summaryrefslogtreecommitdiff
path: root/hosts/vidhar
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/vidhar')
-rw-r--r--hosts/vidhar/borg/default.nix6
-rw-r--r--hosts/vidhar/network/dhcp/default.nix58
-rw-r--r--hosts/vidhar/network/dsl.nix8
-rw-r--r--hosts/vidhar/prometheus/default.nix7
4 files changed, 56 insertions, 23 deletions
diff --git a/hosts/vidhar/borg/default.nix b/hosts/vidhar/borg/default.nix
index 650c91ee..79c75c4d 100644
--- a/hosts/vidhar/borg/default.nix
+++ b/hosts/vidhar/borg/default.nix
@@ -57,7 +57,7 @@ let
57 57
58 buildInputs = with pkgs; [makeWrapper]; 58 buildInputs = with pkgs; [makeWrapper];
59 59
60 python = inpPython.withPackages (ps: with ps; [humanize tqdm dateutil xdg python-unshare pyprctl halo]); 60 python = inpPython.withPackages (ps: with ps; [humanize tqdm python-dateutil xdg python-unshare pyprctl halo]);
61 61
62 buildPhase = '' 62 buildPhase = ''
63 substitute $src copy \ 63 substitute $src copy \
@@ -74,7 +74,7 @@ let
74 copy 74 copy
75 75
76 wrapProgram $out/bin/copy \ 76 wrapProgram $out/bin/copy \
77 --prefix PATH : ${makeBinPath (with pkgs; [utillinux borgbackup])}:${config.security.wrapperDir} 77 --prefix PATH : ${makeBinPath (with pkgs; [util-linux borgbackup])}:${config.security.wrapperDir}
78 ''; 78 '';
79 }); 79 });
80 80
@@ -93,7 +93,7 @@ let
93 ''; 93 '';
94 postInstall = '' 94 postInstall = ''
95 wrapProgram $out/bin/borgsnap \ 95 wrapProgram $out/bin/borgsnap \
96 --prefix PATH : ${makeBinPath (with pkgs; [utillinux borgbackup])}:${config.security.wrapperDir} 96 --prefix PATH : ${makeBinPath (with pkgs; [util-linux borgbackup])}:${config.security.wrapperDir}
97 ''; 97 '';
98 98
99 providers.python-unshare = "nixpkgs"; 99 providers.python-unshare = "nixpkgs";
diff --git a/hosts/vidhar/network/dhcp/default.nix b/hosts/vidhar/network/dhcp/default.nix
index 067dc6d6..e14b15ac 100644
--- a/hosts/vidhar/network/dhcp/default.nix
+++ b/hosts/vidhar/network/dhcp/default.nix
@@ -1,4 +1,7 @@
1{ flake, config, pkgs, lib, ... }: 1{ flake, config, pkgs, lib, ... }:
2
3with lib;
4
2{ 5{
3 config = { 6 config = {
4 services.kea = { 7 services.kea = {
@@ -23,7 +26,7 @@
23 { name = "ipxe"; 26 { name = "ipxe";
24 test = "option[77].hex == 'iPXE'"; 27 test = "option[77].hex == 'iPXE'";
25 next-server = "10.141.0.1"; 28 next-server = "10.141.0.1";
26 boot-file-name = "netboot.ipxe"; 29 boot-file-name = "installer-x86_64-linux/netboot.ipxe";
27 only-if-required = true; 30 only-if-required = true;
28 } 31 }
29 { name = "uefi-64"; 32 { name = "uefi-64";
@@ -146,7 +149,7 @@
146 pools = [ { pool = "10.141.2.128 - 10.141.2.254"; } ]; 149 pools = [ { pool = "10.141.2.128 - 10.141.2.254"; } ];
147 reservations = []; 150 reservations = [];
148 } 151 }
149 ]; 152 ];
150 }; 153 };
151 }; 154 };
152 # dhcp6 = { 155 # dhcp6 = {
@@ -195,16 +198,16 @@
195 }; 198 };
196 199
197 systemd.services.kea-dhcp-ddns-server = { 200 systemd.services.kea-dhcp-ddns-server = {
