From f300ea69b66427bd2a5a92a4c4f0db0aa99392b0 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Mon, 31 Oct 2022 15:15:00 +0100 Subject: ... --- hosts/vidhar/default.nix | 46 ++++++++++++++++++++--------------- hosts/vidhar/network/dhcp/default.nix | 28 +++++++++++++++++++-- hosts/vidhar/samba.nix | 25 ++++++++++++++++--- hosts/vidhar/zfs.nix | 12 ++++----- 4 files changed, 80 insertions(+), 31 deletions(-) (limited to 'hosts/vidhar') diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix index 3f5d17d5..fc77f03c 100644 --- a/hosts/vidhar/default.nix +++ b/hosts/vidhar/default.nix @@ -235,25 +235,30 @@ with lib; ]; }; }; - systemd.services.loki.preStart = let - rulesYaml = generators.toYAML {} { - groups = [ - { name = "power-failures"; - rules = [ - { record = "apcupsd_power_failures:per_day"; - expr = "sum by (nodename) (rate({job=\"systemd-journal\"} | json | MESSAGE = \"Power failure.\"[1d])) * 86400"; - } - { record = "apcupsd_power_failures:per_week"; - expr = "sum by (nodename) (rate({job=\"systemd-journal\"} | json | MESSAGE = \"Power failure.\"[1w])) * 604800"; - } - ]; - } - ]; - }; - in '' - ${pkgs.coreutils}/bin/install -m 0755 -o ${config.services.loki.user} -g ${config.services.loki.group} -d ${config.services.loki.configuration.ruler.storage.local.directory}/fake - ${pkgs.coreutils}/bin/ln -sf ${pkgs.writeText "rules.yml" rulesYaml} ${config.services.loki.configuration.ruler.storage.local.directory}/fake/rules.yml - ''; + systemd.services.loki = { + preStart = let + rulesYaml = generators.toYAML {} { + groups = [ + { name = "power-failures"; + rules = [ + { record = "apcupsd_power_failures:per_day"; + expr = "sum by (nodename) (rate({job=\"systemd-journal\"} | json | MESSAGE = \"Power failure.\"[1d])) * 86400"; + } + { record = "apcupsd_power_failures:per_week"; + expr = "sum by (nodename) (rate({job=\"systemd-journal\"} | json | MESSAGE = \"Power failure.\"[1w])) * 604800"; + } + ]; + } + ]; + }; + in '' + ${pkgs.coreutils}/bin/install -m 0755 -o ${config.services.loki.user} -g ${config.services.loki.group} -d ${config.services.loki.configuration.ruler.storage.local.directory}/fake + ${pkgs.coreutils}/bin/ln -sf ${pkgs.writeText "rules.yml" rulesYaml} ${config.services.loki.configuration.ruler.storage.local.directory}/fake/rules.yml + ''; + serviceConfig.Environment = [ + "ASSUME_NO_MOVING_GC_UNSAFE_RISK_IT_WITH=go1.19" + ]; + }; services.promtail = { enable = true; configuration = { @@ -286,6 +291,9 @@ with lib; ]; }; }; + systemd.services.promtail.serviceConfig.Environment = [ + "ASSUME_NO_MOVING_GC_UNSAFE_RISK_IT_WITH=go1.19" + ]; services.apcupsd = { enable = true; diff --git a/hosts/vidhar/network/dhcp/default.nix b/hosts/vidhar/network/dhcp/default.nix index dfaa4c9f..d3407f1d 100644 --- a/hosts/vidhar/network/dhcp/default.nix +++ b/hosts/vidhar/network/dhcp/default.nix @@ -23,6 +23,12 @@ with lib; }; client-classes = [ + { name = "eos-ipxe"; + test = "hexstring(pkt4.mac, ':') == '00:d8:61:79:c5:40' and option[77].hex == 'iPXE'"; + next-server = "10.141.0.1"; + boot-file-name = "http://nfsroot.vidhar.yggdrasil/eos/netboot.ipxe"; + only-if-required = true; + } { name = "ipxe"; test = "option[77].hex == 'iPXE'"; next-server = "10.141.0.1"; @@ -85,7 +91,7 @@ with lib; ddns-send-updates = true; ddns-qualifying-suffix = "lan.yggdrasil"; pools = [ { pool = "10.141.0.128 - 10.141.0.254"; } ]; - require-client-classes = ["ipxe" "uefi-64" "uefi-32" "legacy"]; + require-client-classes = map (cc: cc.name) config.services.kea.dhcp4.settings.client-classes; reservations = [ { hostname = "sif"; hw-address = "3c:e1:a1:52:24:35"; @@ -258,7 +264,25 @@ with lib; ${pkgs.closureInfo { rootPaths = installerBuild.storeContents; }}/registration '') ) ["x86_64-linux"] - ); + ) ++ [ + (let + eosBuild = (flake.nixosConfigurations.eos.extendModules { + modules = [ + ({ ... }: { + config.nfsroot.storeDevice = "10.141.0.1:nix-store"; + config.nfsroot.registrationUrl = "http://nfsroot.vidhar.yggdrasil/eos/registration"; + }) + ]; + }).config.system.build; + in builtins.toPath (pkgs.runCommandLocal "eos" {} '' + mkdir -p $out/eos + install -m 0444 -t $out/eos \ + ${eosBuild.initialRamdisk}/initrd \ + ${eosBuild.kernel}/bzImage \ + ${eosBuild.netbootIpxeScript}/netboot.ipxe \ + ${pkgs.closureInfo { rootPaths = eosBuild.storeContents; }}/registration + '')) + ]; }; }; }; diff --git a/hosts/vidhar/samba.nix b/hosts/vidhar/samba.nix index 0ddf56a3..ffca9c6d 100644 --- a/hosts/vidhar/samba.nix +++ b/hosts/vidhar/samba.nix @@ -14,28 +14,45 @@ guest account = nobody bind interfaces only = yes interfaces = lo lan + server signing = mandatory + server min protocol = SMB3 + server smb encrypt = required ''; shares = { homes = { - comment = "Home Directories"; + comment = "Home directory for %S"; path = "/home/%S"; - browseable = "no"; + browseable = false; "valid users" = "%S"; - "read only" = "no"; + "read only" = false; "create mask" = "0700"; "directory mask" = "0700"; "vfs objects" = "shadow_copy2"; "shadow:snapdir" = ".zfs/snapshot"; + "shadow:snapdirseverywhere" = true; "shadow:sort" = "desc"; "shadow:format" = "%Y-%m-%dT%H:%M:%SZ"; }; eos = { - comment = "Disk image of eos"; + comment = "Disk image of legacy eos"; browseable = true; "valid users" = "mherold"; writeable = "true"; path = "/srv/eos"; }; + home-eos = { + comment = "Home directoriy for %u on PXE booted EOS"; + path = "/srv/cifs/home-eos/%u"; + volume = "%u@eos"; + browseable = true; + "read only" = false; + "create mask" = "0700"; + "directory mask" = "0700"; + "vfs objects" = "shadow_copy2"; + "shadow:snapdir" = ".zfs/snapshot"; + "shadow:sort" = "desc"; + "shadow:format" = "%Y-%m-%dT%H:%M:%SZ"; + }; }; }; services.samba-wsdd = { diff --git a/hosts/vidhar/zfs.nix b/hosts/vidhar/zfs.nix index 52b48aca..1de4b9b7 100644 --- a/hosts/vidhar/zfs.nix +++ b/hosts/vidhar/zfs.nix @@ -23,7 +23,7 @@ fsType = "zfs"; neededForBoot = true; }; - + "/var/lib/nixos" = { device = "ssd-raid1/local/var-lib-nixos"; fsType = "zfs"; @@ -34,22 +34,22 @@ { device = "ssd-raid1/local/var-lib-unbound"; fsType = "zfs"; }; - + # "/var/lib/dhcp" = # { device = "ssd-raid1/local/var-lib-dhcp"; # fsType = "zfs"; # }; - + "/var/lib/chrony" = { device = "ssd-raid1/local/var-lib-chrony"; fsType = "zfs"; }; - + "/var/lib/samba" = { device = "ssd-raid1/local/var-lib-samba"; fsType = "zfs"; }; - + # "/var/lib/prometheus2" = # { device = "ssd-raid1/local/var-lib-prometheus2"; # fsType = "zfs"; @@ -67,7 +67,7 @@ # fsType = "zfs"; # options = [ "zfsutil" ]; # }; - + # "/srv/tftp" = # { device = "ssd-raid1/local/srv-tftp"; # fsType = "zfs"; -- cgit v1.2.3