nfs: prevent clients from going AWOL

1 day ago · 6309c1b2f0
4 changed files with 74 additions and 38 deletions
--- a/clients.nix
+++ b/clients.nix
@ -1,28 +1,28 @@
 {
-  "00" = { ip = "10.33.65.100"; mac = "24:4B:FE:AD:40:AE"; };
-  "01" = { ip = "10.33.65.101"; mac = "24:4B:FE:AD:3E:8E"; };
-  "02" = { ip = "10.33.65.102"; mac = "24:4B:FE:AD:3E:8F"; };
-  "03" = { ip = "10.33.65.103"; mac = "24:4B:FE:AD:3E:90"; };
-  "04" = { ip = "10.33.65.104"; mac = "24:4B:FE:AD:3E:91"; };
-  "05" = { ip = "10.33.65.105"; mac = "24:4B:FE:AD:3E:92"; };
-  "06" = { ip = "10.33.65.106"; mac = "24:4B:FE:AD:3E:93"; };
-  "07" = { ip = "10.33.65.107"; mac = "24:4B:FE:AD:3E:94"; };
-  "08" = { ip = "10.33.65.108"; mac = "24:4B:FE:AD:3E:95"; };
-  "09" = { ip = "10.33.65.109"; mac = "24:4B:FE:AD:3E:96"; };
-  "10" = { ip = "10.33.65.110"; mac = "24:4B:FE:AD:3F:B0"; };
-  "11" = { ip = "10.33.65.111"; mac = "24:4B:FE:AD:3F:B1"; };
-  "12" = { ip = "10.33.65.112"; mac = "24:4B:FE:AD:3F:B2"; };
-  "13" = { ip = "10.33.65.113"; mac = "24:4B:FE:AD:3F:B3"; };
-  "14" = { ip = "10.33.65.114"; mac = "24:4B:FE:AD:3F:B4"; };
-  "15" = { ip = "10.33.65.115"; mac = "24:4B:FE:AD:3F:B5"; };
-  "16" = { ip = "10.33.65.116"; mac = "24:4B:FE:AD:3F:B6"; };
-  "17" = { ip = "10.33.65.117"; mac = "24:4B:FE:AD:3F:B7"; };
-  "18" = { ip = "10.33.65.118"; mac = "24:4B:FE:AD:3F:B8"; };
-  "19" = { ip = "10.33.65.119"; mac = "24:4B:FE:AD:3F:B9"; };
-  "20" = { ip = "10.33.65.120"; mac = "3C:7C:3F:41:1D:B6"; };
-  "21" = { ip = "10.33.65.121"; mac = "3C:7C:3F:41:1D:B7"; };
-  "22" = { ip = "10.33.65.122"; mac = "3C:7C:3F:41:1D:B9"; };
-  "23" = { ip = "10.33.65.123"; mac = "3C:7C:3F:41:1D:BA"; };
-  "24" = { ip = "10.33.65.124"; mac = "3C:7C:3F:41:1D:BC"; };
+  "00" = { ip = "10.33.65.100"; mac = "24:4B:FE:AD:40:AE"; wol = "b4:2e:99:f6:f2:c2"; };
+  "01" = { ip = "10.33.65.101"; mac = "24:4B:FE:AD:3E:8E"; wol = "b4:2e:99:f6:8a:54"; };
+  "02" = { ip = "10.33.65.102"; mac = "24:4B:FE:AD:3E:8F"; wol = "b4:2e:99:f6:f4:28"; };
+  "03" = { ip = "10.33.65.103"; mac = "24:4B:FE:AD:3E:90"; wol = "b4:2e:99:f6:f2:ff"; };
+  "04" = { ip = "10.33.65.104"; mac = "24:4B:FE:AD:3E:91"; wol = "b4:2e:99:f6:f1:1c"; };
+  "05" = { ip = "10.33.65.105"; mac = "24:4B:FE:AD:3E:92"; wol = "b4:2e:99:f6:f4:2d"; };
+  "06" = { ip = "10.33.65.106"; mac = "24:4B:FE:AD:3E:93"; wol = "b4:2e:99:f6:f1:f3"; };
+  "07" = { ip = "10.33.65.107"; mac = "24:4B:FE:AD:3E:94"; wol = "b4:2e:99:f6:f4:24"; };
+  "08" = { ip = "10.33.65.108"; mac = "24:4B:FE:AD:3E:95"; wol = "b4:2e:99:f6:f1:f3"; };
+  "09" = { ip = "10.33.65.109"; mac = "24:4B:FE:AD:3E:96"; wol = "b4:2e:99:f6:88:e3"; };
+  "10" = { ip = "10.33.65.110"; mac = "24:4B:FE:AD:3F:B0"; wol = "b4:2e:99:f6:f2:ec"; };
+  "11" = { ip = "10.33.65.111"; mac = "24:4B:FE:AD:3F:B1"; wol = "b4:2e:99:f6:f4:01"; };
+  "12" = { ip = "10.33.65.112"; mac = "24:4B:FE:AD:3F:B2"; wol = "b4:2e:99:f6:f4:46"; };
+  "13" = { ip = "10.33.65.113"; mac = "24:4B:FE:AD:3F:B3"; wol = "b4:2e:99:f6:8a:56"; };
+  "14" = { ip = "10.33.65.114"; mac = "24:4B:FE:AD:3F:B4"; wol = "b4:2e:99:f6:f2:fa"; };
+  "15" = { ip = "10.33.65.115"; mac = "24:4B:FE:AD:3F:B5"; wol = "b4:2e:99:f6:f3:03"; };
+  "16" = { ip = "10.33.65.116"; mac = "24:4B:FE:AD:3F:B6"; wol = "b4:2e:99:f6:f3:0d"; };
+  "17" = { ip = "10.33.65.117"; mac = "24:4B:FE:AD:3F:B7"; wol = "b4:2e:99:f6:f4:27"; };
+  "18" = { ip = "10.33.65.118"; mac = "24:4B:FE:AD:3F:B8"; wol = "b4:2e:99:f0:ed:9e"; };
+  "19" = { ip = "10.33.65.119"; mac = "24:4B:FE:AD:3F:B9"; wol = "b4:2e:99:f6:f2:d3"; };
+  "20" = { ip = "10.33.65.120"; mac = "3C:7C:3F:41:1D:B6"; wol = "b4:2e:99:f6:f1:19"; };
+  "21" = { ip = "10.33.65.121"; mac = "3C:7C:3F:41:1D:B7"; wol = "b4:2e:99:f6:f4:1f"; };
+  "22" = { ip = "10.33.65.122"; mac = "3C:7C:3F:41:1D:B9"; wol = "b4:2e:99:f0:ee:06"; };
+  "23" = { ip = "10.33.65.123"; mac = "3C:7C:3F:41:1D:BA"; wol = "b4:2e:99:f6:f4:25"; };
+  "24" = { ip = "10.33.65.124"; mac = "3C:7C:3F:41:1D:BC"; wol = "b4:2e:99:f6:f2:27"; };
 }

