summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--_sources/generated.json30
-rw-r--r--_sources/generated.nix16
-rw-r--r--hosts/vidhar/default.nix2
-rw-r--r--hosts/vidhar/network/default.nix9
-rw-r--r--hosts/vidhar/network/dhcp/default.nix133
-rw-r--r--hosts/vidhar/paperless/default.nix2
-rw-r--r--installer/default.nix2
-rw-r--r--nvfetcher.toml8
-rw-r--r--system-profiles/nfsroot.nix2
-rw-r--r--user-profiles/core.nix6
10 files changed, 168 insertions, 42 deletions
diff --git a/_sources/generated.json b/_sources/generated.json
index d86f7005..b3604420 100644
--- a/_sources/generated.json
+++ b/_sources/generated.json
@@ -261,6 +261,36 @@
261 }, 261 },
262 "version": "1f8c31457459ffc28cd1c3f3c2235a53efad7148" 262 "version": "1f8c31457459ffc28cd1c3f3c2235a53efad7148"
263 }, 263 },
264 "netbootxyz-efi": {
265 "cargoLocks": null,
266 "date": null,
267 "extract": null,
268 "name": "netbootxyz-efi",
269 "passthru": null,
270 "pinned": false,
271 "src": {
272 "name": null,
273 "sha256": "sha256-D0UnGL0H+zua5fJAoBbfEyU4ZdjQXf6LeQ+475oVKow=",
274 "type": "url",
275 "url": "https://github.com/netbootxyz/netboot.xyz/releases/download/2.0.86/netboot.xyz.efi"
276 },
277 "version": "2.0.86"
278 },
279 "netbootxyz-lkrn": {
280 "cargoLocks": null,
281 "date": null,
282 "extract": null,
283 "name": "netbootxyz-lkrn",
284 "passthru": null,
285 "pinned": false,
286 "src": {
287 "name": null,
288 "sha256": "sha256-zUuvv/MCXhgqBCa4dl4+bWtS+Z1PCDRUX0pGLonaWpY=",
289 "type": "url",
290 "url": "https://github.com/netbootxyz/netboot.xyz/releases/download/2.0.86/netboot.xyz.lkrn"
291 },
292 "version": "2.0.86"
293 },
264 "postfix-mta-sts-resolver": { 294 "postfix-mta-sts-resolver": {
265 "cargoLocks": null, 295 "cargoLocks": null,
266 "date": null, 296 "date": null,
diff --git a/_sources/generated.nix b/_sources/generated.nix
index a7ebef8a..c3b65800 100644
--- a/_sources/generated.nix
+++ b/_sources/generated.nix
@@ -162,6 +162,22 @@
162 }; 162 };
163 date = "2020-02-10"; 163 date = "2020-02-10";
164 }; 164 };
165 netbootxyz-efi = {
166 pname = "netbootxyz-efi";
167 version = "2.0.86";
168 src = fetchurl {
169 url = "https://github.com/netbootxyz/netboot.xyz/releases/download/2.0.86/netboot.xyz.efi";
170 sha256 = "sha256-D0UnGL0H+zua5fJAoBbfEyU4ZdjQXf6LeQ+475oVKow=";
171 };
172 };
173 netbootxyz-lkrn = {
174 pname = "netbootxyz-lkrn";
175 version = "2.0.86";
176 src = fetchurl {
177 url = "https://github.com/netbootxyz/netboot.xyz/releases/download/2.0.86/netboot.xyz.lkrn";
178 sha256 = "sha256-zUuvv/MCXhgqBCa4dl4+bWtS+Z1PCDRUX0pGLonaWpY=";
179 };
180 };
165 postfix-mta-sts-resolver = { 181 postfix-mta-sts-resolver = {
166 pname = "postfix-mta-sts-resolver"; 182 pname = "postfix-mta-sts-resolver";
167 version = "1.5.0"; 183 version = "1.5.0";
diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix
index 1af9c5e0..90ab40dd 100644
--- a/hosts/vidhar/default.nix
+++ b/hosts/vidhar/default.nix
@@ -387,7 +387,7 @@ with lib;
