diff --git a/flake.nix b/flake.nix index 3ea6a956..7a320558 100644 --- a/flake.nix +++ b/flake.nix @@ -144,8 +144,6 @@ } ''; - rpi-netboot-tarball = self.nixosConfigurations.rpi-netboot.config.system.build.tarball; - } // builtins.foldl' (result: host: result // { @@ -206,6 +204,20 @@ .overrideAttrs (oa: { meta.mainProgram = "run-${host}-vm"; }); + } // + nixpkgs.lib.optionalAttrs config.boot.loader.raspberryPi.enable { + "${host}-boot" = pkgs.runCommand "tftproot" {} '' + mkdir -p $out + cp -rs ${pkgs.raspberrypifw}/share/raspberrypi/boot/* $out/ + rm -f $out/kernel.img $out/initrd.img + ln -s ${config.system.build.kernel}/Image $out/kernel.img + ln -s ${config.system.build.initialRamdisk}/initrd $out/initrd.img + cat << EOF > $out/config.txt + kernel kernel.img + initramfs initrd.img followkernel + EOF + echo "dwc_otg.lpm_enable=0 console=ttyAMA0,115200 kgdboc=ttyAMA0,115200 console=tty1 verbose init=${config.system.build.toplevel}/init" > $out/cmdline.txt + ''; } ) {} (builtins.attrNames self.nixosConfigurations) ) self.legacyPackages; @@ -317,6 +329,7 @@ extraArgs = { inherit nixpkgs; }; modules = [ nixos-hardware.nixosModules.raspberry-pi-4 + self.nixosModules.rpi-netboot ./hosts/rpi-netboot ]; system = "aarch64-linux"; @@ -525,6 +538,7 @@ imports = [ ./modules/plume.nix ]; nixpkgs.overlays = [ fenix.overlay naersk.overlay ]; }; + rpi-netboot = ./modules/rpi-netboot.nix; }; hydraJobs = forAllSystems (system: diff --git a/hosts/containers/nix-build/default.nix b/hosts/containers/nix-build/default.nix index 744e9d24..fc049af3 100644 --- a/hosts/containers/nix-build/default.nix +++ b/hosts/containers/nix-build/default.nix @@ -1,6 +1,10 @@ { hostRegistry, zentralwerk, config, pkgs, lib, ... }: - { + imports = [ + ./hardware-configuration.nix + ./rpi-netboot.nix + ]; + networking.hostName = "nix-build"; # Define your hostname. networking.useDHCP = false; networking.interfaces.enp6s18 = { @@ -11,13 +15,9 @@ useDHCP = false; }; networking.defaultGateway = "172.20.73.1"; - networking.firewall.allowedTCPPorts = [ 22 ]; + networking.firewall.enable = false; networking.nameservers = [ "172.20.73.8" "9.9.9.9" ]; - imports = [ - ./hardware-configuration.nix - ]; - boot = { loader = { systemd-boot.enable = true; diff --git a/hosts/containers/nix-build/rpi-netboot.nix b/hosts/containers/nix-build/rpi-netboot.nix new file mode 100644 index 00000000..ee3fbfcc --- /dev/null +++ b/hosts/containers/nix-build/rpi-netboot.nix @@ -0,0 +1,36 @@ +{ lib, ... }: +let + tftpRoot = "/var/lib/tftproot"; +in +{ + networking.firewall.enable = false; + + # raspberrypi boot + services.atftpd = { + enable = true; + root = tftpRoot; + }; + # share /nix/store via NFS read-only + services.nfs.server = { + enable = true; + exports = + let + allowed = [ + "172.22.99.0/24" + "172.20.72.0/21" + "30c:c3d2:b946:76d0::/64" + "2a00:8180:2c00:200::/56" + "fd23:42:c3d2:500::/56" + ]; + opts = lib.concatStringsSep "," [ + "async" "ro" "no_subtree_check" "no_root_squash" "fsid=0" + ]; + in '' + /nix/store ${ + lib.concatMapStringsSep " " (subnet: + "${subnet}(${opts})" + ) allowed + } + ''; + }; +} diff --git a/hosts/rpi-netboot/default.nix b/hosts/rpi-netboot/default.nix index e4d38571..5d925b95 100644 --- a/hosts/rpi-netboot/default.nix +++ b/hosts/rpi-netboot/default.nix @@ -39,30 +39,6 @@ # prevent kernel install fail due to missing modules pkgs.makeModulesClosure (x // { allowMissing = true; }); }; - boot = { - # HACK - isContainer = true; - loader.initScript.enable = true; - tmpOnTmpfs = true; - postBootCommands = '' - # nixos-rebuild also requires a "system" profile and an - # /etc/NIXOS tag. - touch /etc/NIXOS - ${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system - ''; - }; - fileSystems."/" = { - fsType = "tmpfs"; - options = [ "mode=0755" ]; - }; - fileSystems."/etc" = { - fsType = "tmpfs"; - options = [ "mode=0755" ]; - }; - fileSystems."/var" = { - fsType = "tmpfs"; - options = [ "mode=0755" ]; - }; hardware.raspberry-pi."4" = { # fkms-3d.enable = true; }; diff --git a/hosts/storage-ng/default.nix b/hosts/storage-ng/default.nix index e4651678..5cd7af7a 100644 --- a/hosts/storage-ng/default.nix +++ b/hosts/storage-ng/default.nix @@ -110,29 +110,6 @@ in }; }; }; - services.nfs.server = { - enable = true; - exports = - let - allowed = [ - "172.22.99.0/24" - "172.20.72.0/21" - "30c:c3d2:b946:76d0::/64" - "2a00:8180:2c00:200::/56" - "fd23:42:c3d2:500::/56" - ]; - opts = lib.concatStringsSep "," [ - "async" "ro" "no_subtree_check" "no_root_squash" "fsid=0" - ]; - in '' - /mnt/cephfs/c3d2/hosts/rpi-nfsroot ${ - lib.concatMapStringsSep " " (subnet: - "${subnet}(${opts})" - ) allowed - } - ''; - createMountPoints = true; - }; networking.firewall.enable = false; diff --git a/modules/rpi-netboot.nix b/modules/rpi-netboot.nix new file mode 100644 index 00000000..ab45e57b --- /dev/null +++ b/modules/rpi-netboot.nix @@ -0,0 +1,62 @@ +{ hostRegistry, pkgs, lib, ... }: +{ + boot = { + loader.raspberryPi = { + enable = true; + version = 4; + }; + kernelPackages = pkgs.linuxPackages_rpi4; + kernelParams = [ + "verbose" "shell_on_fail" + "elevator=deadline" + ]; + initrd = { + network = { + enable = true; + flushBeforeStage2 = false; + }; + supportedFilesystems = lib.mkForce [ + "nfs" + ]; + # TODO: still needed? + extraUtilsCommands = '' + cp -v ${pkgs.klibc}/lib/klibc/bin.static/nfsmount $out/bin + cp -v ${pkgs.glibc}/lib/libresolv.so.* $out/lib + ''; + }; + + tmpOnTmpfs = true; + }; + + fileSystems."/" = { + fsType = "tmpfs"; + options = [ "mode=0755" ]; + }; + fileSystems."/etc" = { + fsType = "tmpfs"; + options = [ "mode=0755" ]; + }; + fileSystems."/var" = { + fsType = "tmpfs"; + options = [ "mode=0755" ]; + }; + fileSystems."/nix/store" = { + device = "${hostRegistry.hosts.nix-build.ip4}:/nix/store"; + fsType = "nfs"; + options = [ "nfsvers=3" "proto=tcp" "nolock" "hard" "async" "ro" ]; + neededForBoot = true; + }; + + environment.systemPackages = with pkgs; [ + libraspberrypi + raspberrypi-eeprom + ]; + systemd = { + # r/o /nix/store + services.nix-daemon.enable = false; + sockets.nix-daemon.enable = false; + }; + services.journald.extraConfig = '' + Storage=volatile + ''; +}