dacbert: mount / via nfs

to store ssh host key :)
2022-03-17 00:24:23 +01:00 · 2022-03-17 00:24:23 +01:00 · 6c38f4e4f1
parent e8f1f0f404
commit 6c38f4e4f1
4 changed files with 34 additions and 16 deletions
--- a/hosts/containers/nix-build/rpi-netboot.nix
+++ b/hosts/containers/nix-build/rpi-netboot.nix
@ -33,15 +33,26 @@ in
          "2a00:8180:2c00:200::/56"
          "fd23:42:c3d2:500::/56"
        ];
-        opts = lib.concatStringsSep "," [
-          "async" "ro" "no_subtree_check" "no_root_squash" "fsid=0"
-        ];
+        opts = o: fsid:
+          lib.concatStringsSep "," [
+            o "async"
+            "no_subtree_check" "no_root_squash"
+            "fsid=${toString fsid}"
+          ];
      in ''
        /nix/store ${
          lib.concatMapStringsSep " " (subnet:
-            "${subnet}(${opts})"
+            "${subnet}(${opts "ro" 0})"
+          ) allowed
+        }
+        /var/lib/nfsroot/dacbert ${
+          lib.concatMapStringsSep " " (subnet:
+            "${subnet}(${opts "rw" 1})"
          ) allowed
        }
    '';
  };
+  systemd.tmpfiles.rules = [
+    "d /var/lib/nfsroot/dacbert 0755 root root - -"
+  ];
 }
--- a/hosts/dacbert/default.nix
+++ b/hosts/dacbert/default.nix
@ -39,6 +39,11 @@
  hardware.raspberry-pi."4" = {
    fkms-3d.enable = true;
  };
+  fileSystems."/" = {
+    device = "${hostRegistry.hosts.nix-build.ip4}:/var/lib/nfsroot/dacbert";
+    fsType = "nfs";
+    options = [ "nfsvers=3" "proto=tcp" "nolock" "hard" "async" "rw" ];
+  };

  c3d2 = {
    isInHq = true;
--- a/hosts/rpi-netboot/default.nix
+++ b/hosts/rpi-netboot/default.nix
@ -65,6 +65,20 @@
    firewall.enable = false;
  };

+  # volatile system: everything is tmpfs
+  fileSystems."/" = {
+    fsType = "tmpfs";
+    options = [ "mode=0755" ];
+  };
+  fileSystems."/etc" = {
+    fsType = "tmpfs";
+    options = [ "mode=0755" ];
+  };
+  fileSystems."/var" = {
+    fsType = "tmpfs";
+    options = [ "mode=0755" ];
+  };
+
  environment.systemPackages = with pkgs; [
    libraspberrypi
    raspberrypi-eeprom
--- a/modules/rpi-netboot.nix
+++ b/modules/rpi-netboot.nix
@ -33,18 +33,6 @@
    tmpOnTmpfs = true;
  };

-  fileSystems."/" = {
-    fsType = "tmpfs";
-    options = [ "mode=0755" ];
-  };
-  fileSystems."/etc" = {
-    fsType = "tmpfs";
-    options = [ "mode=0755" ];
-  };
-  fileSystems."/var" = {
-    fsType = "tmpfs";
-    options = [ "mode=0755" ];
-  };
  fileSystems."/nix/store" = {
    device = "${hostRegistry.hosts.nix-build.ip4}:/nix/store";
    fsType = "nfs";