387 algorithm = "zstd"; 387 algorithm = "zstd";
388 }; 388 };
389 389
390 environment.systemPackages = with pkgs; [iotop vmtouch inetutils]; 390 environment.systemPackages = with pkgs; [iotop vmtouch];
391 391
392 systemd.sysusers.enable = false; 392 systemd.sysusers.enable = false;
393 system.stateVersion = "21.05"; 393 system.stateVersion = "21.05";
diff --git a/hosts/vidhar/network/default.nix b/hosts/vidhar/network/default.nix
index 0643f0bb..92d755f3 100644
--- a/hosts/vidhar/network/default.nix
+++ b/hosts/vidhar/network/default.nix
@@ -103,7 +103,14 @@ with lib;
103 /srv/nfs/nix-store 10.141.0.0/24(ro,async,root_squash) 2a03:4000:52:ada:1::/80(ro,async,root_squash) 103 /srv/nfs/nix-store 10.141.0.0/24(ro,async,root_squash) 2a03:4000:52:ada:1::/80(ro,async,root_squash)
104 ''; 104 '';
105 }; 105 };
106 settings.nfsd.vers3 = false; 106 settings.nfsd = {
107 rdma = true;
108 vers3 = false;
109 vers4 = true;
110 "vers4.0" = false;
111 "vers4.1" = false;
112 "vers4.2" = true;
113 };
107 }; 114 };
108 115
109 fileSystems = { 116 fileSystems = {
diff --git a/hosts/vidhar/network/dhcp/default.nix b/hosts/vidhar/network/dhcp/default.nix
index 4151111d..098d3061 100644
--- a/hosts/vidhar/network/dhcp/default.nix
+++ b/hosts/vidhar/network/dhcp/default.nix
@@ -1,9 +1,32 @@
1{ flake, config, pkgs, lib, ... }: 1{ flake, config, pkgs, lib, sources, ... }:
2 2
3with lib; 3with lib;
4 4
5let 5let
6 nfsrootBaseUrl = "http://nfsroot.vidhar.yggdrasil"; 6 nfsrootBaseUrl = "http://nfsroot.vidhar.yggdrasil";
7 tftpIp = "10.141.0.1";
8 nfsIp = tftpIp;
9 ipxe = pkgs.ipxe.override {
10 additionalTargets = {
11 "bin-i386-efi/ipxe.efi" = "i386-ipxe.efi";
12 };
13 additionalOptions = [
14 "NSLOOKUP_CMD"
15 "PING_CMD"
16 "CONSOLE_CMD"
17 ];
18 embedScript = pkgs.writeText "yggdrasil.ipxe" ''
19 #!ipxe
20
21 cpair --background 9 1
22 cpair --background 9 3
23 cpair --background 9 6
24
25 set user-class iPXE-yggdrasil
26
27 autoboot
28 '';
29 };
7in { 30in {
8 config = { 31 config = {
9 services.kea = { 32 services.kea = {
@@ -25,41 +48,67 @@ in {
25 }; 48 };
26 49
27 client-classes = [ 50 client-classes = [
28 { name = "eostre-ipxe"; 51 { name = "ipxe-eostre";
29 test = "hexstring(pkt4.mac, ':') == '00:d8:61:79:c5:40' and option[77].hex == 'iPXE'"; 52 test = "hexstring(pkt4.mac, ':') == '00:d8:61:79:c5:40' and option[77].hex == 'iPXE-yggdrasil'";
30 next-server = "10.141.0.1"; 53 next-server = tftpIp;
31 boot-file-name = "${nfsrootBaseUrl}/eostre.menu.ipxe"; 54 boot-file-name = "${nfsrootBaseUrl}/eostre.menu.ipxe";
32 only-if-required = true; 55 only-if-required = true;
33 } 56 }
34 { name = "ipxe"; 57 { name = "ipxe-yggdrasil";
35 test = "option[77].hex == 'iPXE'"; 58 test = "option[77].hex == 'iPXE-yggdrasil'";
36 next-server = "10.141.0.1"; 59 next-server = tftpIp;
37 boot-file-name = "${nfsrootBaseUrl}/installer-x86_64-linux.menu.ipxe"; 60 boot-file-name = "${nfsrootBaseUrl}/installer-x86_64-linux.menu.ipxe";
