vtluug · mehbark · Oct 23, 2025 · Nov 6, 2025 · Nov 6, 2025 · Nov 11, 2025
diff --git a/hosts/bastille/auto-hostname.nix b/hosts/bastille/auto-hostname.nix
@@ -0,0 +1,39 @@
+{ pkgs, lib, ... }:
+let
+  # TODO: make this like a python script with a list of interfaces in order of preference
+  auto-hostname = pkgs.writeShellApplication {
+    name = "auto-hostname";
+
+    runtimeInputs = [
+      pkgs.hostname
+    ];
+
+    text = ''
+      if [[ -e "/sys/class/net/eno2/address" ]]; then
+        mac_file="/sys/class/net/eno2/address"
+      else
+        mac_file=/sys/class/net/enp0s25/address
+      fi
+
+      mac=$(cat $mac_file | tr -d '\r\n ' | tr ':' '-')
+
+      hostname "blade-$mac"
+    '';
+  };
+in {
+  networking.hostName = "";
+
+  systemd.services."auto-hostname" = {
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" ];
+
+    unitConfig = {
+      Description = "Automatically set the hostname ";
+    };
+
+    serviceConfig = {
+      Type = "oneshot";
+      ExecStart = "${lib.getExe auto-hostname}";
+    };
+  };
+}
diff --git a/hosts/bastille/blade.nix b/hosts/bastille/blade.nix
@@ -0,0 +1,20 @@
+{ modulesPath, pkgs, lib, ... }: {
+  imports = [
+    ./auto-hostname.nix
+    (import ../common/k3s.nix {})
+    ../common/nix.nix
+    ../common/sshd.nix
+    ../common/users-local.nix
+    (modulesPath + "/installer/netboot/netboot-minimal.nix")
+  ];
+
+  # when making the ISO, the initialHashedPassword is set to "" for some reason
+  # we already set a hashed password, so null this
+  users.users.root.initialHashedPassword = lib.mkForce null;
+
+  environment.systemPackages = [
+    pkgs.fastfetch
+  ];
+
+  system.stateVersion = "25.11";
+}
diff --git a/hosts/common/k3s.nix b/hosts/common/k3s.nix
@@ -0,0 +1,17 @@
+{ role ? "agent", clusterInit ? false }: {
+  networking.firewall.allowedTCPPorts = [
+    6443
+  ];
+
+  networking.firewall.allowedUDPPorts = [
+    8472
+  ];
+
+  services.k3s = {
+    inherit role clusterInit;
+
+    enable = true;
+    token = "garbage secret";
+    serverAddr = "https://10.98.1.147:6443";
+  };
+}
diff --git a/hosts/vesuvius/configuration.nix b/hosts/vesuvius/configuration.nix
@@ -2,6 +2,7 @@
 {
   imports = [
     ./hardware-configuration.nix
+    (import ../common/k3s.nix { role = "server"; clusterInit = true; })
     ./nix.nix
     ./zfs.nix
     ./netboot.nix

diff --git a/hosts/vesuvius/netboot.nix b/hosts/vesuvius/netboot.nix
@@ -1,38 +1,33 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 let
-  dom_ip = "10.98.2.1";
+  dom_ip = "10.98.3.2";
+  vlan_router_ip = "10.98.3.1";
+  dns_server_ip = "10.98.0.1";
   dhcp_iface = "enp1s0f1";
-  client_range = "10.98.2.2,10.98.2.100";
+  client_range = "10.98.3.3,10.98.3.100";
 
-  sub_image = pkgs.nixos {
-    imports = [ "${pkgs.path}/nixos/modules/installer/netboot/netboot-minimal.nix" ];
 
-    system.stateVersion = "25.05";
-    services.openssh = {
-      enable = true;
-      settings.PasswordAuthentication = true;
-      settings.KbdInteractiveAuthentication = false;
-    };
+  sub_image = lib.nixosSystem {
+    system = "x86_64-linux";
 
-    users.users.papatux = {
-      isNormalUser = true;
-      description = "papatux";
-      extraGroups = [ "networkmanager" "wheel" ];
-      hashedPassword = "$6$6GnvJWpo8oOWM1tb$GhuldW5iIdS6OuRyq5u1hSSu0VotQCLac7emA.Kui2hWLozR7EIO4Su6PCo5hTRG8iWnAOlGemQVyejIA9l4j/";
-      openssh.authorizedKeys.keys = import ../../papatux-keys.nix;
-    };
+    modules = [
+      ../bastille/blade.nix
+    ];
   };
-
+
+  blade = sub_image.config.system.build;
+
   ipxe_config = pkgs.writeText "boot.ipxe" ''
     #!ipxe
-    kernel http://${dom_ip}:8080/netboot-nixtest/kernel init=/init boot.shell_on_fail
-    initrd http://${dom_ip}:8080/netboot-nixtest/initrd
+    kernel http://${dom_ip}:8080/netboot-kernel/bzImage init=${blade.toplevel}/init boot.shell_on_fail
+    initrd http://${dom_ip}:8080/netboot-initrd/initrd
 
     boot
   '';
 
   webroot = pkgs.linkFarm "netboot" [
-    { name = "netboot-nixtest"; path = sub_image.config.system.build.toplevel; }
+    { name = "netboot-kernel"; path = blade.kernel; }
+    { name = "netboot-initrd"; path = blade.netbootRamdisk; }
     { name = "boot.ipxe"; path = ipxe_config; }
   ];
 
@@ -54,14 +49,18 @@ in
 
   services.dnsmasq = {
     enable = true;
+    settings.domain = "bastille.vtluug.org";
+    settings.interface = "${dhcp_iface}";
+    settings.bind-interfaces = true;
+    settings.server = [ "${dns_server_ip}" ];
     settings.enable-tftp = true;
     settings.tftp-root = "${tftproot}";
     settings.dhcp-range = "${client_range},12h";
-    settings.dhcp-option = [ "option:router,${dom_ip}" ];
+    settings.dhcp-option = [ "option:router,${vlan_router_ip}" ];
     settings.dhcp-userclass = [ "set:ipxe,iPXE" ];
     settings.dhcp-boot = [
       "tag:!ipxe,ipxe.efi"
-      "http://${dom_ip}:8080/boot.ipxe" 
+      "http://${dom_ip}:8080/boot.ipxe"
     ];
   };
 
@@ -77,4 +76,4 @@ in
     allowedTCPPorts = [ 8080 ];
     allowedUDPPorts = [ 67 69 ];
   };
-}
+}