diff options
| author | Gregor Kleen <gkleen@yggdrasil.li> | 2026-05-19 10:19:18 +0200 |
|---|---|---|
| committer | Gregor Kleen <gkleen@yggdrasil.li> | 2026-05-19 10:19:18 +0200 |
| commit | 747dc5d5b559b7e2c5ea1354a596597110208219 (patch) | |
| tree | cd3f1aa5c5484a83b5235f9c10e97de5e4815ab4 /hosts | |
| parent | 6c4b4f65882cd3a428d48e6f4927ea2648812dfb (diff) | |
| download | nixos-747dc5d5b559b7e2c5ea1354a596597110208219.tar nixos-747dc5d5b559b7e2c5ea1354a596597110208219.tar.gz nixos-747dc5d5b559b7e2c5ea1354a596597110208219.tar.bz2 nixos-747dc5d5b559b7e2c5ea1354a596597110208219.tar.xz nixos-747dc5d5b559b7e2c5ea1354a596597110208219.zip | |
bump
Diffstat (limited to 'hosts')
| -rw-r--r-- | hosts/surtr/tls/default.nix | 6 | ||||
| -rw-r--r-- | hosts/vidhar/network/dhcp/default.nix | 102 |
2 files changed, 55 insertions, 53 deletions
diff --git a/hosts/surtr/tls/default.nix b/hosts/surtr/tls/default.nix index 2c346baa..edec60b1 100644 --- a/hosts/surtr/tls/default.nix +++ b/hosts/surtr/tls/default.nix | |||
| @@ -58,16 +58,18 @@ in { | |||
| 58 | extraDomainNames = optional domainCfg.wildcard "*.${domain}"; | 58 | extraDomainNames = optional domainCfg.wildcard "*.${domain}"; |
| 59 | dnsResolver = "127.0.0.1:53"; | 59 | dnsResolver = "127.0.0.1:53"; |
| 60 | dnsProvider = "rfc2136"; | 60 | dnsProvider = "rfc2136"; |
| 61 | credentialsFile = pkgs.writeText "${domain}_credentials.env" '' | 61 | environmentFile = pkgs.writeText "${domain}_credentials.env" '' |
| 62 | RFC2136_NAMESERVER=127.0.0.1:53 | 62 | RFC2136_NAMESERVER=127.0.0.1:53 |
| 63 | RFC2136_TSIG_ALGORITHM=hmac-sha256. | 63 | RFC2136_TSIG_ALGORITHM=hmac-sha256. |
| 64 | RFC2136_TSIG_KEY=${domain}_acme_key | 64 | RFC2136_TSIG_KEY=${domain}_acme_key |
| 65 | RFC2136_TSIG_SECRET_FILE=/run/credentials/acme-order-renew-${domain}.service/${tsigSecretName domain} | ||
| 66 | RFC2136_TTL=0 | 65 | RFC2136_TTL=0 |
| 67 | RFC2136_PROPAGATION_TIMEOUT=60 | 66 | RFC2136_PROPAGATION_TIMEOUT=60 |
| 68 | RFC2136_POLLING_INTERVAL=2 | 67 | RFC2136_POLLING_INTERVAL=2 |
| 69 | RFC2136_SEQUENCE_INTERVAL=1 | 68 | RFC2136_SEQUENCE_INTERVAL=1 |
| 70 | ''; | 69 | ''; |
| 70 | credentialFiles = { | ||
| 71 | RFC2136_TSIG_SECRET_FILE = "/run/credentials/acme-order-renew-${domain}.service/${tsigSecretName domain}"; | ||
| 72 | }; | ||
| 71 | dnsPropagationCheck = false; | 73 | dnsPropagationCheck = false; |
| 72 | postRun = mkIf (domainCfg.restartUnits != []) '' | 74 | postRun = mkIf (domainCfg.restartUnits != []) '' |
| 73 | systemctl --no-block try-restart ${escapeShellArgs domainCfg.restartUnits} | 75 | systemctl --no-block try-restart ${escapeShellArgs domainCfg.restartUnits} |