38 only-if-required = true; 61 only-if-required = true;
39 } 62 }
63
64 { name = "uefi-http";
65 test = "option[client-system].hex == 0x0010";
66 option-data = [
67 { name = "vendor-class-identifier"; data = "HTTPClient"; }
68 ];
69 boot-file-name = "${nfsrootBaseUrl}/ipxe.efi";
70 only-if-required = true;
71 }
72
73 { name = "ipxe-uefi-64";
74 test = "option[77].hex == 'iPXE' and (substring(option[60].hex,0,20) == 'PXEClient:Arch:00007' or substring(option[60].hex,0,20) == 'PXEClient:Arch:00008' or substring(option[60].hex,0,20) == 'PXEClient:Arch:00009')";
75 boot-file-name = "${nfsrootBaseUrl}/ipxe.efi";
76 only-if-required = true;
77 }
78 { name = "ipxe-uefi-32";
79 test = "option[77].hex == 'iPXE' and (substring(option[60].hex,0,20) == 'PXEClient:Arch:00002' or substring(option[60].hex,0,20) == 'PXEClient:Arch:00006')";
80 boot-file-name = "${nfsrootBaseUrl}/i386-ipxe.efi";
81 only-if-required = true;
82 }
83 { name = "ipxe-legacy";
84 test = "option[77].hex == 'iPXE' and substring(option[60].hex,0,20) == 'PXEClient:Arch:00000'";
85 boot-file-name = "${nfsrootBaseUrl}/ipxe.lkrn";
86 only-if-required = true;
87 }
88
40 { name = "uefi-64"; 89 { name = "uefi-64";
41 test = "substring(option[60].hex,0,20) == 'PXEClient:Arch:00007' or substring(option[60].hex,0,20) == 'PXEClient:Arch:00008' or substring(option[60].hex,0,20) == 'PXEClient:Arch:00009'"; 90 test = "substring(option[60].hex,0,20) == 'PXEClient:Arch:00007' or substring(option[60].hex,0,20) == 'PXEClient:Arch:00008' or substring(option[60].hex,0,20) == 'PXEClient:Arch:00009'";
42 only-if-required = true;
43 option-data = [ 91 option-data = [
44 { name = "tftp-server-name"; data = "10.141.0.1"; } 92 { name = "tftp-server-name"; data = tftpIp; }
45 ]; 93 ];
46 boot-file-name = "ipxe.efi"; 94 boot-file-name = "ipxe.efi";
95 only-if-required = true;
47 } 96 }
48 { name = "uefi-32"; 97 { name = "uefi-32";
49 test = "substring(option[60].hex,0,20) == 'PXEClient:Arch:00002' or substring(option[60].hex,0,20) == 'PXEClient:Arch:00006'"; 98 test = "substring(option[60].hex,0,20) == 'PXEClient:Arch:00002' or substring(option[60].hex,0,20) == 'PXEClient:Arch:00006'";
50 only-if-required = true;
51 option-data = [ 99 option-data = [
52 { name = "tftp-server-name"; data = "10.141.0.1"; } 100 { name = "tftp-server-name"; data = tftpIp; }
53 ]; 101 ];
54 boot-file-name = "i386-ipxe.efi"; 102 boot-file-name = "i386-ipxe.efi";
103 only-if-required = true;
55 } 104 }
56 { name = "legacy"; 105 { name = "legacy";
57 test = "substring(option[60].hex,0,20) == 'PXEClient:Arch:00000'"; 106 test = "substring(option[60].hex,0,20) == 'PXEClient:Arch:00000'";
58 only-if-required = true;
59 option-data = [ 107 option-data = [
60 { name = "tftp-server-name"; data = "10.141.0.1"; } 108 { name = "tftp-server-name"; data = tftpIp; }
61 ]; 109 ];
62 boot-file-name = "undionly.kpxe"; 110 boot-file-name = "ipxe.lkrn";
111 only-if-required = true;
63 } 112 }
64 ]; 113 ];
65 114
@@ -261,7 +310,7 @@ in {
