From 747dc5d5b559b7e2c5ea1354a596597110208219 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Tue, 19 May 2026 10:19:18 +0200 Subject: bump --- hosts/surtr/tls/default.nix | 6 +- hosts/vidhar/network/dhcp/default.nix | 102 +++++++++++++++++----------------- 2 files changed, 55 insertions(+), 53 deletions(-) (limited to 'hosts') diff --git a/hosts/surtr/tls/default.nix b/hosts/surtr/tls/default.nix index 2c346baa..edec60b1 100644 --- a/hosts/surtr/tls/default.nix +++ b/hosts/surtr/tls/default.nix @@ -58,16 +58,18 @@ in { extraDomainNames = optional domainCfg.wildcard "*.${domain}"; dnsResolver = "127.0.0.1:53"; dnsProvider = "rfc2136"; - credentialsFile = pkgs.writeText "${domain}_credentials.env" '' + environmentFile = pkgs.writeText "${domain}_credentials.env" '' RFC2136_NAMESERVER=127.0.0.1:53 RFC2136_TSIG_ALGORITHM=hmac-sha256. RFC2136_TSIG_KEY=${domain}_acme_key - RFC2136_TSIG_SECRET_FILE=/run/credentials/acme-order-renew-${domain}.service/${tsigSecretName domain} RFC2136_TTL=0 RFC2136_PROPAGATION_TIMEOUT=60 RFC2136_POLLING_INTERVAL=2 RFC2136_SEQUENCE_INTERVAL=1 ''; + credentialFiles = { + RFC2136_TSIG_SECRET_FILE = "/run/credentials/acme-order-renew-${domain}.service/${tsigSecretName domain}"; + }; dnsPropagationCheck = false; postRun = mkIf (domainCfg.restartUnits != []) '' systemctl --no-block try-restart ${escapeShellArgs domainCfg.restartUnits} diff --git a/hosts/vidhar/network/dhcp/default.nix b/hosts/vidhar/network/dhcp/default.nix index eda27663..557794e0 100644 --- a/hosts/vidhar/network/dhcp/default.nix +++ b/hosts/vidhar/network/dhcp/default.nix @@ -48,12 +48,12 @@ in { }; client-classes = [ - { name = "ipxe-eostre"; - test = "hexstring(pkt4.mac, ':') == '00:d8:61:79:c5:40' and option[77].hex == 'iPXE-yggdrasil'"; - next-server = tftpIp; - boot-file-name = "${nfsrootBaseUrl}/eostre.menu.ipxe"; - only-if-required = true; - } + # { name = "ipxe-eostre"; + # test = "hexstring(pkt4.mac, ':') == '00:d8:61:79:c5:40' and option[77].hex == 'iPXE-yggdrasil'"; + # next-server = tftpIp; + # boot-file-name = "${nfsrootBaseUrl}/eostre.menu.ipxe"; + # only-if-required = true; + # } { name = "ipxe-yggdrasil"; test = "option[77].hex == 'iPXE-yggdrasil'"; next-server = tftpIp; @@ -364,57 +364,57 @@ in { install -m 0444 ${sources.netbootxyz-efi.src} $out/netboot.xyz.efi install -m 0444 ${sources.netbootxyz-lkrn.src} $out/netboot.xyz.lkrn '') - (builtins.addErrorContext "while evaluating eostre" (let - eostreBuild' = (flake.nixosConfigurations.eostre.extendModules { - modules = [ - ({ ... }: { - config.nfsroot.storeDevice = "${nfsIp}:nix-store"; - config.nfsroot.registrationUrl = "${nfsrootBaseUrl}/eostre/registration"; - config.system.nixos.label = "eostre"; - }) - ]; - }); - eostreBuild = eostreBuild'.config.system.build; - in builtins.toPath (pkgs.runCommandLocal "eostre" {} '' - mkdir -p $out/eostre - install -m 0444 -t $out/eostre \ - ${eostreBuild.initialRamdisk}/initrd \ - ${eostreBuild.kernel}/bzImage \ - ${eostreBuild.netbootIpxeScript}/netboot.ipxe \ - ${pkgs.closureInfo { rootPaths = eostreBuild.storeContents; }}/registration - install -m 0444 ${pkgs.writeText "eostre.menu.ipxe" '' - #!ipxe + # (builtins.addErrorContext "while evaluating eostre" (let + # eostreBuild' = (flake.nixosConfigurations.eostre.extendModules { + # modules = [ + # ({ ... }: { + # config.nfsroot.storeDevice = "${nfsIp}:nix-store"; + # config.nfsroot.registrationUrl = "${nfsrootBaseUrl}/eostre/registration"; + # config.system.nixos.label = "eostre"; + # }) + # ]; + # }); + # eostreBuild = eostreBuild'.config.system.build; + # in builtins.toPath (pkgs.runCommandLocal "eostre" {} '' + # mkdir -p $out/eostre + # install -m 0444 -t $out/eostre \ + # ${eostreBuild.initialRamdisk}/initrd \ + # ${eostreBuild.kernel}/bzImage \ + # ${eostreBuild.netbootIpxeScript}/netboot.ipxe \ + # ${pkgs.closureInfo { rootPaths = eostreBuild.storeContents; }}/registration + # install -m 0444 ${pkgs.writeText "eostre.menu.ipxe" '' + # #!ipxe - set menu-timeout 5000 + # set menu-timeout 5000 - :start - menu iPXE boot menu for eostre - item eostre ${with eostreBuild'; "${config.system.nixos.distroName} ${config.system.nixos.codeName} ${config.system.nixos.label} (Linux ${config.boot.kernelPackages.kernel.modDirVersion})"} - item memtest memtest86plus - item netboot netboot.xyz - item shell iPXE shell - choose --timeout ''${menu-timeout} --default eostre selected || goto shell - set menu-timeout 0 - goto ''${selected} + # :start + # menu iPXE boot menu for eostre + # item eostre ${with eostreBuild'; "${config.system.nixos.distroName} ${config.system.nixos.codeName} ${config.system.nixos.label} (Linux ${config.boot.kernelPackages.kernel.modDirVersion})"} + # item memtest memtest86plus + # item netboot netboot.xyz + # item shell iPXE shell + # choose --timeout ''${menu-timeout} --default eostre selected || goto shell + # set menu-timeout 0 + # goto ''${selected} - :shell - set menu-timeout 0 - shell - goto start + # :shell + # set menu-timeout 0 + # shell + # goto start - :eostre - chain eostre/netboot.ipxe - goto start + # :eostre + # chain eostre/netboot.ipxe + # goto start - :netboot - iseq ''${platform} efi && chain --autofree netboot.xyz.efi || chain --autofree netboot.xyz.lkrn - goto start + # :netboot + # iseq ''${platform} efi && chain --autofree netboot.xyz.efi || chain --autofree netboot.xyz.lkrn + # goto start - :memtest - chain --autofree mt86plus.efi - goto start - ''} $out/eostre.menu.ipxe - ''))) + # :memtest + # chain --autofree mt86plus.efi + # goto start + # ''} $out/eostre.menu.ipxe + # ''))) ]; }; }; -- cgit v1.2.3