198 preStart = let 201 preStart = let
199 configLines = [ 202 configLines = [
200 "<?include \"\${CREDENTIALS_DIRECTORY}/knot-tsig.json.frag\"?>" 203 "<?include \"\${CREDENTIALS_DIRECTORY}/knot-tsig.json.frag\"?>"
201 ] ++ lib.mapAttrsToList (k: v: 204 ] ++ mapAttrsToList (k: v:
202 "\"${k}\": ${builtins.toJSON v}" 205 "\"${k}\": ${builtins.toJSON v}"
203 ) config.services.kea.dhcp-ddns.settings; 206 ) config.services.kea.dhcp-ddns.settings;
204 207
205 config-template = pkgs.writeText "dhcp-ddns.conf" '' 208 config-template = pkgs.writeText "dhcp-ddns.conf" ''
206 {"DhcpDdns": { 209 {"DhcpDdns": {
207 ${lib.concatStringsSep ",\n " configLines} 210 ${concatStringsSep ",\n " configLines}
208 }} 211 }}
209 ''; 212 '';
210 in '' 213 in ''
@@ -212,8 +215,8 @@
212 ''; 215 '';
213 216
214 serviceConfig = { 217 serviceConfig = {
215 ExecStart = lib.mkForce '' 218 ExecStart = mkForce ''
216 ${pkgs.kea}/bin/kea-dhcp-ddns -c "''${RUNTIME_DIRECTORY}/dhcp-ddns.conf" ${lib.escapeShellArgs config.services.kea.dhcp-ddns.extraArgs} 219 ${pkgs.kea}/bin/kea-dhcp-ddns -c "''${RUNTIME_DIRECTORY}/dhcp-ddns.conf" ${escapeShellArgs config.services.kea.dhcp-ddns.extraArgs}
217 ''; 220 '';
218 LoadCredential = [ 221 LoadCredential = [
219 "knot-tsig.json.frag:${config.sops.secrets."kea-knot-tsig.json.frag".path}" 222 "knot-tsig.json.frag:${config.sops.secrets."kea-knot-tsig.json.frag".path}"
@@ -226,26 +229,53 @@
226 sopsFile = ./knot-tsig.json.frag; 229 sopsFile = ./knot-tsig.json.frag;
227 }; 230 };
228 231
229 systemd.services."installer-atftpd" = { 232 systemd.services."pxe-atftpd" = {
230 description = "TFTP Server for PXE Booting NixOS Installer"; 233 description = "TFTP Server for PXE Booting";
231 after = [ "network.target" ]; 234 after = [ "network.target" ];
232 wantedBy = [ "multi-user.target" ]; 235 wantedBy = [ "multi-user.target" ];
233 serviceConfig.ExecStart = let 236 serviceConfig.ExecStart = let
234 installerBuild = flake.nixosConfigurations.installer-x86_64-linux-netboot.config.system.build;
235 ipxe = pkgs.ipxe.override { 237 ipxe = pkgs.ipxe.override {
236 additionalTargets = { 238 additionalTargets = {
237 "bin-i386-efi/ipxe.efi" = "i386-ipxe.efi"; 239 "bin-i386-efi/ipxe.efi" = "i386-ipxe.efi";
238 }; 240 };
239 }; 241 };
240 tftpRoot = pkgs.runCommandLocal "installer-netboot" {} '' 242 tftpRoot = pkgs.runCommandLocal "netboot" {} ''
241 mkdir -p $out 243 mkdir -p $out
242 install -m 0444 -t $out \ 244 install -m 0444 -t $out \
243 ${installerBuild.netbootRamdisk}/initrd \
244 ${installerBuild.kernel}/bzImage \
245 ${installerBuild.netbootIpxeScript}/netboot.ipxe \
246 ${ipxe}/ipxe.efi ${ipxe}/i386-ipxe.efi ${ipxe}/undionly.kpxe 245 ${ipxe}/ipxe.efi ${ipxe}/i386-ipxe.efi ${ipxe}/undionly.kpxe
246
247 ${concatMapStringsSep "\n" (system:
248 let
249 installerBuild = (flake.nixosConfigurations.${"installer-${system}-nfsroot"}.extendModules {
250 modules = [
251 ({ ... }: { config.nfsroot.storeDevice = "vidhar:nix-store"; })
