From 9248259708bd6ade5e334a2cdfb29d2a20acb0dd Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 3 Oct 2022 17:15:36 +0200
Subject: ...
---
hosts/sif/default.nix | 18 ++++++-----
hosts/surtr/vpn/default.nix | 4 +--
hosts/vidhar/borg/default.nix | 6 ++--
hosts/vidhar/network/dhcp/default.nix | 58 ++++++++++++++++++++++++++---------
hosts/vidhar/network/dsl.nix | 8 ++---
hosts/vidhar/prometheus/default.nix | 7 +++--
6 files changed, 68 insertions(+), 33 deletions(-)
(limited to 'hosts')
diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix
index b4713736..b38a387c 100644
--- a/hosts/sif/default.nix
+++ b/hosts/sif/default.nix
@@ -290,7 +290,7 @@ in {
services = {
udev.packages = with pkgs; [ uhk-agent ];
-
+
# tinc.yggdrasil.enable = true;
uucp = {
@@ -313,9 +313,9 @@ in {
fprintd.enable = true;
blueman.enable = true;
-
+
colord.enable = true;
-
+
vnstat.enable = true;
upower.enable = true;
@@ -468,8 +468,8 @@ in {
hardware = {
bluetooth = {
- enable = true;
- package = pkgs.bluezFull;
+ enable = true;
+ package = pkgs.bluez;
settings = {
General = {
Enable = "Source,Sink,Media,Socket";
@@ -510,12 +510,14 @@ in {
daemonCPUSchedPolicy = "idle";
daemonIOSchedClass = "idle";
- buildServers.vidhar = {
+ buildServers.vidhar = let
+ vidhar = flake.nixosConfigurations.vidhar;
+ in {
address = "vidhar.yggdrasil";
- systems = ["x86_64-linux" "i686-linux"];
+ systems = [vidhar.config.nixpkgs.system] ++ vidhar.config.nix.settings.extra-platforms;
+ supportedFeatures = vidhar.config.nix.settings.system-features;
maxJobs = 12;
speedFactor = 4;
- supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"];
};
};
diff --git a/hosts/surtr/vpn/default.nix b/hosts/surtr/vpn/default.nix
index cad3b5b4..7f3065f7 100644
--- a/hosts/surtr/vpn/default.nix
+++ b/hosts/surtr/vpn/default.nix
@@ -143,9 +143,9 @@ in {
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
- ExecStop = "${pkgs.iproute}/bin/ip netns exec vpn ip link delete upstream";
+ ExecStop = "${pkgs.iproute2}/bin/ip netns exec vpn ip link delete upstream";
};
- path = with pkgs; [ iproute procps ];
+ path = with pkgs; [ iproute2 procps ];
script = ''
ip netns exec vpn sysctl \
net.ipv6.conf.all.forwarding=1 \
diff --git a/hosts/vidhar/borg/default.nix b/hosts/vidhar/borg/default.nix
index 650c91ee..79c75c4d 100644
--- a/hosts/vidhar/borg/default.nix
+++ b/hosts/vidhar/borg/default.nix
@@ -57,7 +57,7 @@ let
buildInputs = with pkgs; [makeWrapper];
- python = inpPython.withPackages (ps: with ps; [humanize tqdm dateutil xdg python-unshare pyprctl halo]);
+ python = inpPython.withPackages (ps: with ps; [humanize tqdm python-dateutil xdg python-unshare pyprctl halo]);
buildPhase = ''
substitute $src copy \
@@ -74,7 +74,7 @@ let
copy
wrapProgram $out/bin/copy \
- --prefix PATH : ${makeBinPath (with pkgs; [utillinux borgbackup])}:${config.security.wrapperDir}
+ --prefix PATH : ${makeBinPath (with pkgs; [util-linux borgbackup])}:${config.security.wrapperDir}
'';
});
@@ -93,7 +93,7 @@ let
'';
postInstall = ''
wrapProgram $out/bin/borgsnap \
- --prefix PATH : ${makeBinPath (with pkgs; [utillinux borgbackup])}:${config.security.wrapperDir}
+ --prefix PATH : ${makeBinPath (with pkgs; [util-linux borgbackup])}:${config.security.wrapperDir}
'';
providers.python-unshare = "nixpkgs";
diff --git a/hosts/vidhar/network/dhcp/default.nix b/hosts/vidhar/network/dhcp/default.nix
index 067dc6d6..e14b15ac 100644
--- a/hosts/vidhar/network/dhcp/default.nix
+++ b/hosts/vidhar/network/dhcp/default.nix
@@ -1,4 +1,7 @@
{ flake, config, pkgs, lib, ... }:
+
+with lib;
+
{
config = {
services.kea = {
@@ -23,7 +26,7 @@
{ name = "ipxe";
test = "option[77].hex == 'iPXE'";
next-server = "10.141.0.1";
- boot-file-name = "netboot.ipxe";
+ boot-file-name = "installer-x86_64-linux/netboot.ipxe";
only-if-required = true;
}
{ name = "uefi-64";
@@ -146,7 +149,7 @@
pools = [ { pool = "10.141.2.128 - 10.141.2.254"; } ];
reservations = [];
}
- ];
+ ];
};
};
# dhcp6 = {
@@ -195,16 +198,16 @@
};
systemd.services.kea-dhcp-ddns-server = {
- preStart = let
+ preStart = let
