From c5e4627446dc9ceb930c47b64148c4bfe9b7c50e Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Tue, 20 Feb 2024 06:50:50 -0600 Subject: [PATCH] PXE changes and minor updates. --- config-parts/firewall-ipv4.sh | 2 +- config-parts/interfaces.sh | 6 ++++++ config-parts/service-dhcp_server.sh | 21 +++++++++++++++++---- config-parts/service.sh | 4 ++++ 4 files changed, 28 insertions(+), 5 deletions(-) diff --git a/config-parts/firewall-ipv4.sh b/config-parts/firewall-ipv4.sh index e727b9b..266d818 100644 --- a/config-parts/firewall-ipv4.sh +++ b/config-parts/firewall-ipv4.sh @@ -205,7 +205,7 @@ set firewall ipv4 name local-lan rule 999 state invalid set firewall ipv4 name local-lan rule 999 log # From LOCAL to SERVERS -set firewall ipv4 name local-servers default-action 'drop' +set firewall ipv4 name local-servers default-action 'accept' set firewall ipv4 name local-servers description 'From LOCAL to SERVERS' set firewall ipv4 name local-servers default-log set firewall ipv4 name local-servers rule 40 action 'accept' diff --git a/config-parts/interfaces.sh b/config-parts/interfaces.sh index 73949cd..6fd80e1 100644 --- a/config-parts/interfaces.sh +++ b/config-parts/interfaces.sh @@ -1,9 +1,15 @@ #!/bin/vbash +# unused hardware +set interfaces ethernet eth0 hw-id 'a0:42:3f:2f:a9:68' +set interfaces ethernet eth1 hw-id 'a0:42:3f:2f:a9:69' + +# WAN set interfaces ethernet eth3 address 'dhcp' set interfaces ethernet eth3 description 'WAN' set interfaces ethernet eth3 hw-id '80:61:5f:04:88:5b' +# LAN set interfaces ethernet eth2 address '10.1.0.1/24' set interfaces ethernet eth2 description 'LAN' set interfaces ethernet eth2 hw-id '80:61:5f:04:88:5a' diff --git a/config-parts/service-dhcp_server.sh b/config-parts/service-dhcp_server.sh index 9bdb08b..b145691 100644 --- a/config-parts/service-dhcp_server.sh +++ b/config-parts/service-dhcp_server.sh @@ -37,6 +37,17 @@ set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 name-serv set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 range 0 start '10.1.1.200' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 range 0 stop '10.1.1.254' +## Servers VLAN - PXE boot +set service dhcp-server global-parameters 'option system-arch code 93 = unsigned integer 16;' +set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 subnet-parameters 'allow bootp;' +set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 subnet-parameters 'allow booting;' +set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 subnet-parameters 'next-server 10.1.1.1;' +set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 subnet-parameters 'if exists user-class and option user-class = "iPXE" {' +set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 subnet-parameters 'filename "metal-amd64";' +set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 subnet-parameters '} else {' +set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 subnet-parameters 'filename "undionly.kpxe";' +set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 subnet-parameters '}' + # Logging # NAS @@ -44,8 +55,8 @@ set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-ma set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping elessar mac-address '00:11:32:87:f6:1d' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping sting ip-address '10.1.1.12' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping sting mac-address 'a8:a1:59:4a:d1:b3' -set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping graybeard ip-address '10.1.1.13' -set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping graybeard mac-address 'd4:5d:64:91:b2:42' +set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping gandalf ip-address '10.1.1.13' +set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping gandalf mac-address 'd4:5d:64:91:b2:42' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping shadowfax ip-address '10.1.1.30' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping shadowfax mac-address '04:42:1a:ef:35:75' @@ -72,8 +83,10 @@ set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-ma # VMs set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping tulkas ip-address '10.1.1.53' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping tulkas mac-address '26:82:2F:16:7A:36' -set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping tulkas ip-address '10.1.1.55' -set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping tulkas mac-address 'fa:1b:41:bc:d5:cf' +set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nextcloud ip-address '10.1.1.55' +set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nextcloud mac-address 'fa:1b:41:bc:d5:cf' +set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nixos ip-address '10.1.1.56' +set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nixos mac-address 'da:3e:b7:27:d8:77' # k8s prod masters diff --git a/config-parts/service.sh b/config-parts/service.sh index 16c0936..cac722d 100644 --- a/config-parts/service.sh +++ b/config-parts/service.sh @@ -12,3 +12,7 @@ set service ntp server time.cloudflare.com # SSH server set service ssh disable-password-authentication set service ssh port '22' + +# TFTP server +set service tftp-server directory '/config/tftpboot' +set service tftp-server listen-address 10.1.1.1 \ No newline at end of file