Dustin Frisch
1 week ago
No known key found for this signature in database
GPG Key ID: B4C3BF012D9B26BE
16 changed files with 271 additions and 104 deletions
-
3.gitignore
-
6TODO.md
-
22machines/installer/cache.nix
-
12machines/installer/default.nix
-
4machines/installer/hardware.nix
-
15machines/ldap/default.nix
-
33machines/ldap/hardware.nix
-
48machines/ldap/ldap.nix
-
6machines/ldap/secrets/ldap.tls.crt
-
6machines/ldap/secrets/ldap.tls.key
-
22machines/ldap/secrets/ldap.yaml
-
18machines/nfs/default.nix
-
125machines/nfs/dhcp.nix
-
32machines/nfs/hardware.nix
-
13shared/network.nix
-
10sops-config.nix
@ -1,11 +1,13 @@ |
|||||
# Tasks |
# Tasks |
||||
- Configure user env on client (using envfs?) |
- Configure user env on client (using envfs?) |
||||
- A fancy background image? |
|
||||
|
- Configure docker on client |
||||
- Make installer work |
- Make installer work |
||||
- Move ldap to subdomain |
- Move ldap to subdomain |
||||
- Switch to HS nameservers |
|
||||
- Check external SSH access |
- Check external SSH access |
||||
- Remove x-tools like xterm |
- Remove x-tools like xterm |
||||
|
- Quota per user on homedir |
||||
|
- Exim recovery |
||||
|
- A fancy background image? |
||||
|
|
||||
# Issuse |
# Issuse |
||||
- Cleartext password in sssd/ldap config |
- Cleartext password in sssd/ldap config |
||||
|
@ -0,0 +1,22 @@ |
|||||
|
{ config, ... }: |
||||
|
|
||||
|
{ |
||||
|
services.nix-serve = { |
||||
|
enable = true; |
||||
|
secretKeyFile = config.sops.secrets."cache/key".path; |
||||
|
}; |
||||
|
|
||||
|
services.nginx = { |
||||
|
enable = true; |
||||
|
virtualHosts."cache.${config.networking.domain}" = { |
||||
|
locations."/".proxyPass = with config.services.nix-serve; |
||||
|
"http://${bindAddress}:${port}"; |
||||
|
}; |
||||
|
}; |
||||
|
|
||||
|
sops.secrets."cache/key" = { |
||||
|
sopsFile = ./secrets/cache.key; |
||||
|
format = "binary"; |
||||
|
}; |
||||
|
} |
||||
|
|
@ -0,0 +1,125 @@ |
|||||
|
{ pkgs, config, ... }: |
||||
|
|
||||
|
{ |
||||
|
services.kea.dhcp4 = { |
||||
|
enable = true; |
||||
|
|
||||
|
settings = { |
||||
|
interfaces-config = { |
||||
|
interfaces = [ |
||||
|
"enp4s0f0" |
||||
|
"enp4s0f1" |
||||
|
]; |
||||
|
}; |
||||
|
|
||||
|
lease-database = { |
||||
|
name = "/var/lib/kea/dhcp4.leases"; |
||||
|
persist = true; |
||||
|
type = "memfile"; |
||||
|
}; |
||||
|
|
||||
|
rebind-timer = 2000; |
||||
|
renew-timer = 1000; |
||||
|
|
||||
|
subnet4 = [ |
||||
|
{ |
||||
|
subnet = "10.33.64.0/20"; |
||||
|
interface = "enp4s0f1"; |
||||
|
|
||||
|
pools = [ |
||||
|
{ |
||||
|
pool = "10.33.65.100 - 10.33.65.200"; |
||||
|
} |
||||
|
]; |
||||
|
|
||||
|
option-data = [ |
||||
|
{ |
||||
|
name = "routers"; |
||||
|
data = "10.33.64.1"; |
||||
|
} |
||||
|
|
||||
|
{ |
||||
|
name = "domain-name-servers"; |
||||
|
data = "10.0.0.53"; |
||||
|
} |
||||
|
|
||||
|
{ |
||||
|
name = "domain-name"; |
||||
|
data = config.networking.domain; |
||||
|
} |
||||
|
|
||||
|
{ |
||||
|
name = "domain-search"; |
||||
|
data = config.networking.domain; |
||||
|
} |
||||
|
]; |
||||
|
} |
||||
|
{ |
||||
|
subnet = "10.32.44.0/24"; |
||||
|
interface = "enp4s0f1"; |
||||
|
|
||||
|
pools = [ |
||||
|
{ |
||||
|
pool = "10.32.44.100 - 10.32.44.200"; |
||||
|
} |
||||
|
]; |
||||
|
|
||||
|
option-data = [ |
||||
|
{ |
||||
|
name = "routers"; |
||||
|
data = "10.32.44.1"; |
||||
|
} |
||||
|
|
||||
|
{ |
||||
|
name = "domain-name-servers"; |
||||
|
data = "10.0.0.53"; |
||||
|
} |
||||
|
|
||||
|
{ |
||||
|
name = "domain-name"; |
||||
|
data = config.networking.domain; |
||||
|
} |
||||
|
|
||||
|
{ |
||||
|
name = "domain-search"; |
||||
|
data = config.networking.domain; |
||||
|
} |
||||
|
]; |
||||
|
} |
||||
|
]; |
||||
|
|
||||
|
valid-lifetime = 4000; |
||||
|
}; |
||||
|
}; |
||||
|
|
||||
|
networking.firewall.allowedUDPPorts = [ |
||||
|
67 |
||||
|
68 # DHCP |
||||
|
]; |
||||
|
|
||||
|
services.pixiecore = |
||||
|
let |
||||
|
script = pkgs.writeText "boot-local.ipxe" '' |
||||
|
#!ipxe |
||||
|
|
||||
|
sleep 2 |
||||
|
|
||||
|
sanboot -n -d 0x80 |
||||
|
|
||||
|
shell |
||||
|
''; |
||||
|
in |
||||
|
{ |
||||
|
enable = true; |
||||
|
|
||||
|
dhcpNoBind = true; |
||||
|
|
||||
|
port = 5080; |
||||
|
|
||||
|
mode = "boot"; |
||||
|
kernel = toString script; |
||||
|
|
||||
|
openFirewall = true; |
||||
|
}; |
||||
|
} |
||||
|
|
Write
Preview
Loading…
Cancel
Save
Reference in new issue