{ flake, config, lib, pkgs, ... }: { imports = [ ./dsl.nix ./bifrost ]; config = { networking = { hostName = "vidhar"; domain = "yggdrasil"; search = [ "yggdrasil" ]; useDHCP = false; useNetworkd = true; interfaces."lan" = { ipv4.addresses = [ { address = "10.141.0.1"; prefixLength = 24; } ]; }; interfaces."mgmt" = { ipv4.addresses = [ { address = "10.141.1.1"; prefixLength = 24; } ]; }; interfaces."dmz01" = { ipv4.addresses = [ { address = "10.141.2.1"; prefixLength = 24; } ]; }; vlans = { mgmt = { id = 2; interface = "eno2"; }; lan = { id = 3; interface = "eno2"; }; dmz01 = { id = 4; interface = "eno2"; }; }; firewall.enable = false; nftables = { enable = true; rulesetFile = ./ruleset.nft; }; }; services.resolved = { llmnr = "false"; }; services.kea = { dhcp4 = { enable = true; settings = { valid-lifetime = 4000; rebind-timer = 2000; renew-timer = 1000; interfaces-config = { interfaces = [ "lan" "mgmt" ]; }; lease-database = { name = "/var/lib/kea/dhcp4.leases"; persist = true; type = "memfile"; }; client-classes = [ { name = "ipxe"; test = "option[77].hex == 'iPXE'"; next-server = "10.141.0.1"; boot-file-name = "netboot.ipxe"; only-if-required = true; } { name = "uefi-64"; test = "substring(option[60].hex,0,20) == 'PXEClient:Arch:00007' or substring(option[60].hex,0,20) == 'PXEClient:Arch:00008' or substring(option[60].hex,0,20) == 'PXEClient:Arch:00009'"; only-if-required = true; option-data = [ { name = "tftp-server-name"; data = "10.141.0.1"; } ]; boot-file-name = "ipxe.efi"; } { name = "legacy"; test = "substring(option[60].hex,0,20) == 'PXEClient:Arch:00000'"; only-if-required = true; option-data = [ { name = "tftp-server-name"; data = "10.141.0.1"; } ]; boot-file-name = "undionly.kpxe"; } ]; subnet4 = [ { subnet = "10.141.0.0/24"; option-data = [ { name = "domain-name-servers"; data = "10.141.0.1"; } { name = "broadcast-address"; data = "10.141.0.255"; } { name = "routers"; data = "10.141.0.1"; } { name = "domain-name"; data = "yggdrasil"; } ]; pools = [ { pool = "10.141.0.128 - 10.141.0.254"; } ]; reservations = []; require-client-classes = ["ipxe" "uefi-64" "legacy"]; } { subnet = "10.141.1.0/24"; option-data = [ { name = "domain-name-servers"; data = "10.141.1.1"; } { name = "broadcast-address"; data = "10.141.1.255"; } ]; pools = [ { pool = "10.141.1.128 - 10.141.1.254"; } ]; reservations = [ { hostname = "switch01"; hw-address = "60:a4:b7:53:94:b5"; ip-address = "10.141.1.2"; } { hostname = "ap01"; hw-address = "74:ac:b9:29:ad:9a"; ip-address = "10.141.1.4"; } ]; } { subnet = "10.141.2.0/24"; option-data = [ { name = "domain-name-servers"; data = "10.141.2.1"; } { name = "broadcast-address"; data = "10.141.2.255"; } { name = "routers"; data = "10.141.2.1"; } ]; pools = [ { pool = "10.141.2.128 - 10.141.2.254"; } ]; reservations = []; } ]; }; }; dhcp6 = { enable = true; settings = { interfaces-config = { interfaces = [ "lan" ]; }; lease-database = { name = "/var/lib/kea/dhcp6.leases"; persist = true; type = "memfile"; }; }; }; }; systemd.network.networks = { "eno1" = { matchConfig.Name = "eno1"; linkConfig = { ActivationPolicy = "down"; }; }; "eno2" = { matchConfig.Name = "eno2"; networkConfig.LinkLocalAddressing = "no"; }; }; systemd.services."installer-atftpd" = { description = "TFTP Server for PXE Booting NixOS Installer"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; serviceConfig.ExecStart = let installerBuild = flake.nixosConfigurations.installer-x86_64-linux-netboot.config.system.build; tftpRoot = pkgs.runCommandLocal "installer-netboot" {} '' mkdir -p $out install -m 0444 -t $out \ ${installerBuild.netbootRamdisk}/initrd \ ${installerBuild.kernel}/bzImage \ ${installerBuild.netbootIpxeScript}/netboot.ipxe \ ${pkgs.ipxe}/ipxe.efi ${pkgs.ipxe}/undionly.kpxe ''; in "${pkgs.atftp}/sbin/atftpd --daemon --no-fork --bind-address=10.141.0.1 ${tftpRoot}"; }; }; }