nixos: add dhcp server
This commit is contained in:
parent
2c690f2148
commit
99bdbd6b59
4 changed files with 87 additions and 26 deletions
|
@ -87,7 +87,6 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
checks = mapAttrs (system: deployLib: deployLib.deployChecks self.deploy)
|
checks = mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
|
||||||
deploy-rs.lib;
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
54
hosts.nix
54
hosts.nix
|
@ -7,23 +7,15 @@
|
||||||
nix = false;
|
nix = false;
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
hostname = "nuc";
|
hostname = "unifi-ap";
|
||||||
ip = "10.42.42.42";
|
ip = "10.42.42.2";
|
||||||
mac = "1C:69:7A:62:30:88";
|
mac = "b4:fb:e4:f3:ff:1b";
|
||||||
nix = false;
|
nix = false;
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
hostname = "LGwebOSTV";
|
hostname = "dhcp";
|
||||||
ip = "10.42.42.13";
|
ip = "10.42.42.3";
|
||||||
mac = "74:40:be:48:85:a4";
|
mac = "3E:2D:E8:AA:E2:81";
|
||||||
nix = false;
|
|
||||||
}
|
|
||||||
{
|
|
||||||
hostname = "home-assistant";
|
|
||||||
ip = "10.42.42.8";
|
|
||||||
ip6 = "2001:41f0:9639:1:bfe7:3fd9:75de:cbee";
|
|
||||||
mac = "74:40:be:48:85:a4";
|
|
||||||
nix = false;
|
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
hostname = "bastion";
|
hostname = "bastion";
|
||||||
|
@ -31,13 +23,6 @@
|
||||||
mac = "82:F0:7C:CB:BD:6D";
|
mac = "82:F0:7C:CB:BD:6D";
|
||||||
lxc = false;
|
lxc = false;
|
||||||
}
|
}
|
||||||
{
|
|
||||||
hostname = "k3s-node1";
|
|
||||||
profile = "k3s";
|
|
||||||
ip = "10.42.42.10";
|
|
||||||
mac = "2E:F8:55:23:D9:9B";
|
|
||||||
lxc = false;
|
|
||||||
}
|
|
||||||
{
|
{
|
||||||
hostname = "vault";
|
hostname = "vault";
|
||||||
ip = "10.42.42.6";
|
ip = "10.42.42.6";
|
||||||
|
@ -48,11 +33,31 @@
|
||||||
ip = "10.42.42.7";
|
ip = "10.42.42.7";
|
||||||
mac = "C6:F9:8B:3D:9E:37";
|
mac = "C6:F9:8B:3D:9E:37";
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
hostname = "home-assistant";
|
||||||
|
ip = "10.42.42.8";
|
||||||
|
ip6 = "2001:41f0:9639:1:bfe7:3fd9:75de:cbee";
|
||||||
|
mac = "74:40:be:48:85:a4";
|
||||||
|
nix = false;
|
||||||
|
}
|
||||||
{
|
{
|
||||||
hostname = "nginx";
|
hostname = "nginx";
|
||||||
ip = "10.42.42.9";
|
ip = "10.42.42.9";
|
||||||
mac = "6A:C2:89:85:CF:A6";
|
mac = "6A:C2:89:85:CF:A6";
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
hostname = "k3s-node1";
|
||||||
|
profile = "k3s";
|
||||||
|
ip = "10.42.42.10";
|
||||||
|
mac = "2E:F8:55:23:D9:9B";
|
||||||
|
lxc = false;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
hostname = "WoolooTV";
|
||||||
|
ip = "10.42.42.13";
|
||||||
|
mac = "74:40:be:48:85:a4";
|
||||||
|
nix = false;
|
||||||
|
}
|
||||||
{
|
{
|
||||||
hostname = "consul";
|
hostname = "consul";
|
||||||
ip = "10.42.42.14";
|
ip = "10.42.42.14";
|
||||||
|
@ -72,8 +77,13 @@
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
hostname = "minio";
|
hostname = "minio";
|
||||||
profile = "dns";
|
|
||||||
ip = "10.42.42.17";
|
ip = "10.42.42.17";
|
||||||
mac = "0A:06:5E:E7:9A:0C";
|
mac = "0A:06:5E:E7:9A:0C";
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
hostname = "nuc";
|
||||||
|
ip = "10.42.42.42";
|
||||||
|
mac = "1C:69:7A:62:30:88";
|
||||||
|
nix = false;
|
||||||
|
}
|
||||||
]
|
]
|
||||||
|
|
|
@ -48,8 +48,8 @@
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
|
|
||||||
vault-secrets = {
|
vault-secrets = {
|
||||||
vaultPrefix = "nixos/${config.networking.hostName}";
|
vaultPrefix = "nixos";
|
||||||
vaultAddress = "http://10.42.42.6:8200/";
|
vaultAddress = "http://vault.olympus:8200/";
|
||||||
approlePrefix = "olympus-${config.networking.hostName}";
|
approlePrefix = "olympus-${config.networking.hostName}";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
52
nixos/hosts/dhcp/configuration.nix
Normal file
52
nixos/hosts/dhcp/configuration.nix
Normal file
|
@ -0,0 +1,52 @@
|
||||||
|
{ config, pkgs, hosts, ... }:
|
||||||
|
let
|
||||||
|
hostToDhcp = { hostname, mac, ip, ... }: {
|
||||||
|
ethernetAddress = mac;
|
||||||
|
hostName = hostname;
|
||||||
|
ipAddress = ip;
|
||||||
|
};
|
||||||
|
in {
|
||||||
|
imports = [ ];
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
hostName = "dhcp";
|
||||||
|
defaultGateway = "10.42.42.1";
|
||||||
|
nameservers = [ "10.42.42.15" "10.42.42.16" ];
|
||||||
|
interfaces.eth0 = {
|
||||||
|
useDHCP = false; # It turns out the barber just doesn't shave
|
||||||
|
ipv4.addresses = [{
|
||||||
|
address = "10.42.42.3";
|
||||||
|
prefixLength = 23;
|
||||||
|
}];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# This value determines the NixOS release from which the default
|
||||||
|
# settings for stateful data, like file locations and database versions
|
||||||
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
# this value at the release version of the first install of this system.
|
||||||
|
# Before changing this value read the documentation for this option
|
||||||
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
|
system.stateVersion = "21.11"; # Did you read the comment?
|
||||||
|
|
||||||
|
# Additional packages
|
||||||
|
environment.systemPackages = with pkgs; [ ];
|
||||||
|
|
||||||
|
networking.firewall.allowedUDPPorts = [ 67 ];
|
||||||
|
|
||||||
|
services.dhcpd4 = {
|
||||||
|
enable = true;
|
||||||
|
extraConfig = ''
|
||||||
|
option subnet-mask 255.255.254.0;
|
||||||
|
option broadcast-address 10.42.43.255;
|
||||||
|
option routers 10.42.42.1;
|
||||||
|
option domain-name-servers 10.42.42.15, 10.42.42.16;
|
||||||
|
option domain-name "olympus";
|
||||||
|
option domain-search "olympus";
|
||||||
|
subnet 10.42.42.0 netmask 255.255.254.0 {
|
||||||
|
range 10.42.43.1 10.42.43.254;
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
machines = map hostToDhcp hosts;
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in a new issue