enable = false; # TODO | 
| 65 | extraFlags = [ | 65 | extraFlags = [ | 
| 66 | "--collector.unit-whitelist=(dhcpcd-dsl|pppd-telekom|corerad|ndppd)\.service" | 66 | "--systemd.collector.unit-include=(dhcpcd-dsl|pppd-telekom|corerad|ndppd)\.service" | 
| 67 | "--systemd.collector.enable-restart-count" | ||
| 68 | "--systemd.collector.enable-file-descriptor-size" | ||
| 69 | "--systemd.collector.enable-ip-accounting" | ||
| 67 | ]; | 70 | ]; | 
| 68 | }; | 71 | }; | 
| 69 | blackbox = { | 72 | blackbox = { | 
