Flakify dhcp
This commit is contained in:
parent
7126d09546
commit
709d8e278e
|
@ -76,6 +76,11 @@ This does not work yet, as the nixos-system-x86_64-linux.tar.xz image is broken.
|
||||||
nixops deploy -d hq --check --include=[hostname]
|
nixops deploy -d hq --check --include=[hostname]
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Tarballs can be built for containers using `config.system.build.tarball`.
|
||||||
|
```
|
||||||
|
nix build c3d2#nixosConfigurations.dhcp.config.system.build.tarball
|
||||||
|
```
|
||||||
|
|
||||||
## Mit `nixos-switch rebuild`
|
## Mit `nixos-switch rebuild`
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
|
|
|
@ -38,13 +38,12 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"secrets": {
|
"secrets": {
|
||||||
"flake": false,
|
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1607473285,
|
"lastModified": 1614162961,
|
||||||
"narHash": "sha256-cnilic++Xa2RB8krfNe0/ndZ6jFo2FQWIq8YrZ1pWrE=",
|
"narHash": "sha256-mWZ8TPGmjIh4GYMvUPbMCa7F7UPWzsD0R3B7YOrgvlI=",
|
||||||
"ref": "master",
|
"ref": "master",
|
||||||
"rev": "0efb7df81d358c033a72fcc0c65016ff86f54858",
|
"rev": "326cb89e8d82ab9cb5180eb2cedc6ba72ca8a7b8",
|
||||||
"revCount": 76,
|
"revCount": 77,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git"
|
"url": "ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git"
|
||||||
},
|
},
|
||||||
|
|
20
flake.nix
20
flake.nix
|
@ -3,10 +3,7 @@
|
||||||
|
|
||||||
inputs = {
|
inputs = {
|
||||||
nixpkgs.url = "github:nixos/nixpkgs/release-20.09";
|
nixpkgs.url = "github:nixos/nixpkgs/release-20.09";
|
||||||
secrets = {
|
secrets.url = "git+ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git";
|
||||||
url = "git+ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git";
|
|
||||||
flake = false;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = { self, nixpkgs, secrets, nixos-hardware }:
|
outputs = { self, nixpkgs, secrets, nixos-hardware }:
|
||||||
|
@ -14,13 +11,14 @@
|
||||||
forAllSystems = f:
|
forAllSystems = f:
|
||||||
nixpkgs.lib.genAttrs [ "aarch64-linux" "x86_64-linux" ]
|
nixpkgs.lib.genAttrs [ "aarch64-linux" "x86_64-linux" ]
|
||||||
(system: f system);
|
(system: f system);
|
||||||
|
|
||||||
|
hostRegistry = import ./host-registry.nix;
|
||||||
in {
|
in {
|
||||||
|
|
||||||
inherit (nixpkgs) legacyPackages;
|
inherit (nixpkgs) legacyPackages;
|
||||||
|
|
||||||
packages = forAllSystems (system:
|
packages = forAllSystems (system:
|
||||||
let
|
let
|
||||||
hostRegistry = import ./host-registry.nix;
|
|
||||||
pkgs = self.legacyPackages.${system};
|
pkgs = self.legacyPackages.${system};
|
||||||
mkDeploy =
|
mkDeploy =
|
||||||
# Generate a small script for copying this flake to the
|
# Generate a small script for copying this flake to the
|
||||||
|
@ -42,6 +40,8 @@
|
||||||
# TODO: check if the ethernet address is reachable and if not,
|
# TODO: check if the ethernet address is reachable and if not,
|
||||||
# execute wol on a machine in HQ.
|
# execute wol on a machine in HQ.
|
||||||
in {
|
in {
|
||||||
|
dhcp-nixos-rebuild = mkDeploy "dhcp" hostRegistry.hosts.dhcp.ip4;
|
||||||
|
|
||||||
glotzbert-nixos-rebuild = mkDeploy "glotzbert" "glotzbert.hq.c3d2.de";
|
glotzbert-nixos-rebuild = mkDeploy "glotzbert" "glotzbert.hq.c3d2.de";
|
||||||
glotzbert-wake = mkWake "glotzbert";
|
glotzbert-wake = mkWake "glotzbert";
|
||||||
|
|
||||||
|
@ -54,6 +54,7 @@
|
||||||
# Our custom NixOS builder
|
# Our custom NixOS builder
|
||||||
{ ... }@args:
|
{ ... }@args:
|
||||||
nixpkgs.lib.nixosSystem (args // {
|
nixpkgs.lib.nixosSystem (args // {
|
||||||
|
extraArgs = { inherit hostRegistry; };
|
||||||
extraModules = [
|
extraModules = [
|
||||||
self.nixosModules.c3d2
|
self.nixosModules.c3d2
|
||||||
({ pkgs, ... }: {
|
({ pkgs, ... }: {
|
||||||
|
@ -66,6 +67,15 @@
|
||||||
});
|
});
|
||||||
in {
|
in {
|
||||||
|
|
||||||
|
dhcp = nixosSystem' {
|
||||||
|
modules = [
|
||||||
|
./hosts/containers/dhcp
|
||||||
|
secrets.nixosModules.admins
|
||||||
|
secrets.nixosModules.dhcp
|
||||||
|
];
|
||||||
|
system = "x86_64-linux";
|
||||||
|
};
|
||||||
|
|
||||||
glotzbert = nixosSystem' {
|
