confctl 1.0.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,185 @@
1
+ { config, lib, pkgs, confMachine, ... }:
2
+ let
3
+ inherit (lib) concatStringsSep flip mkOption mkEnableOption mkIf
4
+ optional optionalString types;
5
+
6
+ concatNl = concatStringsSep "\n";
7
+
8
+ cfg = config.confctl.carrier.netboot;
9
+
10
+ isoImage =
11
+ { config, ... }:
12
+ {
13
+ options = {
14
+ file = mkOption {
15
+ type = types.path;
16
+ description = ''
17
+ Path to the ISO image file
18
+
19
+ If it is a path, the file must be available on the build machine,
20
+ it will be copied into the Nix store and deployed to the target machine.
21
+ If it is a string, then the file must be available on the target machine
22
+ at the given path.
23
+ '';
24
+ };
25
+
26
+ label = mkOption {
27
+ type = types.str;
28
+ default = "";
29
+ description = "Menu label for this image";
30
+ };
31
+ };
32
+ };
33
+
34
+ baseDir = "/var/lib/confctl/carrier/netboot";
35
+
36
+ tftpRoot = "${baseDir}/tftp";
37
+
38
+ httpRoot = "${baseDir}/http";
39
+
40
+ builderConfig = builtins.toJSON {
41
+ ruby = pkgs.ruby;
42
+ coreutils = pkgs.coreutils;
43
+ syslinux = pkgs.syslinux;
44
+ inherit tftpRoot httpRoot;
45
+ hostName = config.networking.hostName;
46
+ httpUrl = "http://${cfg.host}";
47
+ memtest =
48
+ if cfg.memtest86.enable then
49
+ { package = pkgs.memtest86plus; params = cfg.memtest86.params; }
50
+ else
51
+ null;
52
+ isoImages = cfg.isoImages;
53
+ };
54
+
55
+ builder = pkgs.substituteAll {
56
+ src = ./build-netboot-server.rb;
57
+ name = "build-netboot-server";
58
+ dir = "bin";
59
+ isExecutable = true;
60
+ ruby = pkgs.ruby;
61
+ jsonConfig = pkgs.writeText "netboot-server.json" builderConfig;
62
+ };
63
+ in {
64
+ options = {
65
+ confctl.carrier.netboot = {
66
+ enable = mkEnableOption ''
67
+ Enable netboot server generated from confctl carrier
68
+ '';
69
+
70
+ host = mkOption {
71
+ type = types.str;
72
+ description = "Hostname or IP address of the netboot server";
73
+ };
74
+
75
+ enableACME = mkOption {
76
+ type = types.bool;
77
+ description = "Enable ACME and SSL for netboot host";
78
+ default = false;
79
+ };
80
+
81
+ memtest86 = {
82
+ enable = mkOption {
83
+ type = types.bool;
84
+ description = "Include memtest in boot menu";
85
+ default = true;
86
+ };
87
+
88
+ params = mkOption {
89
+ type = types.listOf types.str;
90
+ default = [];
91
+ example = [ "console=ttyS0,115200" ];
92
+ description = "See {option}`boot.loader.grub.memtest86.params`";
93
+ };
94
+ };
95
+
96
+ isoImages = mkOption {
97
+ type = types.listOf (types.submodule isoImage);
98
+ default = [];
99
+ description = "A list of ISO images to be included in boot menu";
100
+ };
101
+
102
+ allowedIPv4Ranges = mkOption {
103
+ type = types.listOf types.str;
104
+ description = ''
105
+ Allow HTTP access for these IP ranges, if not specified
106
+ access is not restricted.
107
+ '';
108
+ default = [];
109
+ example = "10.0.0.0/24";
110
+ };
111
+
112
+ tftp.bindAddress = mkOption {
113
+ type = types.nullOr types.str;
114
+ default = null;
115
+ description = ''
116
+ The address for the TFTP server to bind on
117
+ '';
118
+ };
119
+ };
120
+ };
121
+
122
+ config = mkIf cfg.enable {
123
+ confctl.carrier.onChangeCommands = ''
124
+ ${builder}/bin/build-netboot-server
125
+ rc=$?