261 installerBuild = (flake.nixosConfigurations.${"installer-${system}-nfsroot"}.extendModules { 310 installerBuild = (flake.nixosConfigurations.${"installer-${system}-nfsroot"}.extendModules {
262 modules = [ 311 modules = [
263 ({ ... }: { 312 ({ ... }: {
264 config.nfsroot.storeDevice = "10.141.0.1:nix-store"; 313 config.nfsroot.storeDevice = "${nfsIp}:nix-store";
265 config.nfsroot.registrationUrl = "${nfsrootBaseUrl}/installer-${system}/registration"; 314 config.nfsroot.registrationUrl = "${nfsrootBaseUrl}/installer-${system}/registration";
266 }) 315 })
267 ]; 316 ];
@@ -278,9 +327,12 @@ in {
278 name = "installer-${system}.menu.ipxe"; 327 name = "installer-${system}.menu.ipxe";
279 destination = "/installer-${system}.menu.ipxe"; 328 destination = "/installer-${system}.menu.ipxe";
280 text = '' 329 text = ''
330 #!ipxe
331
281 :start 332 :start
282 menu iPXE boot menu for installer-${system} 333 menu iPXE boot menu for installer-${system}
283 item installer Boot installer-${system} 334 item installer installer-${system}
335 item memtest memtest86plus
284 item netboot netboot.xyz 336 item netboot netboot.xyz
285 item shell iPXE shell 337 item shell iPXE shell
286 choose --timeout 0 --default installer selected || goto shell 338 choose --timeout 0 --default installer selected || goto shell
@@ -291,25 +343,34 @@ in {
291 goto start 343 goto start
292 344
293 :installer 345 :installer
294 chain ${nfsrootBaseUrl}/installer-${system}/netboot.ipxe 346 chain installer-${system}/netboot.ipxe
295 goto start 347 goto start
296 348
297 :netboot 349 :netboot
298 chain --autofree ${nfsrootBaseUrl}/netboot.xyz.efi 350 iseq ''${platform} efi && chain --autofree netboot.xyz.efi || chain --autofree netboot.xyz.lkrn
351 goto start
352
353 :memtest
354 iseq ''${platform} efi && chain --autofree memtest.efi || chain --autofree memtest.bin
299 goto start 355 goto start
300 ''; 356 '';
301 }) 357 })
302 ]; 358 ];
303 }) ["x86_64-linux"] 359 }) ["x86_64-linux"]
304 ) ++ [ 360 ) ++ [
305 (pkgs.linkFarm "netbootxyz-efi" [ 361 (pkgs.runCommandLocal "utils" {} ''
306 { name = "netboot.xyz.efi"; path = pkgs.netbootxyz-efi; } 362 mkdir $out
307 ]) 363 install -m 0444 -t $out \
364 ${ipxe}/{ipxe.efi,i386-ipxe.efi,ipxe.lkrn} \
365 ${pkgs.memtest86plus}/{memtest.efi,memtest.bin}
366 install -m 0444 ${sources.netbootxyz-efi.src} $out/netboot.xyz.efi
367 install -m 0444 ${sources.netbootxyz-lkrn.src} $out/netboot.xyz.lkrn
368 '')
308 (let 369 (let
309 eostreBuild = (flake.nixosConfigurations.eostre.extendModules { 370 eostreBuild = (flake.nixosConfigurations.eostre.extendModules {
310 modules = [ 371 modules = [
311 ({ ... }: { 372 ({ ... }: {
312 config.nfsroot.storeDevice = "10.141.0.1:nix-store"; 373 config.nfsroot.storeDevice = "${nfsIp}:nix-store";
313 config.nfsroot.registrationUrl = "${nfsrootBaseUrl}/eostre/registration"; 374 config.nfsroot.registrationUrl = "${nfsrootBaseUrl}/eostre/registration";
314 }) 375 })
