From 6c38f4e4f16925c8ed49f9bc27bd2396147ab39f Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Thu, 17 Mar 2022 00:24:23 +0100
Subject: [PATCH] dacbert: mount / via nfs

to store ssh host key :)
---
 hosts/containers/nix-build/rpi-netboot.nix | 19 +++++++++++++++----
 hosts/dacbert/default.nix                  |  5 +++++
 hosts/rpi-netboot/default.nix              | 14 ++++++++++++++
 modules/rpi-netboot.nix                    | 12 ------------
 4 files changed, 34 insertions(+), 16 deletions(-)

diff --git a/hosts/containers/nix-build/rpi-netboot.nix b/hosts/containers/nix-build/rpi-netboot.nix
index 5dca37bd..17c565f8 100644
--- a/hosts/containers/nix-build/rpi-netboot.nix
+++ b/hosts/containers/nix-build/rpi-netboot.nix
@@ -33,15 +33,26 @@ in
           "2a00:8180:2c00:200::/56"
           "fd23:42:c3d2:500::/56"
         ];
-        opts = lib.concatStringsSep "," [
-          "async" "ro" "no_subtree_check" "no_root_squash" "fsid=0"
-        ];
+        opts = o: fsid:
+          lib.concatStringsSep "," [
+            o "async"
+            "no_subtree_check" "no_root_squash"
+            "fsid=${toString fsid}"
+          ];
       in ''
         /nix/store ${
           lib.concatMapStringsSep " " (subnet:
-            "${subnet}(${opts})"
+            "${subnet}(${opts "ro" 0})"
+          ) allowed
+        }
+        /var/lib/nfsroot/dacbert ${
+          lib.concatMapStringsSep " " (subnet:
+            "${subnet}(${opts "rw" 1})"
           ) allowed
         }
     '';
   };
+  systemd.tmpfiles.rules = [
+    "d /var/lib/nfsroot/dacbert 0755 root root - -"
+  ];
 }
diff --git a/hosts/dacbert/default.nix b/hosts/dacbert/default.nix
index 080e4604..be56c86e 100644
--- a/hosts/dacbert/default.nix
+++ b/hosts/dacbert/default.nix
@@ -39,6 +39,11 @@
   hardware.raspberry-pi."4" = {
     fkms-3d.enable = true;
   };
+  fileSystems."/" = {
+    device = "${hostRegistry.hosts.nix-build.ip4}:/var/lib/nfsroot/dacbert";
+    fsType = "nfs";
+    options = [ "nfsvers=3" "proto=tcp" "nolock" "hard" "async" "rw" ];
+  };
 
   c3d2 = {
     isInHq = true;
diff --git a/hosts/rpi-netboot/default.nix b/hosts/rpi-netboot/default.nix
index 5d925b95..e01cd908 100644
--- a/hosts/rpi-netboot/default.nix
+++ b/hosts/rpi-netboot/default.nix
@@ -65,6 +65,20 @@
     firewall.enable = false;
   };
 
+  # volatile system: everything is tmpfs
+  fileSystems."/" = {
+    fsType = "tmpfs";
+    options = [ "mode=0755" ];
+  };
+  fileSystems."/etc" = {
+    fsType = "tmpfs";
+    options = [ "mode=0755" ];
+  };
+  fileSystems."/var" = {
+    fsType = "tmpfs";
+    options = [ "mode=0755" ];
+  };
+
   environment.systemPackages = with pkgs; [
     libraspberrypi
     raspberrypi-eeprom
diff --git a/modules/rpi-netboot.nix b/modules/rpi-netboot.nix
index 8d2dc7b7..a8e32485 100644
--- a/modules/rpi-netboot.nix
+++ b/modules/rpi-netboot.nix
@@ -33,18 +33,6 @@
     tmpOnTmpfs = true;
   };
 
-  fileSystems."/" = {
-    fsType = "tmpfs";
-    options = [ "mode=0755" ];
-  };
-  fileSystems."/etc" = {
-    fsType = "tmpfs";
-    options = [ "mode=0755" ];
-  };
-  fileSystems."/var" = {
-    fsType = "tmpfs";
-    options = [ "mode=0755" ];
-  };
   fileSystems."/nix/store" = {
     device = "${hostRegistry.hosts.nix-build.ip4}:/nix/store";
     fsType = "nfs";