From b7bc64e2df67fd355f7227bc7a2b2bc9e97dc6fe Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Mon, 22 Aug 2022 22:14:16 +0200
Subject: [PATCH] nfsroot: provide netbootxyz from this host

---
 flake.nix                 |  3 ++-
 hosts/nfsroot/default.nix | 38 +-----------------------------
 hosts/nfsroot/nfs.nix     | 47 +++++++++++++++++++++++++++++++++++++
 hosts/nfsroot/tftp.nix    | 49 ++++++++++++++++++---------------------
 4 files changed, 72 insertions(+), 65 deletions(-)
 create mode 100644 hosts/nfsroot/nfs.nix

diff --git a/flake.nix b/flake.nix
index 017d6f47..916582d8 100644
--- a/flake.nix
+++ b/flake.nix
@@ -743,7 +743,8 @@
               _module.args.tftproots = nixos.lib.filterAttrs (name: _:
                 builtins.match ".+-tftproot" name != null
               ) self.packages.x86_64-linux;
-            }          ];
+            }
+          ];
         };
 
         riscbert = nixosSystem' {
diff --git a/hosts/nfsroot/default.nix b/hosts/nfsroot/default.nix
index cafa017b..447b6056 100644
--- a/hosts/nfsroot/default.nix
+++ b/hosts/nfsroot/default.nix
@@ -10,6 +10,7 @@ let
 in {
   imports = [
     ./tftp.nix
+    ./nfs.nix
   ];
 
   microvm = {
@@ -38,41 +39,4 @@ in {
   };
 
   system.stateVersion = "22.05";
-
-
-  services.nfs.server = {
-    enable = true;
-    exports =
-      let
-        allowed = [
-          "172.22.99.0/24"
-          "172.20.72.0/21"
-          "30c:c3d2:b946:76d0::/64"
-          "2a00:8180:2c00:200::/56"
-          "fd23:42:c3d2:500::/56"
-        ];
-        opts = o: fsid:
-          lib.concatStringsSep "," [
-            o "async"
-            "no_subtree_check" "no_root_squash"
-            "fsid=${toString fsid}"
-          ];
-      in ''
-        /var/lib/nfsroot/dacbert ${
-          lib.concatMapStringsSep " " (subnet:
-            "${subnet}(${opts "rw" 1})"
-          ) allowed
-        }
-        /var/lib/nfsroot/riscbert ${
-          lib.concatMapStringsSep " " (subnet:
-            "${subnet}(${opts "rw" 2})"
-          ) allowed
-        }
-        /var/lib/dump-dvb/whoopsie ${
-          lib.concatMapStringsSep " " (subnet:
-            "${subnet}(${opts "rw" 3})"
-          ) allowed
-        }
-    '';
-  };
 }
diff --git a/hosts/nfsroot/nfs.nix b/hosts/nfsroot/nfs.nix
new file mode 100644
index 00000000..d24cf9b0
--- /dev/null
+++ b/hosts/nfsroot/nfs.nix
@@ -0,0 +1,47 @@
+{ lib, ... }:
+{
+  # share /nix/store via NFS read-only
+  services.nfs.server = {
+    enable = true;
+    exports =
+      let
+        allowed = [
+          "172.22.99.0/24"
+          "172.20.72.0/21"
+          "30c:c3d2:b946:76d0::/64"
+          "2a00:8180:2c00:200::/56"
+          "fd23:42:c3d2:500::/56"
+        ];
+        opts = o: fsid:
+          lib.concatStringsSep "," [
+            o "async"
+            "no_subtree_check" "no_root_squash"
+            "fsid=${toString fsid}"
+          ];
+      in ''
+        # ro-store for netbooting Pi4
+        /nix/store ${
+          lib.concatMapStringsSep " " (subnet:
+            "${subnet}(${opts "ro" 0})"
+          ) allowed
+        }
+        # rootfs for 100% nfsroot
+        /var/lib/nfsroot/dacbert ${
+          lib.concatMapStringsSep " " (subnet:
+            "${subnet}(${opts "rw" 1})"
+          ) allowed
+        }
+        /var/lib/nfsroot/riscbert ${
+          lib.concatMapStringsSep " " (subnet:
+            "${subnet}(${opts "rw" 2})"
+          ) allowed
+        }
+        # shared space for dump-dvb project
+        /var/lib/dump-dvb/whoopsie ${
+          lib.concatMapStringsSep " " (subnet:
+            "${subnet}(${opts "rw" 3})"
+          ) allowed
+        }
+    '';
+  };
+}
diff --git a/hosts/nfsroot/tftp.nix b/hosts/nfsroot/tftp.nix
index d6051145..c70003d7 100644
--- a/hosts/nfsroot/tftp.nix
+++ b/hosts/nfsroot/tftp.nix
@@ -1,11 +1,32 @@
 { tftproots, hostRegistry, lib, pkgs, ... }:
 let
+  netbootxyzVersion = "2.0.60";
+  netbootxyz_efi = pkgs.fetchurl {
+    url = "https://github.com/netbootxyz/netboot.xyz/releases/download/${netbootxyzVersion}/netboot.xyz.efi";
+    sha256 = "1k9i81iw6lhs1h8qy8yapasqcl31yxl2jxn52ls5anvm477650qk";
+  };
+  netbootxyz_kpxe = pkgs.fetchurl {
+    url = "https://github.com/netbootxyz/netboot.xyz/releases/download/${netbootxyzVersion}/netboot.xyz.kpxe";
+    sha256 = "1jr8qwkkj3ccvhdw98fakj07md0nkswy2mlg1rdhcnqzhas7qbj3";
+  };
   tftpRoot = pkgs.runCommand "tftproot" {} ''
     mkdir $out
 
+    # PXE for PC
+    ln -s ${netbootxyz_efi} $out/netboot.xyz.efi
+    ln -s ${netbootxyz_kpxe} $out/netboot.xyz.kpxe
+
+    # generic boot files for pis
     cp -sr ${tftproots.rpi-netboot-tftproot}/* $out/
+
+    # dacbert
+    ln -s /var/lib/nfsroot/dacbert/boot $out/${hostRegistry.hosts.dacbert.serial}
+
+    # boot files for specific pis by serial number subdirectories
     ${lib.concatMapStrings (host: ''
-      ln -s /var/lib/nfsroot/dacbert/boot $out/${hostRegistry.hosts.${host}.serial}
+      if ! [ -L $out/${hostRegistry.hosts.${host}.serial} ]; then
+        ln -s ${tftproots."${host}-tftproot"} $out/${hostRegistry.hosts.${host}.serial}
+      fi
     '') (
       builtins.attrNames (
         lib.filterAttrs (_: { serial ? null, ... }: serial != null)
@@ -22,30 +43,4 @@ in
     enable = true;
     root = tftpRoot;
   };
-  # share /nix/store via NFS read-only
-  services.nfs.server = {
-    enable = true;
-    exports =
-      let
-        allowed = [
-          "172.22.99.0/24"
-          "172.20.72.0/21"
-          "30c:c3d2:b946:76d0::/64"
-          "2a00:8180:2c00:200::/56"
-          "fd23:42:c3d2:500::/56"
-        ];
-        opts = o: fsid:
-          lib.concatStringsSep "," [
-            o "async"
-            "no_subtree_check" "no_root_squash"
-            "fsid=${toString fsid}"
-          ];
-      in ''
-        /nix/store ${
-          lib.concatMapStringsSep " " (subnet:
-            "${subnet}(${opts "ro" 0})"
-          ) allowed
-        }
-    '';
-  };
 }