summaryrefslogtreecommitdiff
path: root/hosts
diff options
context:
space:
mode:
Diffstat (limited to 'hosts')
-rw-r--r--hosts/sif/default.nix17
-rw-r--r--hosts/vidhar/network/default.nix41
-rw-r--r--hosts/vidhar/network/ruleset.nft4
3 files changed, 43 insertions, 19 deletions
diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix
index 24cc86ac..647021ca 100644
--- a/hosts/sif/default.nix
+++ b/hosts/sif/default.nix
@@ -14,6 +14,7 @@ in {
14 ./hw.nix 14 ./hw.nix
15 ./mail 15 ./mail
16 initrd-all-crypto-modules default-locale openssh rebuild-machines 16 initrd-all-crypto-modules default-locale openssh rebuild-machines
17 networkmanager
17 ]; 18 ];
18 19
19 config = { 20 config = {
@@ -71,16 +72,6 @@ in {
71 ]; 72 ];
72 }; 73 };
73 74
74 networkmanager = {
75 enable = true;
76 dhcp = "internal";
77 dns = lib.mkForce "dnsmasq";
78 extraConfig = ''
79 [connectivity]
80 uri=https://online.yggdrasil.li
81 '';
82 };
83
84 # wlanInterfaces = { 75 # wlanInterfaces = {
85 # wlan0 = { 76 # wlan0 = {
86 # device = "wlp82s0"; 77 # device = "wlp82s0";
@@ -98,7 +89,6 @@ in {
98 # }; 89 # };
99 # }; 90 # };
100 91
101 dhcpcd.enable = false;
102 useDHCP = false; 92 useDHCP = false;
103 useNetworkd = true; 93 useNetworkd = true;
104 94
@@ -109,9 +99,6 @@ in {
109 # }; 99 # };
110 }; 100 };
111 101
112 systemd.services."NetworkManager-wait-online".enable = false;
113 systemd.services."systemd-networkd-wait-online".enable = false;
114
115 environment.etc."NetworkManager/dnsmasq.d/libvirtd_dnsmasq.conf" = { 102 environment.etc."NetworkManager/dnsmasq.d/libvirtd_dnsmasq.conf" = {
116 text = '' 103 text = ''
117 server=/sif.libvirt/192.168.122.1 104 server=/sif.libvirt/192.168.122.1
@@ -205,8 +192,6 @@ in {
205 }; 192 };
206 networking.networkmanager.unmanaged = ["wgrz"]; 193 networking.networkmanager.unmanaged = ["wgrz"];
207 194
208 services.resolved.enable = false;
209
210 services.openssh.enable = true; 195 services.openssh.enable = true;
211 196
212 powerManagement = { 197 powerManagement = {
diff --git a/hosts/vidhar/network/default.nix b/hosts/vidhar/network/default.nix
index 2444f537..ab79dd16 100644
--- a/hosts/vidhar/network/default.nix
+++ b/hosts/vidhar/network/default.nix
@@ -1,4 +1,4 @@
1{ config, lib, pkgs, ... }: 1{ flake, config, lib, pkgs, ... }:
2{ 2{
3 imports = [ ./dsl.nix ./bifrost ]; 3 imports = [ ./dsl.nix ./bifrost ];
4 4
@@ -71,6 +71,27 @@
71 type = "memfile"; 71 type = "memfile";
72 }; 72 };
73 73
74 client-classes = [
75 { name = "ipxe";
76 test = "option[77].hex == 'iPXE'";
77 next-server = "10.141.0.1";
78 boot-file-name = "netboot.ipxe";
79 only-if-required = true;
80 }
81 { name = "uefi-64";
82 test = "substring(option[60].hex,0,20) == 'PXEClient:Arch:00007' or substring(option[60].hex,0,20) == 'PXEClient:Arch:00008' or substring(option[60].hex,0,20) == 'PXEClient:Arch:00009'";
83 only-if-required = true;
84 tftp-server-name = "10.141.0.1";
85 boot-file-name = "ipxe.efi";
86 }
87 { name = "legacy";
88 test = "substring(option[60].hex,0,20) == 'PXEClient:Arch:00000'";
89 only-if-required = true;
90 tftp-server-name = "10.141.0.1";
91 boot-file-name = "undionly.kpxe";
92 }
93 ];
94
74 subnet4 = [ 95 subnet4 = [
75 { subnet = "10.141.0.0/24"; 96 { subnet = "10.141.0.0/24";
76 option-data = [ 97 option-data = [
@@ -89,6 +110,7 @@
89 ]; 110 ];
90 pools = [ { pool = "10.141.0.128 - 10.141.0.254"; } ]; 111 pools = [ { pool = "10.141.0.128 - 10.141.0.254"; } ];
91 reservations = []; 112 reservations = [];
113 require-client-classes = ["ipxe" "uefi-64" "legacy"];
92 } 114 }
93 { subnet = "10.141.1.0/24"; 115 { subnet = "10.141.1.0/24";
94 option-data = [ 116 option-data = [
@@ -157,5 +179,22 @@
157 networkConfig.LinkLocalAddressing = "no"; 179 networkConfig.LinkLocalAddressing = "no";
158 }; 180 };
159 }; 181 };
182
183 systemd.services."installer-atftpd" = {
184 description = "TFTP Server for PXE Booting NixOS Installer";
185 after = [ "network.target" ];
186 wantedBy = [ "multi-user.target" ];
187 serviceConfig.ExecStart = let
188 installerBuild = flake.nixosConfigurations.installer-x86_64-linux-netboot.config.system.build;
189 tftpRoot = pkgs.runCommandLocal "installer-netboot" {} ''
190 mkdir -p $out
191 install -m 0444 -t $out \
192 ${installerBuild.netbootRamdisk}/initrd \
193 ${installerBuild.kernel}/bzImage \
194 ${installerBuild.netbootIpxeScript}/netboot.ipxe \
195 ${pkgs.ipxe}/ipxe.efi ${pkgs.ipxe}/undionly.kpxe
196 '';
197 in "${pkgs.atftp} --daemon --no-fork --bind-address=10.141.0.1 ${tftpRoot}";
198 };
160 }; 199 };
161} 200}
diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft
index f2b1eda0..0f591f24 100644
--- a/hosts/vidhar/network/ruleset.nft
+++ b/hosts/vidhar/network/ruleset.nft
@@ -183,7 +183,7 @@ table inet filter {
183 183
184 iifname yggdrasil tcp dport { 80, 443 } counter name http-rx accept 184 iifname yggdrasil tcp dport { 80, 443 } counter name http-rx accept
185 185
186 iifname mgmt udp dport 69 counter name tftp-rx accept 186 iifname { lan, mgmt } udp dport 69 counter name tftp-rx accept
187 187
188 ct state {established, related} counter name established-rx accept 188 ct state {established, related} counter name established-rx accept
189 189
@@ -228,7 +228,7 @@ table inet filter {
228 tcp sport 80 counter name http-tx accept 228 tcp sport 80 counter name http-tx accept
229 229
230 udp sport 69 counter name tftp-tx accept 230 udp sport 69 counter name tftp-tx accept
231 iifname mgmt udp dport 69 counter name tftp-tx accept 231 udp dport 69 counter name tftp-tx accept
232 232
233 233
234 counter name tx 234 counter name tx
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-21 22:42:57 +0000