126
+
127
+ if [ $rc != 0 ] ; then
128
+ echo "build-netboot-server failed with $rc"
129
+ exit 1
130
+ fi
131
+ '';
132
+
133
+ environment.systemPackages = [ builder ];
134
+
135
+ networking.firewall = {
136
+ extraCommands = mkIf (cfg.allowedIPv4Ranges != []) (concatNl (map (net: ''
137
+ # Allow access from ${net} for netboot
138
+ iptables -A nixos-fw -p udp -s ${net} ${optionalString (!isNull cfg.tftp.bindAddress) "-d ${cfg.tftp.bindAddress}"} --dport 68 -j nixos-fw-accept
139
+ iptables -A nixos-fw -p udp -s ${net} ${optionalString (!isNull cfg.tftp.bindAddress) "-d ${cfg.tftp.bindAddress}"} --dport 69 -j nixos-fw-accept
140
+ iptables -A nixos-fw -p tcp -s ${net} --dport 80 -j nixos-fw-accept
141
+ ${optionalString cfg.enableACME "iptables -A nixos-fw -p tcp -s ${net} --dport 443 -j nixos-fw-accept"}
142
+ '') cfg.allowedIPv4Ranges));
143
+ };
144
+
145
+ systemd.services.netboot-atftpd = {
146
+ description = "TFTP Server for Netboot";
147
+ after = [ "network.target" ];
148
+ wantedBy = [ "multi-user.target" ];
149
+ # runs as nobody
150
+ serviceConfig.ExecStart = toString ([
151
+ "${pkgs.atftp}/sbin/atftpd"
152
+ "--daemon"
153
+ "--no-fork"
154
+ ] ++ (optional (!isNull cfg.tftp.bindAddress) [ "--bind-address" cfg.tftp.bindAddress ])
155
+ ++ [ tftpRoot ]);
156
+ };
157
+
158
+ services.nginx = {
159
+ enable = true;
160
+
161
+ appendConfig = ''
162
+ worker_processes auto;
163
+ '';
164
+
165
+ virtualHosts = {
166
+ "${cfg.host}" = {
167
+ root = httpRoot;
168
+ addSSL = cfg.enableACME;
169
+ enableACME = cfg.enableACME;
170
+ locations = {
171
+ "/" = {
172
+ extraConfig = ''
173
+ autoindex on;
174
+ ${optionalString (cfg.allowedIPv4Ranges != []) ''
175
+ ${concatNl (flip map cfg.allowedIPv4Ranges (range: "allow ${range};"))}
176
+ deny all;
177
+ ''}
178
+ '';
179
+ };
180
+ };
181
+ };
182
+ };
183
+ };
184
+ };
185
+ }
@@ -0,0 +1,8 @@
1
+ {
2
+ nixos = [
3
+ ./confctl/carrier/base.nix
4
+ ./confctl/carrier/netboot/nixos.nix
5
+ ];
6
+
7
+ vpsadminos = [];
8
+ }
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: confctl
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 2.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jakub Skokan
@@ -30,14 +30,14 @@ dependencies:
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: 2.21.0
33
+ version: 2.22.0
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: 2.21.0
40
+ version: 2.22.0
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: json
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -184,14 +184,14 @@ dependencies:
184
184
  requirements:
185
185
  - - "~>"
186
186
  - !ruby/object:Gem::Version
187
- version: 0.18.0
187
+ version: 0.19.0
188
188
  type: :runtime
189
189
  prerelease: false
190
190
  version_requirements: !ruby/object:Gem::Requirement
191
191
  requirements:
192
192
  - - "~>"
193
193
  - !ruby/object:Gem::Version
194
- version: 0.18.0
194
+ version: 0.19.0
195
195
  description: Nix deployment management tool
196
196
  email: jakub.skokan@vpsfree.cz
197
197
  executables:
@@ -204,7 +204,6 @@ files:
204
204
  - ".overcommit.yml"
205
205
  - ".rubocop.yml"
206
206
  - ".rubocop_todo.yml"
207
- - ".ruby-version"
208
207
  - CHANGELOG.md
209
208
  - Gemfile
210
209
  - LICENSE.txt
@@ -212,6 +211,7 @@ files:
212
211
  - Rakefile
213
212
  - bin/confctl
214
213
  - confctl.gemspec
214
+ - docs/carrier.md
215
215
  - example/.gitignore
216
216
  - example/README.md
217
217
  - example/cluster/cluster.nix
@@ -319,11 +319,16 @@ files:
319
319
  - nix/lib/swpins/options.nix
320
320
  - nix/machines.nix
321
321
  - nix/modules/cluster/default.nix
322
+ - nix/modules/confctl/carrier/base.nix
323
+ - nix/modules/confctl/carrier/carrier-env.rb
324
+ - nix/modules/confctl/carrier/netboot/build-netboot-server.rb
325
+ - nix/modules/confctl/carrier/netboot/nixos.nix
322
326
  - nix/modules/confctl/cli.nix
323
327
  - nix/modules/confctl/generations.nix
324
328
  - nix/modules/confctl/nix.nix
325
329
  - nix/modules/confctl/swpins.nix
326
330
  - nix/modules/module-list.nix
331
+ - nix/modules/system-list.nix
327
332
  - shell.nix
328
333
  - template/confctl-options.nix/main.erb
329
334
  - template/confctl-options.nix/options.erb
@@ -346,7 +351,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
346
351
  - !ruby/object:Gem::Version
347
352
  version: '0'
348
353
  requirements: []
349
- rubygems_version: 3.4.22
354
+ rubygems_version: 3.5.9
350
355
  signing_key:
351
356
  specification_version: 4
352
357
  summary: Nix deployment management tool
data/.ruby-version DELETED
@@ -1 +0,0 @@
1
- 3.1.0