configLines = [
"<?include \"\${CREDENTIALS_DIRECTORY}/knot-tsig.json.frag\"?>"
- ] ++ lib.mapAttrsToList (k: v:
+ ] ++ mapAttrsToList (k: v:
"\"${k}\": ${builtins.toJSON v}"
) config.services.kea.dhcp-ddns.settings;
config-template = pkgs.writeText "dhcp-ddns.conf" ''
{"DhcpDdns": {
- ${lib.concatStringsSep ",\n " configLines}
+ ${concatStringsSep ",\n " configLines}
}}
'';
in ''
@@ -212,8 +215,8 @@
'';
serviceConfig = {
- ExecStart = lib.mkForce ''
- ${pkgs.kea}/bin/kea-dhcp-ddns -c "''${RUNTIME_DIRECTORY}/dhcp-ddns.conf" ${lib.escapeShellArgs config.services.kea.dhcp-ddns.extraArgs}
+ ExecStart = mkForce ''
+ ${pkgs.kea}/bin/kea-dhcp-ddns -c "''${RUNTIME_DIRECTORY}/dhcp-ddns.conf" ${escapeShellArgs config.services.kea.dhcp-ddns.extraArgs}
'';
LoadCredential = [
"knot-tsig.json.frag:${config.sops.secrets."kea-knot-tsig.json.frag".path}"
@@ -226,26 +229,53 @@
sopsFile = ./knot-tsig.json.frag;
};
- systemd.services."installer-atftpd" = {
- description = "TFTP Server for PXE Booting NixOS Installer";
+ systemd.services."pxe-atftpd" = {
+ description = "TFTP Server for PXE Booting";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.ExecStart = let
- installerBuild = flake.nixosConfigurations.installer-x86_64-linux-netboot.config.system.build;
ipxe = pkgs.ipxe.override {
additionalTargets = {
"bin-i386-efi/ipxe.efi" = "i386-ipxe.efi";
};
};
- tftpRoot = pkgs.runCommandLocal "installer-netboot" {} ''
+ tftpRoot = pkgs.runCommandLocal "netboot" {} ''
mkdir -p $out
install -m 0444 -t $out \
- ${installerBuild.netbootRamdisk}/initrd \
- ${installerBuild.kernel}/bzImage \
- ${installerBuild.netbootIpxeScript}/netboot.ipxe \
${ipxe}/ipxe.efi ${ipxe}/i386-ipxe.efi ${ipxe}/undionly.kpxe
+
+ ${concatMapStringsSep "\n" (system:
+ let
+ installerBuild = (flake.nixosConfigurations.${"installer-${system}-nfsroot"}.extendModules {
+ modules = [
+ ({ ... }: { config.nfsroot.storeDevice = "vidhar:nix-store"; })
+ ];
+ }).config.system.build;
+ in ''
+ mkdir -p $out/installer-${system}
+ install -m 0444 -t $out/installer-${system} \
+ ${installerBuild.initialRamdisk}/initrd \
+ ${installerBuild.kernel}/bzImage \
+ ${installerBuild.netbootIpxeScript}/netboot.ipxe
+ ''
+ ) ["x86_64-linux"]}
'';
in "${pkgs.atftp}/sbin/atftpd --daemon --no-fork --bind-address=10.141.0.1 ${tftpRoot}";
};
+
+ services.nfs.server = {
+ enable = true;
+ createMountPoints = true;
+ exports = ''
+ /export/nix-root 10.141.0.0/24(ro)
+ '';
+ };
+
+ fileSystems = {
+ "/export/nix-root" = {
+ device = "/nix/store";
+ options = [ "bind" ];
+ };
+ };
};
}
diff --git a/hosts/vidhar/network/dsl.nix b/hosts/vidhar/network/dsl.nix
index a5f4daf2..461e74d2 100644
--- a/hosts/vidhar/network/dsl.nix
+++ b/hosts/vidhar/network/dsl.nix
@@ -11,7 +11,7 @@ in {
default = "dsl";
};
};
-
+
config = {
networking.vlans = {
telekom = {
@@ -19,7 +19,7 @@ in {
interface = "eno2";
};
};
-
+
services.pppd = {
enable = true;
peers.telekom.config = ''
@@ -40,7 +40,7 @@ in {
};
systemd.services."pppd-telekom" = {
stopIfChanged = true;
-
+
serviceConfig = lib.mkForce {
Type = "notify";
PIDFile = "/run/pppd/${pppInterface}.pid";
@@ -62,7 +62,7 @@ in {
"ppp/ip-up" = {
text = ''
#!${pkgs.runtimeShell}
- ${pkgs.iproute}/bin/ip route add default via "$5" dev "${pppInterface}" metric 512
+ ${pkgs.iproute2}/bin/ip route add default via "$5" dev "${pppInterface}" metric 512
'';
mode = "0555";
};
diff --git a/hosts/vidhar/prometheus/default.nix b/hosts/vidhar/prometheus/default.nix
index 7ac86c30..8e5ff0ea 100644
--- a/hosts/vidhar/prometheus/default.nix
+++ b/hosts/vidhar/prometheus/default.nix
@@ -61,9 +61,12 @@ in {
};
apcupsd.enable = true;
systemd = {
- enable = true;
+ enable = false; # TODO
extraFlags = [
- "--collector.unit-whitelist=(dhcpcd-dsl|pppd-telekom|corerad|ndppd)\.service"
+ "--systemd.collector.unit-include=(dhcpcd-dsl|pppd-telekom|corerad|ndppd)\.service"
+ "--systemd.collector.enable-restart-count"
+ "--systemd.collector.enable-file-descriptor-size"
+ "--systemd.collector.enable-ip-accounting"
];
};
blackbox = {
--
cgit v1.2.3