nfsroot: provide netbootxyz from this host

2022-08-22 22:14:16 +02:00 · 2022-08-22 22:14:16 +02:00 · b7bc64e2df
parent 0cc1ab2312
commit b7bc64e2df
4 changed files with 72 additions and 65 deletions
--- a/flake.nix
+++ b/flake.nix
@ -743,7 +743,8 @@
              _module.args.tftproots = nixos.lib.filterAttrs (name: _:
                builtins.match ".+-tftproot" name != null
              ) self.packages.x86_64-linux;
-            }          ];
+            }
+          ];
        };

        riscbert = nixosSystem' {
--- a/hosts/nfsroot/default.nix
+++ b/hosts/nfsroot/default.nix
@ -10,6 +10,7 @@ let
 in {
  imports = [
    ./tftp.nix
+    ./nfs.nix
  ];

  microvm = {
@ -38,41 +39,4 @@ in {
  };

  system.stateVersion = "22.05";
-
-
-  services.nfs.server = {
-    enable = true;
-    exports =
-      let
-        allowed = [
-          "172.22.99.0/24"
-          "172.20.72.0/21"
-          "30c:c3d2:b946:76d0::/64"
-          "2a00:8180:2c00:200::/56"
-          "fd23:42:c3d2:500::/56"
-        ];
-        opts = o: fsid:
-          lib.concatStringsSep "," [
-            o "async"
-            "no_subtree_check" "no_root_squash"
-            "fsid=${toString fsid}"
-          ];
-      in ''
-        /var/lib/nfsroot/dacbert ${
-          lib.concatMapStringsSep " " (subnet:
-            "${subnet}(${opts "rw" 1})"
-          ) allowed
-        }
-        /var/lib/nfsroot/riscbert ${
-          lib.concatMapStringsSep " " (subnet:
-            "${subnet}(${opts "rw" 2})"
-          ) allowed
-        }
-        /var/lib/dump-dvb/whoopsie ${
-          lib.concatMapStringsSep " " (subnet:
-            "${subnet}(${opts "rw" 3})"
-          ) allowed
-        }
-    '';
-  };
 }
--- a/hosts/nfsroot/nfs.nix
+++ b/hosts/nfsroot/nfs.nix
@ -0,0 +1,47 @@
+{ lib, ... }:
+{
+  # share /nix/store via NFS read-only
+  services.nfs.server = {
+    enable = true;
+    exports =
+      let
+        allowed = [
+          "172.22.99.0/24"
+          "172.20.72.0/21"
+          "30c:c3d2:b946:76d0::/64"
+          "2a00:8180:2c00:200::/56"
+          "fd23:42:c3d2:500::/56"
+        ];
+        opts = o: fsid:
+          lib.concatStringsSep "," [
+            o "async"
+            "no_subtree_check" "no_root_squash"
+            "fsid=${toString fsid}"
+          ];
+      in ''
+        # ro-store for netbooting Pi4
+        /nix/store ${
+          lib.concatMapStringsSep " " (subnet:
+            "${subnet}(${opts "ro" 0})"
+          ) allowed
+        }
+        # rootfs for 100% nfsroot
+        /var/lib/nfsroot/dacbert ${
+          lib.concatMapStringsSep " " (subnet:
+            "${subnet}(${opts "rw" 1})"
+          ) allowed
+        }
+        /var/lib/nfsroot/riscbert ${
+          lib.concatMapStringsSep " " (subnet:
+            "${subnet}(${opts "rw" 2})"
+          ) allowed
+        }
+        # shared space for dump-dvb project
+        /var/lib/dump-dvb/whoopsie ${
+          lib.concatMapStringsSep " " (subnet:
+            "${subnet}(${opts "rw" 3})"
+          ) allowed
+        }
+    '';
+  };
+}
--- a/hosts/nfsroot/tftp.nix
+++ b/hosts/nfsroot/tftp.nix
@ -1,11 +1,32 @@
 { tftproots, hostRegistry, lib, pkgs, ... }:
 let
+  netbootxyzVersion = "2.0.60";
+  netbootxyz_efi = pkgs.fetchurl {
+    url = "https://github.com/netbootxyz/netboot.xyz/releases/download/${netbootxyzVersion}/netboot.xyz.efi";
+    sha256 = "1k9i81iw6lhs1h8qy8yapasqcl31yxl2jxn52ls5anvm477650qk";
+  };
+  netbootxyz_kpxe = pkgs.fetchurl {
+    url = "https://github.com/netbootxyz/netboot.xyz/releases/download/${netbootxyzVersion}/netboot.xyz.kpxe";
+    sha256 = "1jr8qwkkj3ccvhdw98fakj07md0nkswy2mlg1rdhcnqzhas7qbj3";
+  };
  tftpRoot = pkgs.runCommand "tftproot" {} ''
    mkdir $out

+    # PXE for PC
+    ln -s ${netbootxyz_efi} $out/netboot.xyz.efi
+    ln -s ${netbootxyz_kpxe} $out/netboot.xyz.kpxe
+
+    # generic boot files for pis
    cp -sr ${tftproots.rpi-netboot-tftproot}/* $out/
+
+    # dacbert
+    ln -s /var/lib/nfsroot/dacbert/boot $out/${hostRegistry.hosts.dacbert.serial}
+
+    # boot files for specific pis by serial number subdirectories
    ${lib.concatMapStrings (host: ''
-      ln -s /var/lib/nfsroot/dacbert/boot $out/${hostRegistry.hosts.${host}.serial}
+      if ! [ -L $out/${hostRegistry.hosts.${host}.serial} ]; then
+        ln -s ${tftproots."${host}-tftproot"} $out/${hostRegistry.hosts.${host}.serial}
+      fi
    '') (
      builtins.attrNames (
        lib.filterAttrs (_: { serial ? null, ... }: serial != null)
@ -22,30 +43,4 @@ in
    enable = true;
    root = tftpRoot;
  };
-  # share /nix/store via NFS read-only
-  services.nfs.server = {
-    enable = true;
-    exports =
-      let
-        allowed = [
-          "172.22.99.0/24"
-          "172.20.72.0/21"
-          "30c:c3d2:b946:76d0::/64"
-          "2a00:8180:2c00:200::/56"
-          "fd23:42:c3d2:500::/56"
-        ];
-        opts = o: fsid:
-          lib.concatStringsSep "," [
-            o "async"
-            "no_subtree_check" "no_root_squash"
-            "fsid=${toString fsid}"
-          ];
-      in ''
-        /nix/store ${
-          lib.concatMapStringsSep " " (subnet:
-            "${subnet}(${opts "ro" 0})"
-          ) allowed
-        }
-    '';
-  };
 }