Vesuvius dnsmasq netboot

hosts/common/k3s-ports.nix

@@ -0,0 +1,9 @@
+{
+  networking.firewall.allowedTCPPorts = [
+    6443
+  ];
+
+  networking.firewall.allowedUDPPorts = [
+    8472
+  ];
+}

hosts/common/k3s.nix

@@ -0,0 +1,12 @@
+{ ... }: {
+  imports = [
+    ./k3s-ports.nix
+  ];
+
+  services.k3s = {
+    enable = true;
+    role = "agent";
+    token = "garbage secret";
+    serverAddr = "https://10.98.1.147:6443";
+  };
+}

hosts/prospit/configuration.nix

@@ -0,0 +1,15 @@
+{ modulesPath, pkgs, ... }: {
+  imports = [
+    ../common/k3s.nix
+    ../common/nix.nix
+    ../common/sshd.nix
+    ../common/users-local.nix
+    (modulesPath + "/installer/netboot/netboot-minimal.nix")
+  ];
+
+  environment.systemPackages = [
+    pkgs.fastfetch
+  ];
+
+  system.stateVersion = "25.11";
+}

hosts/vesuvius/configuration.nix

@@ -2,6 +2,7 @@
 {
   imports = [
     ./hardware-configuration.nix
+    ./k3s.nix
     ./nix.nix
     ./zfs.nix
     ./netboot.nix

hosts/vesuvius/k3s.nix

@@ -0,0 +1,12 @@
+{ ... }: {
+  imports = [
+    ../common/k3s-ports.nix
+  ];
+
+  services.k3s = {
+    enable = true;
+    role = "server";
+    token = "garbage secret";
+    clusterInit = true;
+  };
+}

hosts/vesuvius/netboot.nix

@@ -1,38 +1,33 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 let
-  dom_ip = "10.98.2.1";
+  dom_ip = "10.98.3.2";
+  vlan_router_ip = "10.98.3.1";
+  dns_server_ip = "10.98.0.1";
   dhcp_iface = "enp1s0f1";
-  client_range = "10.98.2.2,10.98.2.100";
+  client_range = "10.98.3.3,10.98.3.100";
 
-  sub_image = pkgs.nixos {
-    imports = [ "${pkgs.path}/nixos/modules/installer/netboot/netboot-minimal.nix" ];
 
-    system.stateVersion = "25.05";
-    services.openssh = {
-      enable = true;
-      settings.PasswordAuthentication = true;
-      settings.KbdInteractiveAuthentication = false;
-    };
+  sub_image = lib.nixosSystem {
+    system = "x86_64-linux";
 
-    users.users.papatux = {
-      isNormalUser = true;
-      description = "papatux";
-      extraGroups = [ "networkmanager" "wheel" ];
-      hashedPassword = "$6$6GnvJWpo8oOWM1tb$GhuldW5iIdS6OuRyq5u1hSSu0VotQCLac7emA.Kui2hWLozR7EIO4Su6PCo5hTRG8iWnAOlGemQVyejIA9l4j/";
-      openssh.authorizedKeys.keys = import ../../papatux-keys.nix;
-    };
+    modules = [
+      ../prospit/configuration.nix
+    ];
   };
-
+
+  prospit = sub_image.config.system.build;
+
   ipxe_config = pkgs.writeText "boot.ipxe" ''
     #!ipxe
-    kernel http://${dom_ip}:8080/netboot-nixtest/kernel init=/init boot.shell_on_fail
-    initrd http://${dom_ip}:8080/netboot-nixtest/initrd
+    kernel http://${dom_ip}:8080/netboot-kernel/bzImage init=${prospit.toplevel}/init boot.shell_on_fail
+    initrd http://${dom_ip}:8080/netboot-initrd/initrd
 
     boot
   '';
 
   webroot = pkgs.linkFarm "netboot" [
-    { name = "netboot-nixtest"; path = sub_image.config.system.build.toplevel; }
+    { name = "netboot-kernel"; path = prospit.kernel; }
+    { name = "netboot-initrd"; path = prospit.netbootRamdisk; }
     { name = "boot.ipxe"; path = ipxe_config; }
   ];
 
@@ -54,14 +49,18 @@ in
 
   services.dnsmasq = {
     enable = true;
+    settings.domain = "bastille.vtluug.org";
+    settings.interface = "${dhcp_iface}";
+    settings.bind-interfaces = true;
+    settings.server = [ "${dns_server_ip}" ];
     settings.enable-tftp = true;
     settings.tftp-root = "${tftproot}";
     settings.dhcp-range = "${client_range},12h";
-    settings.dhcp-option = [ "option:router,${dom_ip}" ];
+    settings.dhcp-option = [ "option:router,${vlan_router_ip}" ];
     settings.dhcp-userclass = [ "set:ipxe,iPXE" ];
     settings.dhcp-boot = [
       "tag:!ipxe,ipxe.efi"
-      "http://${dom_ip}:8080/boot.ipxe" 
+      "http://${dom_ip}:8080/boot.ipxe"
     ];
   };
 
@@ -77,4 +76,4 @@ in
     allowedTCPPorts = [ 8080 ];
     allowedUDPPorts = [ 67 69 ];
   };
-}
+}