252 ];
253 }).config.system.build;
254 in ''
255 mkdir -p $out/installer-${system}
256 install -m 0444 -t $out/installer-${system} \
257 ${installerBuild.initialRamdisk}/initrd \
258 ${installerBuild.kernel}/bzImage \
259 ${installerBuild.netbootIpxeScript}/netboot.ipxe
260 ''
261 ) ["x86_64-linux"]}
247 ''; 262 '';
248 in "${pkgs.atftp}/sbin/atftpd --daemon --no-fork --bind-address=10.141.0.1 ${tftpRoot}"; 263 in "${pkgs.atftp}/sbin/atftpd --daemon --no-fork --bind-address=10.141.0.1 ${tftpRoot}";
249 }; 264 };
265
266 services.nfs.server = {
267 enable = true;
268 createMountPoints = true;
269 exports = ''
270 /export/nix-root 10.141.0.0/24(ro)
271 '';
272 };
273
274 fileSystems = {
275 "/export/nix-root" = {
276 device = "/nix/store";
277 options = [ "bind" ];
278 };
279 };
250 }; 280 };
251} 281}
diff --git a/hosts/vidhar/network/dsl.nix b/hosts/vidhar/network/dsl.nix
index a5f4daf2..461e74d2 100644
--- a/hosts/vidhar/network/dsl.nix
+++ b/hosts/vidhar/network/dsl.nix
@@ -11,7 +11,7 @@ in {
11 default = "dsl"; 11 default = "dsl";
12 }; 12 };
13 }; 13 };
14 14
15 config = { 15 config = {
16 networking.vlans = { 16 networking.vlans = {
17 telekom = { 17 telekom = {
@@ -19,7 +19,7 @@ in {
19 interface = "eno2"; 19 interface = "eno2";
20 }; 20 };
21 }; 21 };
22 22
23 services.pppd = { 23 services.pppd = {
24 enable = true; 24 enable = true;
25 peers.telekom.config = '' 25 peers.telekom.config = ''
@@ -40,7 +40,7 @@ in {
40 }; 40 };
41 systemd.services."pppd-telekom" = { 41 systemd.services."pppd-telekom" = {
42 stopIfChanged = true; 42 stopIfChanged = true;
43 43
44 serviceConfig = lib.mkForce { 44 serviceConfig = lib.mkForce {
45 Type = "notify"; 45 Type = "notify";
46 PIDFile = "/run/pppd/${pppInterface}.pid"; 46 PIDFile = "/run/pppd/${pppInterface}.pid";
@@ -62,7 +62,7 @@ in {
62 "ppp/ip-up" = { 62 "ppp/ip-up" = {
63 text = '' 63 text = ''
64 #!${pkgs.runtimeShell} 64 #!${pkgs.runtimeShell}
65 ${pkgs.iproute}/bin/ip route add default via "$5" dev "${pppInterface}" metric 512 65 ${pkgs.iproute2}/bin/ip route add default via "$5" dev "${pppInterface}" metric 512
66 ''; 66 '';
67 mode = "0555"; 67 mode = "0555";
68 }; 68 };
diff --git a/hosts/vidhar/prometheus/default.nix b/hosts/vidhar/prometheus/default.nix
index 7ac86c30..8e5ff0ea 100644
--- a/hosts/vidhar/prometheus/default.nix
+++ b/hosts/vidhar/prometheus/default.nix
@@ -61,9 +61,12 @@ in {
61 }; 61 };
62 apcupsd.enable = true; 62 apcupsd.enable = true;
63 systemd = { 63 systemd = {
64 enable = true; 64 enable = false; # TODO
65 extraFlags = [ 65 extraFlags = [
66 "--collector.unit-whitelist=(dhcpcd-dsl|pppd-telekom|corerad|ndppd)\.service" 66 "--systemd.collector.unit-include=(dhcpcd-dsl|pppd-telekom|corerad|ndppd)\.service"
67 "--systemd.collector.enable-restart-count"
68 "--systemd.collector.enable-file-descriptor-size"
69 "--systemd.collector.enable-ip-accounting"
67 ]; 70 ];
68 }; 71 };
69 blackbox = { 72 blackbox = {