glotzbert = nixosSystem' {
|
||||||
modules = [
|
modules = [
|
||||||
./hosts/glotzbert
|
./hosts/glotzbert
|
||||||
|
|
|
@ -2,7 +2,11 @@
|
||||||
|
|
||||||
rec {
|
rec {
|
||||||
hosts = {
|
hosts = {
|
||||||
adc = { };
|
dhcp = {
|
||||||
|
ip4 = "172.22.99.254";
|
||||||
|
publicKey =
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPUrz1JqoyYm4zITHgUbhKCYV6wcE6qMcTjKSLAVlVyf";
|
||||||
|
};
|
||||||
grafana.publicKey =
|
grafana.publicKey =
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPFB9fo01jzr2upEBEXiR7sSmeQoq9ll5Cf5/hjq5e4Y";
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPFB9fo01jzr2upEBEXiR7sSmeQoq9ll5Cf5/hjq5e4Y";
|
||||||
scrape = { };
|
scrape = { };
|
||||||
|
|
|
@ -1,44 +0,0 @@
|
||||||
{ config, pkgs, lib, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
../../../lib/lxc-container.nix
|
|
||||||
../../../lib/shared.nix
|
|
||||||
../../../lib/admins.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
networking.hostName = "dhcp";
|
|
||||||
networking.defaultGateway = "172.22.99.1";
|
|
||||||
networking.nameservers =
|
|
||||||
[ "172.20.73.8" "172.20.72.6" "172.20.72.10" "9.9.9.9" ];
|
|
||||||
networking.useDHCP = false;
|
|
||||||
networking.interfaces.eth0 = {
|
|
||||||
ipv4.addresses = [{
|
|
||||||
address = "172.22.99.254";
|
|
||||||
prefixLength = 24;
|
|
||||||
}];
|
|
||||||
useDHCP = lib.mkForce false;
|
|
||||||
};
|
|
||||||
|
|
||||||
# List packages installed in system profile. To search, run:
|
|
||||||
# $ nix search wget
|
|
||||||
environment.systemPackages = with pkgs; [ vim ];
|
|
||||||
|
|
||||||
# dhcp
|
|
||||||
networking.firewall.allowedUDPPorts = [ 67 68 ];
|
|
||||||
|
|
||||||
services.dhcpd4 = {
|
|
||||||
enable = true;
|
|
||||||
interfaces = [ "eth0" ];
|
|
||||||
extraConfig = ''
|
|
||||||
authoritative;
|
|
||||||
|
|
||||||
'' + builtins.readFile ../../../secrets/hosts/dhcp/config;
|
|
||||||
};
|
|
||||||
|
|
||||||
# This value determines the NixOS release with which your system is to be
|
|
||||||
# compatible, in order to avoid breaking some software such as database
|
|
||||||
# servers. You should change this only after NixOS release notes say you
|
|
||||||
# should.
|
|
||||||
system.stateVersion = "18.09"; # Did you read the comment?
|
|
||||||
}
|
|
|
@ -0,0 +1,32 @@
|
||||||
|
{ config, pkgs, lib, hostRegistry, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [ ../../../lib/lxc-container.nix ../../../lib/shared.nix ];
|
||||||
|
|
||||||
|
c3d2 = {
|
||||||
|
isInHq = true;
|
||||||
|
hq.interface = "eth0";
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.hostName = "dhcp";
|
||||||
|
networking.defaultGateway = "172.22.99.1";
|
||||||
|
networking.interfaces.eth0 = {
|
||||||
|
ipv4.addresses = [{
|
||||||
|
address = hostRegistry.hosts.dhcp.ip4;
|
||||||
|
prefixLength = 24;
|
||||||
|
}];
|
||||||
|
useDHCP = lib.mkForce false;
|
||||||
|
};
|
||||||
|
|
||||||
|
# dhcp
|
||||||
|
networking.firewall.allowedUDPPorts = [ 67 68 ];
|
||||||
|
|
||||||
|
services.dhcpd4 = {
|
||||||
|
enable = true;
|
||||||
|
interfaces = [ config.c3d2.hq.interface ];
|
||||||
|
authoritative = true;
|
||||||
|
# the leases are defined in the secrets module imported
|
||||||
|
# at the top-level of this flake
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
|
@ -101,7 +101,7 @@ in {
|
||||||
config = let
|
config = let
|
||||||
cfg = config.c3d2;
|
cfg = config.c3d2;
|
||||||
hostRegistry = import ../host-registry.nix;
|
hostRegistry = import ../host-registry.nix;
|
||||||
mkIfIsInHq = lib.mkIf cfg.isInHq;
|
mkIfIsInHq = x: lib.mkIf cfg.isInHq (lib.mkDefault x);
|
||||||
in {
|
in {
|
||||||
# Configuration specific to this machine
|
# Configuration specific to this machine
|
||||||
|
|
||||||
|
|
|
@ -20,7 +20,7 @@
|
||||||
|
|
||||||
networking.interfaces.eth0 = {
|
networking.interfaces.eth0 = {
|
||||||
useDHCP = false;
|
useDHCP = false;
|
||||||
preferTempAddress = false;
|
tempAddress = "disabled";
|
||||||
};
|
};
|
||||||
systemd.network.networks."40-eth0" = {
|
systemd.network.networks."40-eth0" = {
|
||||||
networkConfig = {
|
networkConfig = {
|
||||||
|
|
Loading…
Reference in New Issue