forked from the-distro/infra
57 lines
2.3 KiB
Nix
57 lines
2.3 KiB
Nix
|
{ lib, pkgs, nodes, config, ... }:
|
||
|
|
||
|
# The way the connection is established is specific to the wob01 site and the Intel S2600KPR blades.
|
||
|
# Proper netboot is not possible, because while the blades and the APU board (which is the netboot
|
||
|
# server here) are in the same L2 network, the uplink connection of each blade is an LACP LAG,
|
||
|
# meaning that the switch on the other side will only enable the port if it sees valid LACP packets.
|
||
|
# IPXE sends out these LACP packets while it is probing the ports, however the NICs of the blades
|
||
|
# do not have a flash which IPXE could be written to.
|
||
|
# We work around this by presenting a virtual floppy drive using the "IUSB" protocol of the BMC.
|
||
|
# This virtual floppy drive contains an per-blade customized IPXE script which will initialize the
|
||
|
# network connection including IP configuration and chainload the actual script off the netboot
|
||
|
# server.
|
||
|
|
||
|
let
|
||
|
netboot-server-ip = "2a01:584:11::2";
|
||
|
in {
|
||
|
networking.firewall.allowedTCPPorts = [ 80 ];
|
||
|
|
||
|
systemd.services = lib.mapAttrs' (nodename: node: let
|
||
|
ip = "2a01:584:11::1:${toString node.config.bagel.baremetal.builders.num}";
|
||
|
bmcIp = "192.168.1.${toString (node.config.bagel.baremetal.builders.num * 4 + 2)}";
|
||
|
gw = "2a01:584:11::1";
|
||
|
dns = "2a01:580:6000::ff01";
|
||
|
ipxe = node.pkgs.ipxe.override {
|
||
|
embedScript = builtins.toFile "bootstrap-${node.config.networking.hostName}.ipxe" ''
|
||
|
#!ipxe
|
||
|
ifopen net0
|
||
|
|
||
|
echo ip ${ip}/64
|
||
|
set net0/ip6:ipv6 ${ip}
|
||
|
set net0/len6:int8 64
|
||
|
echo gw ${gw}
|
||
|
set net0/gateway6:ipv6 ${gw}
|
||
|
echo dns ${dns}
|
||
|
set net0/dns6:ipv6 ${dns}
|
||
|
|
||
|
# wait for the lacp link to come up
|
||
|
ping --count 20 ${gw}
|
||
|
|
||
|
chain https://hydra.forkos.org/job/infra/main/${node.config.networking.hostName}/latest/download-by-type/file/ipxe
|
||
|
|
||
|
# if it fails, show a shell
|
||
|
shell
|
||
|
'';
|
||
|
};
|
||
|
in lib.nameValuePair "iusb-spoof-${nodename}" {
|
||
|
wantedBy = [ "multi-user.target" ];
|
||
|
serviceConfig = {
|
||
|
Restart = "on-failure";
|
||
|
};
|
||
|
script = ''
|
||
|
AUTH_TOKEN=$(${pkgs.iusb-spoof}/bin/make-token ${bmcIp})
|
||
|
exec ${pkgs.iusb-spoof}/bin/iusb-spoof -r ${bmcIp} 5123 $AUTH_TOKEN ${ipxe}/ipxe-efi.usb
|
||
|
'';
|
||
|
}) (lib.filterAttrs (_: node: node.config.bagel.baremetal.builders.enable && node.config.bagel.baremetal.builders.netboot) nodes);
|
||
|
}
|