From 709d8e278e19d3540f064d5956a558e1bae1c56c Mon Sep 17 00:00:00 2001
From: Emery Hemingway <ehmry@posteo.net>
Date: Wed, 24 Feb 2021 11:52:19 +0100
Subject: [PATCH] Flakify dhcp

---
 README.md                               |  5 +++
 flake.lock                              |  9 +++--
 flake.nix                               | 20 ++++++++---
 host-registry.nix                       |  6 +++-
 hosts/containers/dhcp/configuration.nix | 44 -------------------------
 hosts/containers/dhcp/default.nix       | 32 ++++++++++++++++++
 lib/default.nix                         |  2 +-
 lib/lxc-container.nix                   |  2 +-
 8 files changed, 63 insertions(+), 57 deletions(-)
 delete mode 100644 hosts/containers/dhcp/configuration.nix
 create mode 100644 hosts/containers/dhcp/default.nix

diff --git a/README.md b/README.md
index 953f5103..9d5babfb 100644
--- a/README.md
+++ b/README.md
@@ -76,6 +76,11 @@ This does not work yet, as the nixos-system-x86_64-linux.tar.xz image is broken.
     nixops deploy -d hq --check --include=[hostname]
     ```
 
+Tarballs can be built for containers using `config.system.build.tarball`.
+```
+nix build c3d2#nixosConfigurations.dhcp.config.system.build.tarball
+```
+
 ## Mit `nixos-switch rebuild`
 
 ```shell
diff --git a/flake.lock b/flake.lock
index 59629469..8f880fef 100644
--- a/flake.lock
+++ b/flake.lock
@@ -38,13 +38,12 @@
       }
     },
     "secrets": {
-      "flake": false,
       "locked": {
-        "lastModified": 1607473285,
-        "narHash": "sha256-cnilic++Xa2RB8krfNe0/ndZ6jFo2FQWIq8YrZ1pWrE=",
+        "lastModified": 1614162961,
+        "narHash": "sha256-mWZ8TPGmjIh4GYMvUPbMCa7F7UPWzsD0R3B7YOrgvlI=",
         "ref": "master",
-        "rev": "0efb7df81d358c033a72fcc0c65016ff86f54858",
-        "revCount": 76,
+        "rev": "326cb89e8d82ab9cb5180eb2cedc6ba72ca8a7b8",
+        "revCount": 77,
         "type": "git",
         "url": "ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git"
       },
diff --git a/flake.nix b/flake.nix
index 39e1f307..4f559019 100644
--- a/flake.nix
+++ b/flake.nix
@@ -3,10 +3,7 @@
 
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/release-20.09";
-    secrets = {
-      url = "git+ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git";
-      flake = false;
-    };
+    secrets.url = "git+ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git";
   };
 
   outputs = { self, nixpkgs, secrets, nixos-hardware }:
@@ -14,13 +11,14 @@
       forAllSystems = f:
         nixpkgs.lib.genAttrs [ "aarch64-linux" "x86_64-linux" ]
         (system: f system);
+
+      hostRegistry = import ./host-registry.nix;
     in {
 
       inherit (nixpkgs) legacyPackages;
 
       packages = forAllSystems (system:
         let
-          hostRegistry = import ./host-registry.nix;
           pkgs = self.legacyPackages.${system};
           mkDeploy =
             # Generate a small script for copying this flake to the
@@ -42,6 +40,8 @@
           # TODO: check if the ethernet address is reachable and if not,
           # execute wol on a machine in HQ.
         in {
+          dhcp-nixos-rebuild = mkDeploy "dhcp" hostRegistry.hosts.dhcp.ip4;
+
           glotzbert-nixos-rebuild = mkDeploy "glotzbert" "glotzbert.hq.c3d2.de";
           glotzbert-wake = mkWake "glotzbert";
 
@@ -54,6 +54,7 @@
           # Our custom NixOS builder
           { ... }@args:
           nixpkgs.lib.nixosSystem (args // {
+            extraArgs = { inherit hostRegistry; };
             extraModules = [
               self.nixosModules.c3d2
               ({ pkgs, ... }: {
@@ -66,6 +67,15 @@
           });
       in {
 
+        dhcp = nixosSystem' {
+          modules = [
+            ./hosts/containers/dhcp
+            secrets.nixosModules.admins
