diff options
Diffstat (limited to 'hosts/vidhar')
-rw-r--r-- | hosts/vidhar/borg/default.nix | 6 | ||||
-rw-r--r-- | hosts/vidhar/network/dhcp/default.nix | 58 | ||||
-rw-r--r-- | hosts/vidhar/network/dsl.nix | 8 | ||||
-rw-r--r-- | hosts/vidhar/prometheus/default.nix | 7 |
4 files changed, 56 insertions, 23 deletions
diff --git a/hosts/vidhar/borg/default.nix b/hosts/vidhar/borg/default.nix index 650c91ee..79c75c4d 100644 --- a/hosts/vidhar/borg/default.nix +++ b/hosts/vidhar/borg/default.nix | |||
@@ -57,7 +57,7 @@ let | |||
57 | 57 | ||
58 | buildInputs = with pkgs; [makeWrapper]; | 58 | buildInputs = with pkgs; [makeWrapper]; |
59 | 59 | ||
60 | python = inpPython.withPackages (ps: with ps; [humanize tqdm dateutil xdg python-unshare pyprctl halo]); | 60 | python = inpPython.withPackages (ps: with ps; [humanize tqdm python-dateutil xdg python-unshare pyprctl halo]); |
61 | 61 | ||
62 | buildPhase = '' | 62 | buildPhase = '' |
63 | substitute $src copy \ | 63 | substitute $src copy \ |
@@ -74,7 +74,7 @@ let | |||
74 | copy | 74 | copy |
75 | 75 | ||
76 | wrapProgram $out/bin/copy \ | 76 | wrapProgram $out/bin/copy \ |
77 | --prefix PATH : ${makeBinPath (with pkgs; [utillinux borgbackup])}:${config.security.wrapperDir} | 77 | --prefix PATH : ${makeBinPath (with pkgs; [util-linux borgbackup])}:${config.security.wrapperDir} |
78 | ''; | 78 | ''; |
79 | }); | 79 | }); |
80 | 80 | ||
@@ -93,7 +93,7 @@ let | |||
93 | ''; | 93 | ''; |
94 | postInstall = '' | 94 | postInstall = '' |
95 | wrapProgram $out/bin/borgsnap \ | 95 | wrapProgram $out/bin/borgsnap \ |
96 | --prefix PATH : ${makeBinPath (with pkgs; [utillinux borgbackup])}:${config.security.wrapperDir} | 96 | --prefix PATH : ${makeBinPath (with pkgs; [util-linux borgbackup])}:${config.security.wrapperDir} |
97 | ''; | 97 | ''; |
98 | 98 | ||
99 | providers.python-unshare = "nixpkgs"; | 99 | providers.python-unshare = "nixpkgs"; |
diff --git a/hosts/vidhar/network/dhcp/default.nix b/hosts/vidhar/network/dhcp/default.nix index 067dc6d6..e14b15ac 100644 --- a/hosts/vidhar/network/dhcp/default.nix +++ b/hosts/vidhar/network/dhcp/default.nix | |||
@@ -1,4 +1,7 @@ | |||
1 | { flake, config, pkgs, lib, ... }: | 1 | { flake, config, pkgs, lib, ... }: |
2 | |||
3 | with lib; | ||
4 | |||
2 | { | 5 | { |
3 | config = { | 6 | config = { |
4 | services.kea = { | 7 | services.kea = { |
@@ -23,7 +26,7 @@ | |||
23 | { name = "ipxe"; | 26 | { name = "ipxe"; |
24 | test = "option[77].hex == 'iPXE'"; | 27 | test = "option[77].hex == 'iPXE'"; |
25 | next-server = "10.141.0.1"; | 28 | next-server = "10.141.0.1"; |
26 | boot-file-name = "netboot.ipxe"; | 29 | boot-file-name = "installer-x86_64-linux/netboot.ipxe"; |
27 | only-if-required = true; | 30 | only-if-required = true; |
28 | } | 31 | } |
29 | { name = "uefi-64"; | 32 | { name = "uefi-64"; |
@@ -146,7 +149,7 @@ | |||
146 | pools = [ { pool = "10.141.2.128 - 10.141.2.254"; } ]; | 149 | pools = [ { pool = "10.141.2.128 - 10.141.2.254"; } ]; |
147 | reservations = []; | 150 | reservations = []; |
148 | } | 151 | } |
149 | ]; | 152 | ]; |
150 | }; | 153 | }; |
151 | }; | 154 | }; |
152 | # dhcp6 = { | 155 | # dhcp6 = { |
@@ -195,16 +198,16 @@ | |||
195 | }; | 198 | }; |
196 | 199 | ||
197 | systemd.services.kea-dhcp-ddns-server = { | 200 | systemd.services.kea-dhcp-ddns-server = { |
198 | preStart = let | 201 | preStart = let |
