rpi-netboot: prepare

flake.nix

@@ -144,6 +144,8 @@
             }
           '';
 
+          rpi-netboot-tarball = self.nixosConfigurations.rpi-netboot.config.system.build.tarball;
+
         } //
 
         builtins.foldl' (result: host: result // {
@@ -311,6 +313,15 @@
           system = "aarch64-linux";
         };
 
+        rpi-netboot = nixosSystem' {
+          extraArgs = { inherit nixpkgs; };
+          modules = [
+            nixos-hardware.nixosModules.raspberry-pi-4
+            ./hosts/rpi-netboot
+          ];
+          system = "aarch64-linux";
+        };
+
         matemat = nixosSystem' {
           modules = [
             ./config/lxc-container.nix

host-registry.nix

@@ -122,4 +122,5 @@
   storage-ng.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMeg5ojU7U8+Lx824y+brazVJ007mEJDM7C7aUruOWGP";
 
   schalter.ip4 = "schalter.hq.c3d2.de";
+  rpi = {};
 }

hosts/rpi-netboot/default.nix

@@ -0,0 +1,165 @@
+{ nixpkgs, config, lib, pkgs, modulesPath, ... }:
+
+{
+  system.build.tarball = pkgs.callPackage (nixpkgs + "/nixos/lib/make-system-tarball.nix") {
+    extraArgs = "--owner=0";
+    compressCommand = "cat";
+    compressionExtension = "";
+
+    storeContents = [
+      {
+        object = config.system.build.toplevel;
+        symlink = "none";
+      }
+    ];
+
+    contents = [
+      {
+        source = config.system.build.toplevel + "/init";
+        target = "/sbin/init";
+      }
+    ];
+
+    extraCommands = "mkdir -p proc sys dev";
+  };
+
+  boot.initrd.kernelModules = [ ];
+  boot.initrd.includeDefaultModules = false;
+  boot.initrd.availableKernelModules = lib.mkForce [ "usbhid" ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  swapDevices = [ ];
+
+  hardware.enableRedistributableFirmware = true;
+  powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
+
+  nixpkgs.config.packageOverrides = pkgs: {
+    makeModulesClosure = x:
+      # prevent kernel install fail due to missing modules
+      pkgs.makeModulesClosure (x // { allowMissing = true; });
+  };
+  boot = {
+    # HACK
+    isContainer = true;
+    loader.initScript.enable = true;
+    tmpOnTmpfs = true;
+    postBootCommands = ''
+      # nixos-rebuild also requires a "system" profile and an
+      # /etc/NIXOS tag.
+      touch /etc/NIXOS
+      ${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
+    '';
+  };
+  fileSystems."/" = {
+    fsType = "tmpfs";
+    options = [ "mode=0755" ];
+  };
+  fileSystems."/etc" = {
+    fsType = "tmpfs";
+    options = [ "mode=0755" ];
+  };
+  fileSystems."/var" = {
+    fsType = "tmpfs";
+    options = [ "mode=0755" ];
+  };
+  hardware.raspberry-pi."4" = {
+    # fkms-3d.enable = true;
+  };
+
+  c3d2 = {
+    isInHq = true;
+    mergeHostsFile = true;
+    hq.interface = "eth0";
+    hq.statistics.enable = false;
+    audioServer.enable = true;
+    k-ot.enable = true;
+    autoUpdate = false;
+  };
+
+  nix = {
+    buildCores = 4;
+    maxJobs = 2;
+  };
+
+  networking = {
+    hostName = "rpi"; # Define your hostname.
+    useDHCP = false;
+    interfaces.eth0.useDHCP = true;
+    firewall.enable = false;
+  };
+
+  environment.systemPackages = with pkgs; [
+    libraspberrypi
+    raspberrypi-eeprom
+    vim
+    wget
+    # mpv
+    # youtube-dl
+    # ncpamixer
+    # pulseaudio # required for pactl
+    # #chromium
+    # # firefox
+    # pavucontrol
+  ];
+
+  # programs.tmux.enable = true;
+
+  # Do not log to flash:
+  services.journald.extraConfig = ''
+    Storage=volatile
+  '';
+
+  # Enable the OpenSSH daemon.
+  services.openssh = {
+    enable = true;
+  };
+  security.sudo = {
+    enable = true;
+    wheelNeedsPassword = false;
+  };
+
+  # Select internationalisation properties.
+  console = {
+    font = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";
+    keyMap = "de";
+  };
+
+  # # Enable the X11 windowing system.
+  # services.xserver.enable = true;
+  # services.xserver.layout = "de";
+  # services.xserver.xkbOptions = "eurosign:e";
+
+  # services.xserver.displayManager = {
+  #   lightdm = { enable = true; };
+  #   autoLogin = {
+  #     enable = true;
+  #     user = "k-ot";
+  #   };
+  #   defaultSession = "gnome-xorg";
+  # };
+  # services.xserver.desktopManager = {
+  #   gnome.enable = true;
+  #   # kodi.enable = true;
+  # };
+  # systemd.user.services.x11vnc = {
+  #   description = "X11 VNC server";
+  #   wantedBy = [ "graphical-session.target" ];
+  #   partOf = [ "graphical-session.target" ];
+  #   serviceConfig = {
+  #     ExecStart = ''
+  #       ${pkgs.x11vnc}/bin/x11vnc -shared -forever -passwd k-ot
+  #     '';
+  #     RestartSec = 3;
+  #     Restart = "always";
+  #   };
+  # };
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "21.11"; # Did you read the comment?
+}

hosts/storage-ng/default.nix

@@ -110,6 +110,29 @@ in
       };
     };
   };
+  services.nfs.server = {
+    enable = true;
+    exports =
+      let
+        allowed = [
+          "172.22.99.0/24"
+          "172.20.72.0/21"
+          "30c:c3d2:b946:76d0::/64"
+          "2a00:8180:2c00:200::/56"
+          "fd23:42:c3d2:500::/56"
+        ];
+        opts = lib.concatStringsSep "," [
+          "async" "ro" "no_subtree_check" "no_root_squash" "fsid=0"
+        ];
+      in ''
+        /mnt/cephfs/c3d2/hosts/rpi-nfsroot ${
+          lib.concatMapStringsSep " " (subnet:
+            "${subnet}(${opts})"
+          ) allowed
+        }
+    '';
+    createMountPoints = true;
+  };
 
   networking.firewall.enable = false;