+            secrets.nixosModules.dhcp
+          ];
+          system = "x86_64-linux";
+        };
+
         glotzbert = nixosSystem' {
           modules = [
             ./hosts/glotzbert
diff --git a/host-registry.nix b/host-registry.nix
index 64555691..4b7bb7ee 100644
--- a/host-registry.nix
+++ b/host-registry.nix
@@ -2,7 +2,11 @@
 
 rec {
   hosts = {
-    adc = { };
+    dhcp = {
+      ip4 = "172.22.99.254";
+      publicKey =
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPUrz1JqoyYm4zITHgUbhKCYV6wcE6qMcTjKSLAVlVyf";
+    };
     grafana.publicKey =
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPFB9fo01jzr2upEBEXiR7sSmeQoq9ll5Cf5/hjq5e4Y";
     scrape = { };
diff --git a/hosts/containers/dhcp/configuration.nix b/hosts/containers/dhcp/configuration.nix
deleted file mode 100644
index 9e46d63f..00000000
--- a/hosts/containers/dhcp/configuration.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-{
-  imports = [
-    ../../../lib/lxc-container.nix
-    ../../../lib/shared.nix
-    ../../../lib/admins.nix
-  ];
-
-  networking.hostName = "dhcp";
-  networking.defaultGateway = "172.22.99.1";
-  networking.nameservers =
-    [ "172.20.73.8" "172.20.72.6" "172.20.72.10" "9.9.9.9" ];
-  networking.useDHCP = false;
-  networking.interfaces.eth0 = {
-    ipv4.addresses = [{
-      address = "172.22.99.254";
-      prefixLength = 24;
-    }];
-    useDHCP = lib.mkForce false;
-  };
-
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-  environment.systemPackages = with pkgs; [ vim ];
-
-  # dhcp
-  networking.firewall.allowedUDPPorts = [ 67 68 ];
-
-  services.dhcpd4 = {
-    enable = true;
-    interfaces = [ "eth0" ];
-    extraConfig = ''
-      authoritative;
-
-    '' + builtins.readFile ../../../secrets/hosts/dhcp/config;
-  };
-
-  # This value determines the NixOS release with which your system is to be
-  # compatible, in order to avoid breaking some software such as database
-  # servers. You should change this only after NixOS release notes say you
-  # should.
-  system.stateVersion = "18.09"; # Did you read the comment?
-}
diff --git a/hosts/containers/dhcp/default.nix b/hosts/containers/dhcp/default.nix
new file mode 100644
index 00000000..d98a041e
--- /dev/null
+++ b/hosts/containers/dhcp/default.nix
@@ -0,0 +1,32 @@
+{ config, pkgs, lib, hostRegistry, ... }:
+
+{
+  imports = [ ../../../lib/lxc-container.nix ../../../lib/shared.nix ];
+
+  c3d2 = {
+    isInHq = true;
+    hq.interface = "eth0";
+  };
+
+  networking.hostName = "dhcp";
+  networking.defaultGateway = "172.22.99.1";
+  networking.interfaces.eth0 = {
+    ipv4.addresses = [{
+      address = hostRegistry.hosts.dhcp.ip4;
+      prefixLength = 24;
+    }];
+    useDHCP = lib.mkForce false;
+  };
+
+  # dhcp
+  networking.firewall.allowedUDPPorts = [ 67 68 ];
+
+  services.dhcpd4 = {
+    enable = true;
+    interfaces = [ config.c3d2.hq.interface ];
+    authoritative = true;
+    # the leases are defined in the secrets module imported
+    # at the top-level of this flake
+  };
+
+}
diff --git a/lib/default.nix b/lib/default.nix
index 49dc3393..a322d809 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -101,7 +101,7 @@ in {
   config = let
     cfg = config.c3d2;
     hostRegistry = import ../host-registry.nix;
-    mkIfIsInHq = lib.mkIf cfg.isInHq;
+    mkIfIsInHq = x: lib.mkIf cfg.isInHq (lib.mkDefault x);
   in {
     # Configuration specific to this machine
 
diff --git a/lib/lxc-container.nix b/lib/lxc-container.nix
index c302876f..8defe5db 100644
--- a/lib/lxc-container.nix
+++ b/lib/lxc-container.nix
@@ -20,7 +20,7 @@
 
   networking.interfaces.eth0 = {
     useDHCP = false;
-    preferTempAddress = false;
+    tempAddress = "disabled";
   };
   systemd.network.networks."40-eth0" = {
     networkConfig = {