199 | configLines = [ | 202 | configLines = [ |
200 | "<?include \"\${CREDENTIALS_DIRECTORY}/knot-tsig.json.frag\"?>" | 203 | "<?include \"\${CREDENTIALS_DIRECTORY}/knot-tsig.json.frag\"?>" |
201 | ] ++ lib.mapAttrsToList (k: v: | 204 | ] ++ mapAttrsToList (k: v: |
202 | "\"${k}\": ${builtins.toJSON v}" | 205 | "\"${k}\": ${builtins.toJSON v}" |
203 | ) config.services.kea.dhcp-ddns.settings; | 206 | ) config.services.kea.dhcp-ddns.settings; |
204 | 207 | ||
205 | config-template = pkgs.writeText "dhcp-ddns.conf" '' | 208 | config-template = pkgs.writeText "dhcp-ddns.conf" '' |
206 | {"DhcpDdns": { | 209 | {"DhcpDdns": { |
207 | ${lib.concatStringsSep ",\n " configLines} | 210 | ${concatStringsSep ",\n " configLines} |
208 | }} | 211 | }} |
209 | ''; | 212 | ''; |
210 | in '' | 213 | in '' |
@@ -212,8 +215,8 @@ | |||
212 | ''; | 215 | ''; |
213 | 216 | ||
214 | serviceConfig = { | 217 | serviceConfig = { |
215 | ExecStart = lib.mkForce '' | 218 | ExecStart = mkForce '' |
216 | ${pkgs.kea}/bin/kea-dhcp-ddns -c "''${RUNTIME_DIRECTORY}/dhcp-ddns.conf" ${lib.escapeShellArgs config.services.kea.dhcp-ddns.extraArgs} | 219 | ${pkgs.kea}/bin/kea-dhcp-ddns -c "''${RUNTIME_DIRECTORY}/dhcp-ddns.conf" ${escapeShellArgs config.services.kea.dhcp-ddns.extraArgs} |
217 | ''; | 220 | ''; |
218 | LoadCredential = [ | 221 | LoadCredential = [ |
219 | "knot-tsig.json.frag:${config.sops.secrets."kea-knot-tsig.json.frag".path}" | 222 | "knot-tsig.json.frag:${config.sops.secrets."kea-knot-tsig.json.frag".path}" |
@@ -226,26 +229,53 @@ | |||
226 | sopsFile = ./knot-tsig.json.frag; | 229 | sopsFile = ./knot-tsig.json.frag; |
227 | }; | 230 | }; |
228 | 231 | ||
229 | systemd.services."installer-atftpd" = { | 232 | systemd.services."pxe-atftpd" = { |
230 | description = "TFTP Server for PXE Booting NixOS Installer"; | 233 | description = "TFTP Server for PXE Booting"; |
231 | after = [ "network.target" ]; | 234 | after = [ "network.target" ]; |
232 | wantedBy = [ "multi-user.target" ]; | 235 | wantedBy = [ "multi-user.target" ]; |
233 | serviceConfig.ExecStart = let | 236 | serviceConfig.ExecStart = let |
234 | installerBuild = flake.nixosConfigurations.installer-x86_64-linux-netboot.config.system.build; | ||
235 | ipxe = pkgs.ipxe.override { | 237 | ipxe = pkgs.ipxe.override { |
236 | additionalTargets = { | 238 | additionalTargets = { |
237 | "bin-i386-efi/ipxe.efi" = "i386-ipxe.efi"; | 239 | "bin-i386-efi/ipxe.efi" = "i386-ipxe.efi"; |
238 | }; | 240 | }; |
239 | }; | 241 | }; |
240 | tftpRoot = pkgs.runCommandLocal "installer-netboot" {} '' | 242 | tftpRoot = pkgs.runCommandLocal "netboot" {} '' |
241 | mkdir -p $out | 243 | mkdir -p $out |
242 | install -m 0444 -t $out \ | 244 | install -m 0444 -t $out \ |
243 | ${installerBuild.netbootRamdisk}/initrd \ | ||
244 | ${installerBuild.kernel}/bzImage \ | ||
245 | ${installerBuild.netbootIpxeScript}/netboot.ipxe \ | ||
246 | ${ipxe}/ipxe.efi ${ipxe}/i386-ipxe.efi ${ipxe}/undionly.kpxe | 245 | ${ipxe}/ipxe.efi ${ipxe}/i386-ipxe.efi ${ipxe}/undionly.kpxe |
246 | |||
247 | ${concatMapStringsSep "\n" (system: | ||
248 | let | ||
249 | installerBuild = (flake.nixosConfigurations.${"installer-${system}-nfsroot"}.extendModules { | ||
250 | modules = [ | ||
251 | ({ ... }: { config.nfsroot.storeDevice = "vidhar:nix-store"; }) | ||
252 | ]; | ||
253 | }).config.system.build; | ||
254 | in '' | ||
255 | mkdir -p $out/installer-${system} | ||