--- a/machines/nfs/default.nix
+++ b/machines/nfs/default.nix
@ -5,6 +5,7 @@
    ./nfs.nix
    ./cache.nix
    ./netinstaller.nix
+    ./wol.nix
  ];

  deployment = {
--- a/machines/nfs/netinstaller.nix
+++ b/machines/nfs/netinstaller.nix
@ -1,6 +1,4 @@
-{ pkgs, lib, config, nodes, ... }:
-
-with lib;
+{ pkgs, config, nodes, ... }:

 let
  installer = pkgs.nixos [
@ -58,6 +56,7 @@ let
    sanboot -d 0x80 || goto err
  '';

+
 in
 {
  services.nginx = {
@ -73,20 +72,19 @@ in
    };
  };

-  services.pixiecore =
-    {
-      enable = true;
-      debug = true;
+  services.pixiecore = {
+    enable = true;
+    debug = true;

-      dhcpNoBind = true;
+    dhcpNoBind = true;

-      port = 5080;
+    port = 5080;

-      mode = "boot";
-      kernel = toString ipxe-script;
+    mode = "boot";
+    kernel = toString ipxe-script;

-      openFirewall = true;
-    };
+    openFirewall = true;
+  };

  networking.extraHosts = ''
    127.0.0.1 boot.${config.networking.domain}
--- a/machines/nfs/wol.nix
+++ b/machines/nfs/wol.nix
@ -0,0 +1,37 @@
+{ pkgs, lib, ... }:
+
+with lib;
+
+let
+  awol = pkgs.writers.writeBashBin "awol" ''
+    set -o errexit
+    set -o nounset
+    set -o pipefail
+    
+    ${concatMapStringsSep "\n\n"
+      ({ name, value }: ''
+        echo "Waking up client ${name}"
+        ${pkgs.wakelan}/bin/wakelan \
+          -b 10.32.44.255 \
+          -m '${value.wol}'
+      '')
+      (attrsToList (import ../../clients.nix))}
+  '';
+in
+{
+  users.users."root".packages = [
+    awol
+  ];
+
+  systemd.services."awol" = {
+    description = "Prevent nodes from going AWOL";
+
+    wants = [ "network.target" ];
+    after = [ "network.target" ];
+
+    script = "exec ${awol}/bin/awol";
+
+    startAt = "5 minutes";
+  };
+}
+