diff --git a/hosts/vidhar/network/dhcp/default.nix b/hosts/vidhar/network/dhcp/default.nix index eda27663..557794e0 100644 --- a/hosts/vidhar/network/dhcp/default.nix +++ b/hosts/vidhar/network/dhcp/default.nix | |||
| @@ -48,12 +48,12 @@ in { | |||
| 48 | }; | 48 | }; |
| 49 | 49 | ||
| 50 | client-classes = [ | 50 | client-classes = [ |
| 51 | { name = "ipxe-eostre"; | 51 | # { name = "ipxe-eostre"; |
| 52 | test = "hexstring(pkt4.mac, ':') == '00:d8:61:79:c5:40' and option[77].hex == 'iPXE-yggdrasil'"; | 52 | # test = "hexstring(pkt4.mac, ':') == '00:d8:61:79:c5:40' and option[77].hex == 'iPXE-yggdrasil'"; |
| 53 | next-server = tftpIp; | 53 | # next-server = tftpIp; |
| 54 | boot-file-name = "${nfsrootBaseUrl}/eostre.menu.ipxe"; | 54 | # boot-file-name = "${nfsrootBaseUrl}/eostre.menu.ipxe"; |
| 55 | only-if-required = true; | 55 | # only-if-required = true; |
| 56 | } | 56 | # } |
| 57 | { name = "ipxe-yggdrasil"; | 57 | { name = "ipxe-yggdrasil"; |
| 58 | test = "option[77].hex == 'iPXE-yggdrasil'"; | 58 | test = "option[77].hex == 'iPXE-yggdrasil'"; |
| 59 | next-server = tftpIp; | 59 | next-server = tftpIp; |
| @@ -364,57 +364,57 @@ in { | |||
| 364 | install -m 0444 ${sources.netbootxyz-efi.src} $out/netboot.xyz.efi | 364 | install -m 0444 ${sources.netbootxyz-efi.src} $out/netboot.xyz.efi |
| 365 | install -m 0444 ${sources.netbootxyz-lkrn.src} $out/netboot.xyz.lkrn | 365 | install -m 0444 ${sources.netbootxyz-lkrn.src} $out/netboot.xyz.lkrn |
| 366 | '') | 366 | '') |
| 367 | (builtins.addErrorContext "while evaluating eostre" (let | 367 | # (builtins.addErrorContext "while evaluating eostre" (let |
| 368 | eostreBuild' = (flake.nixosConfigurations.eostre.extendModules { | 368 | # eostreBuild' = (flake.nixosConfigurations.eostre.extendModules { |
| 369 | modules = [ | 369 | # modules = [ |
| 370 | ({ ... }: { | 370 | # ({ ... }: { |
| 371 | config.nfsroot.storeDevice = "${nfsIp}:nix-store"; | 371 | # config.nfsroot.storeDevice = "${nfsIp}:nix-store"; |
| 372 | config.nfsroot.registrationUrl = "${nfsrootBaseUrl}/eostre/registration"; | 372 | # config.nfsroot.registrationUrl = "${nfsrootBaseUrl}/eostre/registration"; |
| 373 | config.system.nixos.label = "eostre"; | 373 | # config.system.nixos.label = "eostre"; |
| 374 | }) | 374 | # }) |
| 375 | ]; | 375 | # ]; |
| 376 | }); | 376 | # }); |
| 377 | eostreBuild = eostreBuild'.config.system.build; | 377 | # eostreBuild = eostreBuild'.config.system.build; |
| 378 | in builtins.toPath (pkgs.runCommandLocal "eostre" {} '' | 378 | # in builtins.toPath (pkgs.runCommandLocal "eostre" {} '' |
| 379 | mkdir -p $out/eostre | 379 | # mkdir -p $out/eostre |
| 380 | install -m 0444 -t $out/eostre \ | 380 | # install -m 0444 -t $out/eostre \ |
