Browse Source

fix various things

main
Dustin Frisch 5 days ago
parent
commit
1203f49d00
No known key found for this signature in database GPG Key ID: B4C3BF012D9B26BE
  1. 16
      TODO.md
  2. 4
      client/default.nix
  3. 17
      client/desktop.nix
  4. 11
      client/hardware.nix
  5. 12
      client/users.nix
  6. 41
      clients.nix
  7. 19
      machines/nfs/dhcp.nix
  8. 2
      machines/nfs/netinstaller.nix

16
TODO.md

@ -1,17 +1,15 @@
# Tasks
- Lock installer shells
- Allow multiple users to log-in
- Check external SSH access
- Exim recovery
- Quota per user on homedir
- Configure user env on client (using envfs?)
- Make installer work
- Move ldap to subdomain
- Check external SSH access
- Remove x-tools like xterm
- Quota per user on homedir
- Exim recovery
- A fancy background image?
- Client Requirements:
- docker + docker-compose [name=könig]
- rstudio [name=james]
- quarto [name=james]
- miniconda [name=james]
# Issuse
- Cleartext password in sssd/ldap config

4
client/default.nix

@ -23,7 +23,7 @@ in
];
deployment = optionalAttrs (client != null) {
inherit (client) targetHost;
targetHost = client.ip;
tags = [ "client" ];
};
@ -37,7 +37,7 @@ in
then "client-${id}"
else "client");
useDHCP = mkForce true;
#useDHCP = mkForce true;
};
services.hardware.bolt.enable = true;

17
client/desktop.nix

@ -1,4 +1,6 @@
{ pkgs, ... }:
{ pkgs, lib, ... }:
with lib;
{
services = {
@ -61,8 +63,17 @@
"org/gnome/desktop/wm/keybindings".close = [ "<Super>q" ];
"org/gnome/settings-daemon/plugins/power".power-button-action = "shutdown";
"org/gnome/settings-daemon/plugins/power".sleep-inactive-ac-type = "nothing";
"org/gnome/desktop/session".idle-delay = gvariant.mkUint32 180;
"org/gnome/desktop/screensaver".lock-delay = gvariant.mkUint32 0;
# Prevent hibernation
"org/gnome/settings-daemon/plugins/power".power-button-action = "nothing";
"org/gnome/settings-daemon/plugins/power".sleep-inactive-ac-type = "logout";
"org/gnome/settings-daemon/plugins/power".sleep-inactive-ac-timeout = "900";
# Allow to switch users
"org/gnome/desktop/lockdown".disable-user-switching = false;
"org/gnome/desktop/screensaver".user-switch-enabled = true;
};
}
];

11
client/hardware.nix

@ -1,4 +1,4 @@
{ modulesPath, ... }:
{ config, modulesPath, ... }:
{
imports = [
@ -9,7 +9,14 @@
boot = {
loader = {
grub.enable = true;
grub = {
enable = true;
users = {
root = {
hashedPassword = "grub.pbkdf2.sha512.10000.BAB138AB1F53A06E0BAB70B376C16ECCC123824748A9AF6725D24C5947C69EF3CB9AF87FB9F549902BAFE42817B7C58897D9222106B7FC6ECC0C47C945D7471B.D8F6D170B10709A748084EDB1C41D9E92E1AB97D03954C57F310D68E7C07D63AFF8794EF5E263DDCDE663C4482664E70600E7043A77D03E97C7679DA51D35719";
};
};
};
};
consoleLogLevel = 3;

12
client/users.nix

@ -58,6 +58,8 @@ in
access_provider = ldap
auth_provider = ldap
cache_credentials = true
# TODO: ldap_uri = ldaps://ldap${config.networking.domain}/
ldap_uri = ldaps://ldap-linuxlab.informatik.hs-fulda.de/
ldap_search_base = ou=users,${baseDN}
@ -75,6 +77,16 @@ in
ldap_user_object_class = posixAccount
ldap_user_name = cn
ldap_search_timeout = 10
ldap_network_timeout = 10
ldap_deref_threshold = 0
ignore_group_members = true
subdomain_inherit = ignore_group_members
entry_negative_timeout = 3
override_gid = ${toString config.users.groups."users".gid}
cache_credentials = true