315 ]; 376 ];
@@ -326,27 +387,35 @@ in {
326 name = "eostre.menu.ipxe"; 387 name = "eostre.menu.ipxe";
327 destination = "/eostre.menu.ipxe"; 388 destination = "/eostre.menu.ipxe";
328 text = '' 389 text = ''
390 #!ipxe
391
329 set menu-timeout 5000 392 set menu-timeout 5000
330 393
331 :start 394 :start
332 menu iPXE boot menu for eostre 395 menu iPXE boot menu for eostre
333 item eostre Boot eostre 396 item eostre eostre
397 item memtest memtest86plus
334 item netboot netboot.xyz 398 item netboot netboot.xyz
335 item shell iPXE shell 399 item shell iPXE shell
336 choose --timeout ''${menu-timeout} --default eostre selected || goto shell 400 choose --timeout ''${menu-timeout} --default eostre selected || goto shell
401 set menu-timeout 0
337 goto ''${selected} 402 goto ''${selected}
338 403
339 :shell 404 :shell
340 shell
341 set menu-timeout 0 405 set menu-timeout 0
406 shell
342 goto start 407 goto start
343 408
344 :eostre 409 :eostre
345 chain ${nfsrootBaseUrl}/eostre/netboot.ipxe 410 chain eostre/netboot.ipxe
346 goto start 411 goto start
347 412
348 :netboot 413 :netboot
349 chain --autofree ${nfsrootBaseUrl}/netboot.xyz.efi 414 iseq ''${platform} efi && chain --autofree netboot.xyz.efi || chain --autofree netboot.xyz.lkrn
415 goto start
416
417 :memtest
418 iseq ''${platform} efi && chain --autofree memtest.efi || chain --autofree memtest.bin
350 goto start 419 goto start
351 ''; 420 '';
352 }) 421 })
@@ -360,20 +429,12 @@ in {
360 after = [ "network.target" ]; 429 after = [ "network.target" ];
361 wantedBy = [ "multi-user.target" ]; 430 wantedBy = [ "multi-user.target" ];
362 serviceConfig.ExecStart = let 431 serviceConfig.ExecStart = let
363 ipxe = pkgs.ipxe.override {
364 additionalTargets = {
365 "bin-i386-efi/ipxe.efi" = "i386-ipxe.efi";
366 };
367 additionalOptions = [
368 "NSLOOKUP_CMD"
369 ];
370 };
371 tftpRoot = pkgs.runCommandLocal "netboot" {} '' 432 tftpRoot = pkgs.runCommandLocal "netboot" {} ''
372 mkdir -p $out 433 mkdir -p $out
373 install -m 0444 -t $out \ 434 install -m 0444 -t $out \
374 ${ipxe}/ipxe.efi ${ipxe}/i386-ipxe.efi ${ipxe}/undionly.kpxe 435 ${ipxe}/{ipxe.efi,i386-ipxe.efi,ipxe.lkrn}
375 ''; 436 '';
376 in "${pkgs.atftp}/sbin/atftpd --daemon --no-fork --bind-address=10.141.0.1 ${tftpRoot}"; 437 in "${pkgs.atftp}/sbin/atftpd --daemon --no-fork --bind-address=${tftpIp} ${tftpRoot}";
377 }; 438 };
378 }; 439 };
379} 440}
diff --git a/hosts/vidhar/paperless/default.nix b/hosts/vidhar/paperless/default.nix
index 34cd18c4..dd02da38 100644
--- a/hosts/vidhar/paperless/default.nix
+++ b/hosts/vidhar/paperless/default.nix
@@ -4,7 +4,7 @@
4 config = { 4 config = {
5 services.paperless = { 5 services.paperless = {
6 enable = true; 6 enable = true;
7 address = "[2a03:4000:52:ada:4:1::]"; 7 address = "2a03:4000:52:ada:4:1::";
8 passwordFile = config.sops.secrets."paperless-rootpw".path; 8 passwordFile = config.sops.secrets."paperless-rootpw".path;
9 settings = { 9 settings = {