256 | install -m 0444 -t $out/installer-${system} \ | ||
257 | ${installerBuild.initialRamdisk}/initrd \ | ||
258 | ${installerBuild.kernel}/bzImage \ | ||
259 | ${installerBuild.netbootIpxeScript}/netboot.ipxe | ||
260 | '' | ||
261 | ) ["x86_64-linux"]} | ||
247 | ''; | 262 | ''; |
248 | in "${pkgs.atftp}/sbin/atftpd --daemon --no-fork --bind-address=10.141.0.1 ${tftpRoot}"; | 263 | in "${pkgs.atftp}/sbin/atftpd --daemon --no-fork --bind-address=10.141.0.1 ${tftpRoot}"; |
249 | }; | 264 | }; |
265 | |||
266 | services.nfs.server = { | ||
267 | enable = true; | ||
268 | createMountPoints = true; | ||
269 | exports = '' | ||
270 | /export/nix-root 10.141.0.0/24(ro) | ||
271 | ''; | ||
272 | }; | ||
273 | |||
274 | fileSystems = { | ||
275 | "/export/nix-root" = { | ||
276 | device = "/nix/store"; | ||
277 | options = [ "bind" ]; | ||
278 | }; | ||
279 | }; | ||
250 | }; | 280 | }; |
251 | } | 281 | } |
diff --git a/hosts/vidhar/network/dsl.nix b/hosts/vidhar/network/dsl.nix index a5f4daf2..461e74d2 100644 --- a/hosts/vidhar/network/dsl.nix +++ b/hosts/vidhar/network/dsl.nix | |||
@@ -11,7 +11,7 @@ in { | |||
11 | default = "dsl"; | 11 | default = "dsl"; |
12 | }; | 12 | }; |
13 | }; | 13 | }; |
14 | 14 | ||
15 | config = { | 15 | config = { |
16 | networking.vlans = { | 16 | networking.vlans = { |
17 | telekom = { | 17 | telekom = { |
@@ -19,7 +19,7 @@ in { | |||
19 | interface = "eno2"; | 19 | interface = "eno2"; |
20 | }; | 20 | }; |
21 | }; | 21 | }; |
22 | 22 | ||
23 | services.pppd = { | 23 | services.pppd = { |
24 | enable = true; | 24 | enable = true; |
25 | peers.telekom.config = '' | 25 | peers.telekom.config = '' |
@@ -40,7 +40,7 @@ in { | |||
40 | }; | 40 | }; |
41 | systemd.services."pppd-telekom" = { | 41 | systemd.services."pppd-telekom" = { |
42 | stopIfChanged = true; | 42 | stopIfChanged = true; |
43 | 43 | ||
44 | serviceConfig = lib.mkForce { | 44 | serviceConfig = lib.mkForce { |
45 | Type = "notify"; | 45 | Type = "notify"; |
46 | PIDFile = "/run/pppd/${pppInterface}.pid"; | 46 | PIDFile = "/run/pppd/${pppInterface}.pid"; |
@@ -62,7 +62,7 @@ in { | |||
62 | "ppp/ip-up" = { | 62 | "ppp/ip-up" = { |
63 | text = '' | 63 | text = '' |
64 | #!${pkgs.runtimeShell} | 64 | #!${pkgs.runtimeShell} |
65 | ${pkgs.iproute}/bin/ip route add default via "$5" dev "${pppInterface}" metric 512 | 65 | ${pkgs.iproute2}/bin/ip route add default via "$5" dev "${pppInterface}" metric 512 |
66 | ''; | 66 | ''; |
67 | mode = "0555"; | 67 | mode = "0555"; |
68 | }; | 68 | }; |
diff --git a/hosts/vidhar/prometheus/default.nix b/hosts/vidhar/prometheus/default.nix index 7ac86c30..8e5ff0ea 100644 --- a/hosts/vidhar/prometheus/default.nix +++ b/hosts/vidhar/prometheus/default.nix | |||
@@ -61,9 +61,12 @@ in { | |||
61 | }; | 61 | }; |
62 | apcupsd.enable = true; | 62 | apcupsd.enable = true; |
63 | systemd = { | 63 | systemd = { |
64 | enable = true; | 64 | enable = false; # TODO |
65 | extraFlags = [ | 65 | extraFlags = [ |
66 | "--collector.unit-whitelist=(dhcpcd-dsl|pppd-telekom|corerad|ndppd)\.service" | 66 | "--systemd.collector.unit-include=(dhcpcd-dsl|pppd-telekom|corerad|ndppd)\.service" |
67 | "--systemd.collector.enable-restart-count" | ||
68 | "--systemd.collector.enable-file-descriptor-size" | ||
69 | "--systemd.collector.enable-ip-accounting" | ||
67 | ]; | 70 | ]; |
68 | }; | 71 | }; |
69 | blackbox = { | 72 | blackbox = { |