server10: init
This commit is contained in:
parent
b57fba4a09
commit
992ef4cad2
|
@ -512,11 +512,11 @@
|
||||||
"openwrt-imagebuilder": "openwrt-imagebuilder"
|
"openwrt-imagebuilder": "openwrt-imagebuilder"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1651782857,
|
"lastModified": 1652490131,
|
||||||
"narHash": "sha256-EPkyxja/JOwrQnzbbmpSmMRzR5Dsp1QQwBPCvFWqn3Y=",
|
"narHash": "sha256-lWB9YzE8VR7d+zBJlXcSPRonH08aSsidFMZn9HkRrQM=",
|
||||||
"ref": "master",
|
"ref": "master",
|
||||||
"rev": "52dbdc237abae93fc93ad9ca8b3d349c36989ad0",
|
"rev": "497cebb86d13fa5942ab0e9f1625ec98fe73b263",
|
||||||
"revCount": 1388,
|
"revCount": 1392,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://gitea.c3d2.de/zentralwerk/network.git"
|
"url": "https://gitea.c3d2.de/zentralwerk/network.git"
|
||||||
},
|
},
|
||||||
|
|
|
@ -539,6 +539,12 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
server10 = nixosSystem' {
|
||||||
|
modules = [
|
||||||
|
./hosts/server10
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
nixosModule = self.nixosModules.c3d2;
|
nixosModule = self.nixosModules.c3d2;
|
||||||
|
|
|
@ -119,4 +119,6 @@
|
||||||
|
|
||||||
# Hack
|
# Hack
|
||||||
rpi-netboot.ip4 = "127.0.0.1";
|
rpi-netboot.ip4 = "127.0.0.1";
|
||||||
|
|
||||||
|
server10.ip6 = "server10.cluster.zentralwerk.org";
|
||||||
}
|
}
|
||||||
|
|
41
hosts/server10/default.nix
Normal file
41
hosts/server10/default.nix
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[ # Include the results of the hardware scan.
|
||||||
|
./hardware-configuration.nix
|
||||||
|
./network.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
# Use the GRUB 2 boot loader.
|
||||||
|
boot.loader.grub.enable = true;
|
||||||
|
boot.loader.grub.version = 2;
|
||||||
|
# boot.loader.grub.efiSupport = true;
|
||||||
|
# boot.loader.grub.efiInstallAsRemovable = true;
|
||||||
|
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
|
||||||
|
# Define on which hard drive you want to install Grub.
|
||||||
|
boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
|
||||||
|
|
||||||
|
boot.kernelParams = [
|
||||||
|
"preempt=none"
|
||||||
|
# No server/router runs any untrusted user code
|
||||||
|
"mitigations=off"
|
||||||
|
];
|
||||||
|
|
||||||
|
networking.hostName = "server10"; # Define your hostname.
|
||||||
|
networking.hostId = "10101010";
|
||||||
|
|
||||||
|
networking.firewall = {
|
||||||
|
enable = true;
|
||||||
|
allowedTCPPorts = [ 22 ];
|
||||||
|
};
|
||||||
|
services.openssh.enable = true;
|
||||||
|
|
||||||
|
# This value determines the NixOS release from which the default
|
||||||
|
# settings for stateful data, like file locations and database versions
|
||||||
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
# this value at the release version of the first install of this system.
|
||||||
|
# Before changing this value read the documentation for this option
|
||||||
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
|
system.stateVersion = "21.11"; # Did you read the comment?
|
||||||
|
}
|
53
hosts/server10/hardware-configuration.nix
Normal file
53
hosts/server10/hardware-configuration.nix
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
boot.supportedFilesystems = [ "ext2" "zfs" ];
|
||||||
|
boot.zfs.devNodes = "/dev/";
|
||||||
|
|
||||||
|
fileSystems."/" =
|
||||||
|
{ device = "server10/nixos";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/nix" =
|
||||||
|
{ device = "server10/nixos/nix";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/nix/var" =
|
||||||
|
{ device = "server10/nixos/nix/var";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/nix/store" =
|
||||||
|
{ device = "server10/nixos/nix/store";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/var" =
|
||||||
|
{ device = "server10/nixos/var";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/home" =
|
||||||
|
{ device = "server10/home";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" =
|
||||||
|
{ device = "/dev/disk/by-uuid/b13a876b-2488-47a3-b9bd-3b03fbac6c85";
|
||||||
|
fsType = "ext2";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [ ];
|
||||||
|
|
||||||
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
}
|
117
hosts/server10/network.nix
Normal file
117
hosts/server10/network.nix
Normal file
|
@ -0,0 +1,117 @@
|
||||||
|
{ zentralwerk, config, lib, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
inherit (config.networking) hostName;
|
||||||
|
|
||||||
|
zwNets = zentralwerk.lib.config.site.net;
|
||||||
|
zwHostConfig = zentralwerk.lib.config.site.hosts.${hostName};
|
||||||
|
zwHostBridges = builtins.attrNames (
|
||||||
|
lib.filterAttrs (_: { type, ... }: type == "bridge")
|
||||||
|
zwHostConfig.interfaces
|
||||||
|
);
|
||||||
|
|
||||||
|
in
|
||||||
|
{
|
||||||
|
networking.useDHCP = false;
|
||||||
|
networking.useNetworkd = true;
|
||||||
|
|
||||||
|
boot.kernelParams = [
|
||||||
|
# Prevents automatic creation of interface bond0 by the kernel
|
||||||
|
"bonding.max_bonds=0"
|
||||||
|
];
|
||||||
|
|
||||||
|
systemd.network = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
netdevs = {
|
||||||
|
bond0.netdevConfig = {
|
||||||
|
Kind = "bond";
|
||||||
|
Name = "bond0";
|
||||||
|
};
|
||||||
|
# LACP
|
||||||
|
bond0.bondConfig.Mode = "802.3ad";