| 381 | ${eostreBuild.initialRamdisk}/initrd \ | 381 | # ${eostreBuild.initialRamdisk}/initrd \ |
| 382 | ${eostreBuild.kernel}/bzImage \ | 382 | # ${eostreBuild.kernel}/bzImage \ |
| 383 | ${eostreBuild.netbootIpxeScript}/netboot.ipxe \ | 383 | # ${eostreBuild.netbootIpxeScript}/netboot.ipxe \ |
| 384 | ${pkgs.closureInfo { rootPaths = eostreBuild.storeContents; }}/registration | 384 | # ${pkgs.closureInfo { rootPaths = eostreBuild.storeContents; }}/registration |
| 385 | install -m 0444 ${pkgs.writeText "eostre.menu.ipxe" '' | 385 | # install -m 0444 ${pkgs.writeText "eostre.menu.ipxe" '' |
| 386 | #!ipxe | 386 | # #!ipxe |
| 387 | 387 | ||
| 388 | set menu-timeout 5000 | 388 | # set menu-timeout 5000 |
| 389 | 389 | ||
| 390 | :start | 390 | # :start |
| 391 | menu iPXE boot menu for eostre | 391 | # menu iPXE boot menu for eostre |
| 392 | item eostre ${with eostreBuild'; "${config.system.nixos.distroName} ${config.system.nixos.codeName} ${config.system.nixos.label} (Linux ${config.boot.kernelPackages.kernel.modDirVersion})"} | 392 | # item eostre ${with eostreBuild'; "${config.system.nixos.distroName} ${config.system.nixos.codeName} ${config.system.nixos.label} (Linux ${config.boot.kernelPackages.kernel.modDirVersion})"} |
| 393 | item memtest memtest86plus | 393 | # item memtest memtest86plus |
| 394 | item netboot netboot.xyz | 394 | # item netboot netboot.xyz |
| 395 | item shell iPXE shell | 395 | # item shell iPXE shell |
| 396 | choose --timeout ''${menu-timeout} --default eostre selected || goto shell | 396 | # choose --timeout ''${menu-timeout} --default eostre selected || goto shell |
| 397 | set menu-timeout 0 | 397 | # set menu-timeout 0 |
| 398 | goto ''${selected} | 398 | # goto ''${selected} |
| 399 | 399 | ||
| 400 | :shell | 400 | # :shell |
| 401 | set menu-timeout 0 | 401 | # set menu-timeout 0 |
| 402 | shell | 402 | # shell |
| 403 | goto start | 403 | # goto start |
| 404 | 404 | ||
| 405 | :eostre | 405 | # :eostre |
| 406 | chain eostre/netboot.ipxe | 406 | # chain eostre/netboot.ipxe |
| 407 | goto start | 407 | # goto start |
| 408 | 408 | ||
| 409 | :netboot | 409 | # :netboot |
| 410 | iseq ''${platform} efi && chain --autofree netboot.xyz.efi || chain --autofree netboot.xyz.lkrn | 410 | # iseq ''${platform} efi && chain --autofree netboot.xyz.efi || chain --autofree netboot.xyz.lkrn |
| 411 | goto start | 411 | # goto start |
| 412 | 412 | ||
| 413 | :memtest | 413 | # :memtest |
| 414 | chain --autofree mt86plus.efi | 414 | # chain --autofree mt86plus.efi |
| 415 | goto start | 415 | # goto start |
| 416 | ''} $out/eostre.menu.ipxe | 416 | # ''} $out/eostre.menu.ipxe |
| 417 | ''))) | 417 | # ''))) |
| 418 | ]; | 418 | ]; |
| 419 | }; | 419 | }; |
| 420 | }; | 420 | }; |