From 9248259708bd6ade5e334a2cdfb29d2a20acb0dd Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Mon, 3 Oct 2022 17:15:36 +0200 Subject: ... --- hosts/vidhar/borg/default.nix | 6 ++-- hosts/vidhar/network/dhcp/default.nix | 58 ++++++++++++++++++++++++++--------- hosts/vidhar/network/dsl.nix | 8 ++--- hosts/vidhar/prometheus/default.nix | 7 +++-- 4 files changed, 56 insertions(+), 23 deletions(-) (limited to 'hosts/vidhar') diff --git a/hosts/vidhar/borg/default.nix b/hosts/vidhar/borg/default.nix index 650c91ee..79c75c4d 100644 --- a/hosts/vidhar/borg/default.nix +++ b/hosts/vidhar/borg/default.nix @@ -57,7 +57,7 @@ let buildInputs = with pkgs; [makeWrapper]; - python = inpPython.withPackages (ps: with ps; [humanize tqdm dateutil xdg python-unshare pyprctl halo]); + python = inpPython.withPackages (ps: with ps; [humanize tqdm python-dateutil xdg python-unshare pyprctl halo]); buildPhase = '' substitute $src copy \ @@ -74,7 +74,7 @@ let copy wrapProgram $out/bin/copy \ - --prefix PATH : ${makeBinPath (with pkgs; [utillinux borgbackup])}:${config.security.wrapperDir} + --prefix PATH : ${makeBinPath (with pkgs; [util-linux borgbackup])}:${config.security.wrapperDir} ''; }); @@ -93,7 +93,7 @@ let ''; postInstall = '' wrapProgram $out/bin/borgsnap \ - --prefix PATH : ${makeBinPath (with pkgs; [utillinux borgbackup])}:${config.security.wrapperDir} + --prefix PATH : ${makeBinPath (with pkgs; [util-linux borgbackup])}:${config.security.wrapperDir} ''; providers.python-unshare = "nixpkgs"; diff --git a/hosts/vidhar/network/dhcp/default.nix b/hosts/vidhar/network/dhcp/default.nix index 067dc6d6..e14b15ac 100644 --- a/hosts/vidhar/network/dhcp/default.nix +++ b/hosts/vidhar/network/dhcp/default.nix @@ -1,4 +1,7 @@ { flake, config, pkgs, lib, ... }: + +with lib; + { config = { services.kea = { @@ -23,7 +26,7 @@ { name = "ipxe"; test = "option[77].hex == 'iPXE'"; next-server = "10.141.0.1"; - boot-file-name = "netboot.ipxe"; + boot-file-name = "installer-x86_64-linux/netboot.ipxe"; only-if-required = true; } { name = "uefi-64"; @@ -146,7 +149,7 @@ pools = [ { pool = "10.141.2.128 - 10.141.2.254"; } ]; reservations = []; } - ]; + ]; }; }; # dhcp6 = { @@ -195,16 +198,16 @@ }; systemd.services.kea-dhcp-ddns-server = { - preStart = let + preStart = let configLines = [ "" - ] ++ lib.mapAttrsToList (k: v: + ] ++ mapAttrsToList (k: v: "\"${k}\": ${builtins.toJSON v}" ) config.services.kea.dhcp-ddns.settings; config-template = pkgs.writeText "dhcp-ddns.conf" '' {"DhcpDdns": { - ${lib.concatStringsSep ",\n " configLines} + ${concatStringsSep ",\n " configLines} }} ''; in '' @@ -212,8 +215,8 @@ ''; serviceConfig = { - ExecStart = lib.mkForce '' - ${pkgs.kea}/bin/kea-dhcp-ddns -c "''${RUNTIME_DIRECTORY}/dhcp-ddns.conf" ${lib.escapeShellArgs config.services.kea.dhcp-ddns.extraArgs} + ExecStart = mkForce '' + ${pkgs.kea}/bin/kea-dhcp-ddns -c "''${RUNTIME_DIRECTORY}/dhcp-ddns.conf" ${escapeShellArgs config.services.kea.dhcp-ddns.extraArgs} ''; LoadCredential = [ "knot-tsig.json.frag:${config.sops.secrets."kea-knot-tsig.json.frag".path}" @@ -226,26 +229,53 @@ sopsFile = ./knot-tsig.json.frag; }; - systemd.services."installer-atftpd" = { - description = "TFTP Server for PXE Booting NixOS Installer"; + systemd.services."pxe-atftpd" = { + description = "TFTP Server for PXE Booting"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; serviceConfig.ExecStart = let - installerBuild = flake.nixosConfigurations.installer-x86_64-linux-netboot.config.system.build; ipxe = pkgs.ipxe.override { additionalTargets = { "bin-i386-efi/ipxe.efi" = "i386-ipxe.efi"; }; }; - tftpRoot = pkgs.runCommandLocal "installer-netboot" {} '' + tftpRoot = pkgs.runCommandLocal "netboot" {} '' mkdir -p $out install -m 0444 -t $out \ - ${installerBuild.netbootRamdisk}/initrd \ - ${installerBuild.kernel}/bzImage \ - ${installerBuild.netbootIpxeScript}/netboot.ipxe \ ${ipxe}/ipxe.efi ${ipxe}/i386-ipxe.efi ${ipxe}/undionly.kpxe + + ${concatMapStringsSep "\n" (system: + let + installerBuild = (flake.nixosConfigurations.${"installer-${system}-nfsroot"}.extendModules { + modules = [ + ({ ... }: { config.nfsroot.storeDevice = "vidhar:nix-store"; }) + ]; + }).config.system.build; + in '' + mkdir -p $out/installer-${system} + install -m 0444 -t $out/installer-${system} \ + ${installerBuild.initialRamdisk}/initrd \ + ${installerBuild.kernel}/bzImage \ + ${installerBuild.netbootIpxeScript}/netboot.ipxe + '' + ) ["x86_64-linux"]} ''; in "${pkgs.atftp}/sbin/atftpd --daemon --no-fork --bind-address=10.141.0.1 ${tftpRoot}"; }; + + services.nfs.server = { + enable = true; + createMountPoints = true; + exports = '' + /export/nix-root 10.141.0.0/24(ro) + ''; + }; + + fileSystems = { + "/export/nix-root" = { + device = "/nix/store"; + options = [ "bind" ]; + }; + }; }; } diff --git a/hosts/vidhar/network/dsl.nix b/hosts/vidhar/network/dsl.nix index a5f4daf2..461e74d2 100644 --- a/hosts/vidhar/network/dsl.nix +++ b/hosts/vidhar/network/dsl.nix @@ -11,7 +11,7 @@ in { default = "dsl"; }; }; - + config = { networking.vlans = { telekom = { @@ -19,7 +19,7 @@ in { interface = "eno2"; }; }; - + services.pppd = { enable = true; peers.telekom.config = '' @@ -40,7 +40,7 @@ in { }; systemd.services."pppd-telekom" = { stopIfChanged = true; - + serviceConfig = lib.mkForce { Type = "notify"; PIDFile = "/run/pppd/${pppInterface}.pid"; @@ -62,7 +62,7 @@ in { "ppp/ip-up" = { text = '' #!${pkgs.runtimeShell} - ${pkgs.iproute}/bin/ip route add default via "$5" dev "${pppInterface}" metric 512 + ${pkgs.iproute2}/bin/ip route add default via "$5" dev "${pppInterface}" metric 512 ''; mode = "0555"; }; diff --git a/hosts/vidhar/prometheus/default.nix b/hosts/vidhar/prometheus/default.nix index 7ac86c30..8e5ff0ea 100644 --- a/hosts/vidhar/prometheus/default.nix +++ b/hosts/vidhar/prometheus/default.nix @@ -61,9 +61,12 @@ in { }; apcupsd.enable = true; systemd = { - enable = true; + enable = false; # TODO extraFlags = [ - "--collector.unit-whitelist=(dhcpcd-dsl|pppd-telekom|corerad|ndppd)\.service" + "--systemd.collector.unit-include=(dhcpcd-dsl|pppd-telekom|corerad|ndppd)\.service" + "--systemd.collector.enable-restart-count" + "--systemd.collector.enable-file-descriptor-size" + "--systemd.collector.enable-ip-accounting" ]; }; blackbox = { -- cgit v1.2.3