bgpwtf/machines/modules/bootstrap.nix

# Functionality that used to live in bootstrap.hswaw.net, a VMm now moved back
# into edge01.waw.bgp.wtf

{ config, pkgs, ... }: {
  networking.bridges.bootstrap.interfaces = [];
  networking.interfaces.bootstrap.ipv4.addresses = [
    { address = "185.236.240.18"; prefixLength = 32; }
  ];
  services.atftpd = {
    enable = true;
    root = (let 
      # netboot.xyz.kpxe retrieved from netboot.xyz at 2021/03/15.
      netbootxyz-kpxe = pkgs.fetchurl {
        url = https://object.ceph-waw3.hswaw.net/q3k-personal/b0b99ab84eb973c8a3818ec9fd11e17b75494ad8b5e6976aebbe8b162052da47.kpxe;
        sha256 = "0iysa8h1d2xyxdm9grmmv154jxbvw48zvjcfh6iwhwxr9sw9mfdh";
      };
      # netboot.xyz-undionly.kpxe retrieved from netboot.xyz at 2021/03/15.
      netbootxyz-undionly-kpxe = pkgs.fetchurl {
        url = https://object.ceph-waw3.hswaw.net/q3k-personal/42ca97fe5219899e208cf466cb04d2cd4fe7f7b30e0db30ef63cafabcc95b989.kpxe;
        sha256 = "12drjp6apbrwyq7b638fngvyfkyds82cnrplihh9x28rabz9gjj2";
      };
    in pkgs.stdenv.mkDerivation {
      name = "atftp-root";
      unpackPhase = "true";
      buildPhase = "true";
      installPhase = ''
        mkdir -p $out
        cp ${netbootxyz-kpxe} $out/netboot.xyz.kpxe
        cp ${netbootxyz-undionly-kpxe} $out/netboot.xyz-undionly.kpxe
      '';
    });
  };
  services.dhcpd4 = {
    enable = true;
    interfaces = [ "bootstrap" "vl-dcsw-l3" ];
    extraConfig = ''
      # ISC DHCP is trash. We only use it in relay mode, yet we have to do
      # this.
      subnet 185.236.240.18 netmask 255.255.255.255 {}

      subnet 185.236.240.6 netmask 255.255.255.254 {}

      subnet 185.236.240.24 netmask 255.255.255.248 {
          option routers 185.236.240.25;
          range 185.236.240.29 185.236.240.30;
          option domain-name-servers 8.8.8.8;
      }

      subnet 185.236.240.32 netmask 255.255.255.240 {
          range 185.236.240.45 185.236.240.46;
          option routers 185.236.240.33;
          option domain-name-servers 8.8.8.8;
      }

      host bc01n01 {
          hardware ethernet 00:23:ae:fe:83:20;
          fixed-address 185.236.240.35;
          option host-name "bc01n01";
      }
      host bc01n02 {
          hardware ethernet 00:23:ae:fe:83:c4;
          fixed-address 185.236.240.36;
          option host-name "bc01n02";
      }
      host bc01n03 {
          hardware ethernet 00:23:ae:fe:42:80;
          fixed-address 185.236.240.37;
          option host-name "bc01n03";
          filename "netboot.xyz-undionly.kpxe";
      }
      host bc01n04 {
          hardware ethernet 00:23:ae:fe:7e:a8;
          fixed-address 185.236.240.41;
          option host-name "bc01n04";
          filename "netboot.xyz-undionly.kpxe";
      }
      host boston-packets {
          hardware ethernet 00:23:ae:fe:45:8c;
          fixed-address 185.236.240.38;
          option host-name "boston-packets.hackerspace.pl";
      }
      host dcr01s22 {
          hardware ethernet 90:1b:0e:08:12:b8;
          fixed-address 185.236.240.39;
          option host-name "dcr01s22";
      }
      host dcr01s24 {
          hardware ethernet 90:1b:0e:31:bb:6a;
          fixed-address 185.236.240.40;
          option host-name "dcr01s24";
      }
      host dcr03s32b1 {
          hardware ethernet 02:01:87:4a:9a:b9;
          fixed-address 185.236.240.26;
          option host-name "dcr03s32b1";
      }
    '';
  };
}