Flakify dhcp

This commit is contained in:
Emery Hemingway 2021-02-24 11:52:19 +01:00
parent 7126d09546
commit 709d8e278e
8 changed files with 63 additions and 57 deletions

View File

@ -76,6 +76,11 @@ This does not work yet, as the nixos-system-x86_64-linux.tar.xz image is broken.
nixops deploy -d hq --check --include=[hostname]
```
Tarballs can be built for containers using `config.system.build.tarball`.
```
nix build c3d2#nixosConfigurations.dhcp.config.system.build.tarball
```
## Mit `nixos-switch rebuild`
```shell

View File

@ -38,13 +38,12 @@
}
},
"secrets": {
"flake": false,
"locked": {
"lastModified": 1607473285,
"narHash": "sha256-cnilic++Xa2RB8krfNe0/ndZ6jFo2FQWIq8YrZ1pWrE=",
"lastModified": 1614162961,
"narHash": "sha256-mWZ8TPGmjIh4GYMvUPbMCa7F7UPWzsD0R3B7YOrgvlI=",
"ref": "master",
"rev": "0efb7df81d358c033a72fcc0c65016ff86f54858",
"revCount": 76,
"rev": "326cb89e8d82ab9cb5180eb2cedc6ba72ca8a7b8",
"revCount": 77,
"type": "git",
"url": "ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git"
},

View File

@ -3,10 +3,7 @@
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/release-20.09";
secrets = {
url = "git+ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git";
flake = false;
};
secrets.url = "git+ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git";
};
outputs = { self, nixpkgs, secrets, nixos-hardware }:
@ -14,13 +11,14 @@
forAllSystems = f:
nixpkgs.lib.genAttrs [ "aarch64-linux" "x86_64-linux" ]
(system: f system);
hostRegistry = import ./host-registry.nix;
in {
inherit (nixpkgs) legacyPackages;
packages = forAllSystems (system:
let
hostRegistry = import ./host-registry.nix;
pkgs = self.legacyPackages.${system};
mkDeploy =
# Generate a small script for copying this flake to the
@ -42,6 +40,8 @@
# TODO: check if the ethernet address is reachable and if not,
# execute wol on a machine in HQ.
in {
dhcp-nixos-rebuild = mkDeploy "dhcp" hostRegistry.hosts.dhcp.ip4;
glotzbert-nixos-rebuild = mkDeploy "glotzbert" "glotzbert.hq.c3d2.de";
glotzbert-wake = mkWake "glotzbert";
@ -54,6 +54,7 @@
# Our custom NixOS builder
{ ... }@args:
nixpkgs.lib.nixosSystem (args // {
extraArgs = { inherit hostRegistry; };
extraModules = [
self.nixosModules.c3d2
({ pkgs, ... }: {
@ -66,6 +67,15 @@
});
in {
dhcp = nixosSystem' {
modules = [
./hosts/containers/dhcp
secrets.nixosModules.admins
secrets.nixosModules.dhcp
];
system = "x86_64-linux";
};
glotzbert = nixosSystem' {
modules = [
./hosts/glotzbert

View File

@ -2,7 +2,11 @@
rec {
hosts = {
adc = { };
dhcp = {
ip4 = "172.22.99.254";
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPUrz1JqoyYm4zITHgUbhKCYV6wcE6qMcTjKSLAVlVyf";
};
grafana.publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPFB9fo01jzr2upEBEXiR7sSmeQoq9ll5Cf5/hjq5e4Y";
scrape = { };

View File

@ -1,44 +0,0 @@
{ config, pkgs, lib, ... }:
{
imports = [
../../../lib/lxc-container.nix
../../../lib/shared.nix
../../../lib/admins.nix
];
networking.hostName = "dhcp";
networking.defaultGateway = "172.22.99.1";
networking.nameservers =
[ "172.20.73.8" "172.20.72.6" "172.20.72.10" "9.9.9.9" ];
networking.useDHCP = false;
networking.interfaces.eth0 = {
ipv4.addresses = [{
address = "172.22.99.254";
prefixLength = 24;
}];
useDHCP = lib.mkForce false;
};
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [ vim ];
# dhcp
networking.firewall.allowedUDPPorts = [ 67 68 ];
services.dhcpd4 = {
enable = true;
interfaces = [ "eth0" ];
extraConfig = ''
authoritative;
'' + builtins.readFile ../../../secrets/hosts/dhcp/config;
};
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "18.09"; # Did you read the comment?
}

View File

@ -0,0 +1,32 @@
{ config, pkgs, lib, hostRegistry, ... }:
{
imports = [ ../../../lib/lxc-container.nix ../../../lib/shared.nix ];
c3d2 = {
isInHq = true;
hq.interface = "eth0";
};
networking.hostName = "dhcp";
networking.defaultGateway = "172.22.99.1";
networking.interfaces.eth0 = {
ipv4.addresses = [{
address = hostRegistry.hosts.dhcp.ip4;
prefixLength = 24;
}];
useDHCP = lib.mkForce false;
};
# dhcp
networking.firewall.allowedUDPPorts = [ 67 68 ];
services.dhcpd4 = {
enable = true;
interfaces = [ config.c3d2.hq.interface ];
authoritative = true;
# the leases are defined in the secrets module imported
# at the top-level of this flake
};
}

View File

@ -101,7 +101,7 @@ in {
config = let
cfg = config.c3d2;
hostRegistry = import ../host-registry.nix;
mkIfIsInHq = lib.mkIf cfg.isInHq;
mkIfIsInHq = x: lib.mkIf cfg.isInHq (lib.mkDefault x);
in {
# Configuration specific to this machine

View File

@ -20,7 +20,7 @@
networking.interfaces.eth0 = {
useDHCP = false;
preferTempAddress = false;
tempAddress = "disabled";
};
systemd.network.networks."40-eth0" = {
networkConfig = {