41
clients.nix

@ -1,19 +1,28 @@
{
"01" = {
mac = "";
};
"02" = {
mac = "";
};
"03" = {
mac = "";
};
"04" = {
mac = "";
};
"13" = {
targetHost = "10.33.65.113";
mac = "";
};
"00" = { ip = "10.33.65.100"; mac = "24:4B:FE:AD:40:AE"; };
"01" = { ip = "10.33.65.101"; mac = "24:4B:FE:AD:3E:8E"; };
"02" = { ip = "10.33.65.102"; mac = "24:4B:FE:AD:3E:8F"; };
"03" = { ip = "10.33.65.103"; mac = "24:4B:FE:AD:3E:90"; };
"04" = { ip = "10.33.65.104"; mac = "24:4B:FE:AD:3E:91"; };
"05" = { ip = "10.33.65.105"; mac = "24:4B:FE:AD:3E:92"; };
"06" = { ip = "10.33.65.106"; mac = "24:4B:FE:AD:3E:93"; };
"07" = { ip = "10.33.65.107"; mac = "24:4B:FE:AD:3E:94"; };
"08" = { ip = "10.33.65.108"; mac = "24:4B:FE:AD:3E:95"; };
"09" = { ip = "10.33.65.109"; mac = "24:4B:FE:AD:3E:96"; };
"10" = { ip = "10.33.65.110"; mac = "24:4B:FE:AD:3F:B0"; };
"11" = { ip = "10.33.65.111"; mac = "24:4B:FE:AD:3F:B1"; };
"12" = { ip = "10.33.65.112"; mac = "24:4B:FE:AD:3F:B2"; };
"13" = { ip = "10.33.65.113"; mac = "24:4B:FE:AD:3F:B3"; };
"14" = { ip = "10.33.65.114"; mac = "24:4B:FE:AD:3F:B4"; };
"15" = { ip = "10.33.65.115"; mac = "24:4B:FE:AD:3F:B5"; };
"16" = { ip = "10.33.65.116"; mac = "24:4B:FE:AD:3F:B6"; };
"17" = { ip = "10.33.65.117"; mac = "24:4B:FE:AD:3F:B7"; };
"18" = { ip = "10.33.65.118"; mac = "24:4B:FE:AD:3F:B8"; };
"19" = { ip = "10.33.65.119"; mac = "24:4B:FE:AD:3F:B9"; };
"20" = { ip = "10.33.65.120"; mac = "3C:7C:3F:41:1D:B6"; };
"21" = { ip = "10.33.65.121"; mac = "3C:7C:3F:41:1D:B7"; };
"22" = { ip = "10.33.65.122"; mac = "3C:7C:3F:41:1D:B9"; };
"23" = { ip = "10.33.65.123"; mac = "3C:7C:3F:41:1D:BA"; };
"24" = { ip = "10.33.65.124"; mac = "3C:7C:3F:41:1D:BC"; };
}

19
machines/nfs/dhcp.nix

@ -1,5 +1,11 @@
{ pkgs, config, ... }:
{ lib, config, ... }:
with lib;
let
clients = import ../../clients.nix;
in
{
services.kea.dhcp4 = {
enable = true;
@ -23,6 +29,7 @@
subnet4 = [
{
id = 1;
subnet = "10.33.64.0/20";
interface = "enp4s0f0";
@ -53,8 +60,18 @@
data = config.networking.domain;
}
];
"reservations" = mapAttrsToList
(_: client: {
"hw-address" = strings.toLower client.mac;
"ip-address" = client.ip;
})
clients;
}
{
# This net is only used during PXE boot
id = 2;
subnet = "10.32.44.0/24";
interface = "enp4s0f1";

2
machines/nfs/netinstaller.nix

@ -28,7 +28,7 @@ let
--no-root-password \
--verbose
umount -R /mnt
${pkgs.util-linux}/bin/umount -R /mnt
reboot
'';

Loading…
Cancel
Save