|
||||||
|
} // (
|
||||||
|
builtins.foldl' (result: net: result // {
|
||||||
|
# Bridges are named just like the corresponding net.
|
||||||
|
"${net}" = {
|
||||||
|
netdevConfig = {
|
||||||
|
Kind = "bridge";
|
||||||
|
Name = "${net}";
|
||||||
|
};
|
||||||
|
extraConfig = ''
|
||||||
|
[Bridge]
|
||||||
|
ForwardDelaySec=2
|
||||||
|
STP=true
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
# External VLAN interface
|
||||||
|
"ext-${net}" = {
|
||||||
|
netdevConfig = {
|
||||||
|
Kind = "vlan";
|
||||||
|
Name = "ext-${net}";
|
||||||
|
};
|
||||||
|
vlanConfig.Id = zwNets.${net}.vlan;
|
||||||
|
};
|
||||||
|
}) {} zwHostBridges
|
||||||
|
);
|
||||||
|
|
||||||
|
networks = {
|
||||||
|
en = {
|
||||||
|
# physical ethernet ports
|
||||||
|
matchConfig.Name = "en*";
|
||||||
|
networkConfig = {
|
||||||
|
Bond = "bond0";
|
||||||
|
LLDP = true;
|
||||||
|
EmitLLDP = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
bond0 = {
|
||||||
|
DHCP = "no";
|
||||||
|
matchConfig.Name = "bond0";
|
||||||
|
networkConfig = {
|
||||||
|
VLAN = map (net: "ext-${net}") zwHostBridges;
|
||||||
|
LinkLocalAddressing = "no";
|
||||||
|
LLDP = true;
|
||||||
|
EmitLLDP = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
} // (builtins.foldl' (result: net: result // {
|
||||||
|
"${net}" = {
|
||||||
|
matchConfig.Name = net;
|
||||||
|
networkConfig = {
|
||||||
|
LLDP = true;
|
||||||
|
EmitLLDP = true;
|
||||||
|
DHCP = "no";
|
||||||
|
} // (lib.optionalAttrs (! zwNets.${net}.hosts4 ? ${hostName})) {
|
||||||
|
# Disable all automatic addressing on bridges. It will delay
|
||||||
|
# networkd going into operational state.
|
||||||
|
LinkLocalAddressing = lib.mkDefault "no";
|
||||||
|
};
|
||||||
|
addresses =
|
||||||
|
let
|
||||||
|
netConfig = zwNets.${net};
|
||||||
|
address = netConfig.hosts4.${hostName};
|
||||||
|
prefixLen = netConfig.subnet4Len;
|
||||||
|
in
|
||||||
|
lib.optional (netConfig.hosts4 ? ${hostName}) {
|
||||||
|
addressConfig.Address = "${address}/${toString prefixLen}";
|
||||||
|
} ++
|
||||||
|
builtins.concatMap (hosts6:
|
||||||
|
lib.optional (hosts6 ? ${hostName}) {
|
||||||
|
addressConfig.Address = "${hosts6.${hostName}}/64";
|
||||||
|
}
|
||||||
|
) (builtins.attrValues netConfig.hosts6);
|
||||||
|
|
||||||
|
gateway = lib.optionals (net == "cluster") [
|
||||||
|
zwNets.cluster.hosts4.cls-gw
|
||||||
|
zwNets.cluster.hosts6.dn42.cls-gw
|
||||||
|
];
|
||||||
|
};
|
||||||
|
"ext-${net}" = {
|
||||||
|
matchConfig.Name = "ext-${net}";
|
||||||
|
# Attach eth*/bond0/VLAN to bridge
|
||||||
|
networkConfig.Bridge = net;
|
||||||
|
};
|
||||||
|
}) {} zwHostBridges);
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user