10 PAPERLESS_OCR_LANGUAGE = "deu+eng"; 10 PAPERLESS_OCR_LANGUAGE = "deu+eng";
diff --git a/installer/default.nix b/installer/default.nix
index ec47832a..7c6a4f40 100644
--- a/installer/default.nix
+++ b/installer/default.nix
@@ -8,7 +8,7 @@ with lib;
8 ]; 8 ];
9 9
10 config = { 10 config = {
11 boot.initrd.availableKernelModules = [ "e1000e" ]; 11 boot.initrd.kernelModules = [ "e1000e" "virtio_net" ];
12 12
13 hardware.cpu.amd.updateMicrocode = config.hardware.enableRedistributableFirmware; 13 hardware.cpu.amd.updateMicrocode = config.hardware.enableRedistributableFirmware;
14 14
diff --git a/nvfetcher.toml b/nvfetcher.toml
index ecaebba0..72c0d99d 100644
--- a/nvfetcher.toml
+++ b/nvfetcher.toml
@@ -115,3 +115,11 @@ fetch.git = "https://github.com/emersion/mako"
115[swayosd] 115[swayosd]
116src.git = "https://github.com/ErikReider/SwayOSD" 116src.git = "https://github.com/ErikReider/SwayOSD"
117fetch.git = "https://github.com/ErikReider/SwayOSD" 117fetch.git = "https://github.com/ErikReider/SwayOSD"
118
119[netbootxyz-efi]
120src.github = "netbootxyz/netboot.xyz"
121fetch.url = "https://github.com/netbootxyz/netboot.xyz/releases/download/$ver/netboot.xyz.efi"
122
123[netbootxyz-lkrn]
124src.github = "netbootxyz/netboot.xyz"
125fetch.url = "https://github.com/netbootxyz/netboot.xyz/releases/download/$ver/netboot.xyz.lkrn"
diff --git a/system-profiles/nfsroot.nix b/system-profiles/nfsroot.nix
index 1cd930d9..b0116d61 100644
--- a/system-profiles/nfsroot.nix
+++ b/system-profiles/nfsroot.nix
@@ -48,7 +48,7 @@ in {
48 fileSystems."/nix/.ro-store" = mkImageMediaOverride 48 fileSystems."/nix/.ro-store" = mkImageMediaOverride
49 { fsType = "nfs4"; 49 { fsType = "nfs4";
50 device = cfg.storeDevice; 50 device = cfg.storeDevice;
51 options = [ "ro" ]; 51 options = [ "ro" "nfsvers=4.2" ];
52 neededForBoot = true; 52 neededForBoot = true;
53 }; 53 };
54 54
diff --git a/user-profiles/core.nix b/user-profiles/core.nix
index a8af48b3..57fb7628 100644
--- a/user-profiles/core.nix
+++ b/user-profiles/core.nix
@@ -5,7 +5,11 @@ with lib;
5{ 5{
6 config = { 6 config = {
7 users.users.${userName} = {}; # Just make sure the user is created 7 users.users.${userName} = {}; # Just make sure the user is created
8 home-manager.users.${userName} = {}; 8 home-manager.users.${userName} = let sysConfig = config; in { config, ... }: {
9 config.nix.settings = {
10 inherit (sysConfig.nix.settings) use-xdg-base-directories;
11 };
12 };
9 13
10 systemd.services."home-manager-${utils.escapeSystemdPath userName}" = lib.mkIf (!config.home-manager.enableSystemd) { 14 systemd.services."home-manager-${utils.escapeSystemdPath userName}" = lib.mkIf (!config.home-manager.enableSystemd) {
11 restartIfChanged = false; # only run once on startup, deploy to running system with deploy-rs 15 restartIfChanged = false; # only run once on startup, deploy to running system with deploy-rs
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-29 19:20:57 +0000