From 99bdbd6b597d692da750e839693acd58b1204e57 Mon Sep 17 00:00:00 2001
From: Victor <victor@xirion.net>
Date: Tue, 23 Nov 2021 14:26:40 +0100
Subject: [PATCH] nixos: add dhcp server

---
 flake.nix                          |  3 +-
 hosts.nix                          | 54 ++++++++++++++++++------------
 nixos/common/default.nix           |  4 +--
 nixos/hosts/dhcp/configuration.nix | 52 ++++++++++++++++++++++++++++
 4 files changed, 87 insertions(+), 26 deletions(-)
 create mode 100644 nixos/hosts/dhcp/configuration.nix

diff --git a/flake.nix b/flake.nix
index 6d38915..1f11e13 100644
--- a/flake.nix
+++ b/flake.nix
@@ -87,7 +87,6 @@
         ];
       };
 
-      checks = mapAttrs (system: deployLib: deployLib.deployChecks self.deploy)
-        deploy-rs.lib;
+      checks = mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
     };
 }
diff --git a/hosts.nix b/hosts.nix
index 310314e..4cdc700 100644
--- a/hosts.nix
+++ b/hosts.nix
@@ -7,23 +7,15 @@
     nix = false;
   }
   {
-    hostname = "nuc";
-    ip = "10.42.42.42";
-    mac = "1C:69:7A:62:30:88";
+    hostname = "unifi-ap";
+    ip = "10.42.42.2";
+    mac = "b4:fb:e4:f3:ff:1b";
     nix = false;
   }
   {
-    hostname = "LGwebOSTV";
-    ip = "10.42.42.13";
-    mac = "74:40:be:48:85:a4";
-    nix = false;
-  }
-  {
-    hostname = "home-assistant";
-    ip = "10.42.42.8";
-    ip6 = "2001:41f0:9639:1:bfe7:3fd9:75de:cbee";
-    mac = "74:40:be:48:85:a4";
-    nix = false;
+    hostname = "dhcp";
+    ip = "10.42.42.3";
+    mac = "3E:2D:E8:AA:E2:81";
   }
   {
     hostname = "bastion";
@@ -31,13 +23,6 @@
     mac = "82:F0:7C:CB:BD:6D";
     lxc = false;
   }
-  {
-    hostname = "k3s-node1";
-    profile = "k3s";
-    ip = "10.42.42.10";
-    mac = "2E:F8:55:23:D9:9B";
-    lxc = false;
-  }
   {
     hostname = "vault";
     ip = "10.42.42.6";
@@ -48,11 +33,31 @@
     ip = "10.42.42.7";
     mac = "C6:F9:8B:3D:9E:37";
   }
+  {
+    hostname = "home-assistant";
+    ip = "10.42.42.8";
+    ip6 = "2001:41f0:9639:1:bfe7:3fd9:75de:cbee";
+    mac = "74:40:be:48:85:a4";
+    nix = false;
+  }
   {
     hostname = "nginx";
     ip = "10.42.42.9";
     mac = "6A:C2:89:85:CF:A6";
   }
+  {
+    hostname = "k3s-node1";
+    profile = "k3s";
+    ip = "10.42.42.10";
+    mac = "2E:F8:55:23:D9:9B";
+    lxc = false;
+  }
+  {
+    hostname = "WoolooTV";
+    ip = "10.42.42.13";
+    mac = "74:40:be:48:85:a4";
+    nix = false;
+  }
   {
     hostname = "consul";
     ip = "10.42.42.14";
@@ -72,8 +77,13 @@
   }
   {
     hostname = "minio";
-    profile = "dns";
     ip = "10.42.42.17";
     mac = "0A:06:5E:E7:9A:0C";
   }
+  {
+    hostname = "nuc";
+    ip = "10.42.42.42";
+    mac = "1C:69:7A:62:30:88";
+    nix = false;
+  }
 ]
diff --git a/nixos/common/default.nix b/nixos/common/default.nix
index 026dadf..000ec67 100644
--- a/nixos/common/default.nix
+++ b/nixos/common/default.nix
@@ -48,8 +48,8 @@
   services.openssh.enable = true;
 
   vault-secrets = {
-    vaultPrefix = "nixos/${config.networking.hostName}";
-    vaultAddress = "http://10.42.42.6:8200/";
+    vaultPrefix = "nixos";
+    vaultAddress = "http://vault.olympus:8200/";
     approlePrefix = "olympus-${config.networking.hostName}";
   };
 
diff --git a/nixos/hosts/dhcp/configuration.nix b/nixos/hosts/dhcp/configuration.nix
new file mode 100644
index 0000000..1451139
--- /dev/null
+++ b/nixos/hosts/dhcp/configuration.nix
@@ -0,0 +1,52 @@
+{ config, pkgs, hosts, ... }:
+let
+  hostToDhcp = { hostname, mac, ip, ... }: {
+    ethernetAddress = mac;
+    hostName = hostname;
+    ipAddress = ip;
+  };
+in {
+  imports = [ ];
+
+  networking = {
+    hostName = "dhcp";
+    defaultGateway = "10.42.42.1";
+    nameservers = [ "10.42.42.15" "10.42.42.16" ];
+    interfaces.eth0 = {
+      useDHCP = false; # It turns out the barber just doesn't shave
+      ipv4.addresses = [{
+        address = "10.42.42.3";
+        prefixLength = 23;
+      }];
+    };
+  };
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "21.11"; # Did you read the comment?
+
+  # Additional packages
+  environment.systemPackages = with pkgs; [ ];
+
+  networking.firewall.allowedUDPPorts = [ 67 ];
+
+  services.dhcpd4 = {
+    enable = true;
+    extraConfig = ''
+      option subnet-mask 255.255.254.0;
+      option broadcast-address 10.42.43.255;
+      option routers 10.42.42.1;
+      option domain-name-servers 10.42.42.15, 10.42.42.16;
+      option domain-name "olympus";
+      option domain-search "olympus";
+      subnet 10.42.42.0 netmask 255.255.254.0 {
+        range 10.42.43.1 10.42.43.254;
+      }
+    '';
+    machines = map hostToDhcp hosts;
+  };
+}