c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

rpi-netboot: produce boot dir; nix-build: enable atftp+nfs

This commit is contained in:
Astro 2022-03-16 20:38:00 +01:00
parent c6cfaaa129
commit 52c6add73e
6 changed files with 120 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
flake.nix
View File

@ -144,8 +144,6 @@
}
'';
rpi-netboot-tarball = self.nixosConfigurations.rpi-netboot.config.system.build.tarball;
} //
builtins.foldl' (result: host: result // {
@ -206,6 +204,20 @@
.overrideAttrs (oa: {
meta.mainProgram = "run-${host}-vm";
});
} //
nixpkgs.lib.optionalAttrs config.boot.loader.raspberryPi.enable {
"${host}-boot" = pkgs.runCommand "tftproot" {} ''
mkdir -p $out
cp -rs ${pkgs.raspberrypifw}/share/raspberrypi/boot/* $out/
rm -f $out/kernel.img $out/initrd.img
ln -s ${config.system.build.kernel}/Image $out/kernel.img
ln -s ${config.system.build.initialRamdisk}/initrd $out/initrd.img
cat << EOF > $out/config.txt
kernel kernel.img
initramfs initrd.img followkernel
EOF
echo "dwc_otg.lpm_enable=0 console=ttyAMA0,115200 kgdboc=ttyAMA0,115200 console=tty1 verbose init=${config.system.build.toplevel}/init" > $out/cmdline.txt
'';
}
) {} (builtins.attrNames self.nixosConfigurations)
) self.legacyPackages;
@ -317,6 +329,7 @@
extraArgs = { inherit nixpkgs; };
modules = [
nixos-hardware.nixosModules.raspberry-pi-4
self.nixosModules.rpi-netboot
./hosts/rpi-netboot
];
system = "aarch64-linux";
@ -525,6 +538,7 @@
imports = [ ./modules/plume.nix ];
nixpkgs.overlays = [ fenix.overlay naersk.overlay ];
};
rpi-netboot = ./modules/rpi-netboot.nix;
};
hydraJobs = forAllSystems (system:

12
hosts/containers/nix-build/default.nix
View File

@ -1,6 +1,10 @@
{ hostRegistry, zentralwerk, config, pkgs, lib, ... }:
{
imports = [
./hardware-configuration.nix
./rpi-netboot.nix
];
networking.hostName = "nix-build"; # Define your hostname.
networking.useDHCP = false;
networking.interfaces.enp6s18 = {
@ -11,13 +15,9 @@
useDHCP = false;
};
networking.defaultGateway = "172.20.73.1";
networking.firewall.allowedTCPPorts = [ 22 ];
networking.firewall.enable = false;
networking.nameservers = [ "172.20.73.8" "9.9.9.9" ];
imports = [
./hardware-configuration.nix
];
boot = {
loader = {
systemd-boot.enable = true;

36
hosts/containers/nix-build/rpi-netboot.nix Normal file
View File

@ -0,0 +1,36 @@
{ lib, ... }:
let
tftpRoot = "/var/lib/tftproot";
in
{
networking.firewall.enable = false;
# raspberrypi boot
services.atftpd = {
enable = true;
root = tftpRoot;
};
# share /nix/store via NFS read-only
services.nfs.server = {
enable = true;
exports =
let
allowed = [
"172.22.99.0/24"
"172.20.72.0/21"
"30c:c3d2:b946:76d0::/64"
"2a00:8180:2c00:200::/56"
"fd23:42:c3d2:500::/56"
];
opts = lib.concatStringsSep "," [
"async" "ro" "no_subtree_check" "no_root_squash" "fsid=0"
];
in ''
/nix/store ${
lib.concatMapStringsSep " " (subnet:
"${subnet}(${opts})"
) allowed
}
'';
};
}

24
hosts/rpi-netboot/default.nix
View File

@ -39,30 +39,6 @@
# prevent kernel install fail due to missing modules
pkgs.makeModulesClosure (x // { allowMissing = true; });
};
boot = {
# HACK
isContainer = true;
loader.initScript.enable = true;
tmpOnTmpfs = true;
postBootCommands = ''
# nixos-rebuild also requires a "system" profile and an
# /etc/NIXOS tag.
touch /etc/NIXOS
${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
'';
};
fileSystems."/" = {
fsType = "tmpfs";
options = [ "mode=0755" ];
};
fileSystems."/etc" = {
fsType = "tmpfs";
options = [ "mode=0755" ];
};
fileSystems."/var" = {
fsType = "tmpfs";
options = [ "mode=0755" ];
};
hardware.raspberry-pi."4" = {
# fkms-3d.enable = true;
};

23
hosts/storage-ng/default.nix
View File

@ -110,29 +110,6 @@ in
};
};
};
services.nfs.server = {
enable = true;
exports =
let
allowed = [
"172.22.99.0/24"
"172.20.72.0/21"
"30c:c3d2:b946:76d0::/64"
"2a00:8180:2c00:200::/56"
"fd23:42:c3d2:500::/56"
];
opts = lib.concatStringsSep "," [
"async" "ro" "no_subtree_check" "no_root_squash" "fsid=0"
];
in ''
/mnt/cephfs/c3d2/hosts/rpi-nfsroot ${
lib.concatMapStringsSep " " (subnet:
"${subnet}(${opts})"
) allowed
}
'';
createMountPoints = true;
};
networking.firewall.enable = false;

62
modules/rpi-netboot.nix Normal file
View File

@ -0,0 +1,62 @@
{ hostRegistry, pkgs, lib, ... }:
{
boot = {
loader.raspberryPi = {
enable = true;
version = 4;
};
kernelPackages = pkgs.linuxPackages_rpi4;
kernelParams = [
"verbose" "shell_on_fail"
"elevator=deadline"
];
initrd = {
network = {
enable = true;
flushBeforeStage2 = false;
};
supportedFilesystems = lib.mkForce [
"nfs"
];
# TODO: still needed?
extraUtilsCommands = ''
cp -v ${pkgs.klibc}/lib/klibc/bin.static/nfsmount $out/bin
cp -v ${pkgs.glibc}/lib/libresolv.so.* $out/lib
'';
};
tmpOnTmpfs = true;
};
fileSystems."/" = {
fsType = "tmpfs";
options = [ "mode=0755" ];
};
fileSystems."/etc" = {
fsType = "tmpfs";
options = [ "mode=0755" ];
};
fileSystems."/var" = {
fsType = "tmpfs";
options = [ "mode=0755" ];
};
fileSystems."/nix/store" = {
device = "${hostRegistry.hosts.nix-build.ip4}:/nix/store";
fsType = "nfs";
options = [ "nfsvers=3" "proto=tcp" "nolock" "hard" "async" "ro" ];
neededForBoot = true;
};
environment.systemPackages = with pkgs; [
libraspberrypi
raspberrypi-eeprom
];
systemd = {
# r/o /nix/store
services.nix-daemon.enable = false;
sockets.nix-daemon.enable = false;
};
services.journald.extraConfig = ''
Storage=volatile
'';
}