nix-config/modules/rpi-netboot.nix

{ hostRegistry, config, pkgs, lib, ... }:
{
  boot = {
    loader.raspberryPi = {
      enable = true;
      version = 4;
      firmwareConfig = lib.mkDefault ''
        gpu_mem=256
        dtparam=audio=on
        # disable uart, enable bluetooth
        enable_uart=0
      '';
    };
    # linuxPackages_latest doesn't boot
    # FIXME: needs u-boot or .dtb?
    kernelPackages = pkgs.linuxPackages_latest;
    kernelParams = [
      "verbose" "shell_on_fail"
      "elevator=deadline"
    ];
    initrd = {
      network = {
        enable = true;
        flushBeforeStage2 = false;
      };
      supportedFilesystems = lib.mkForce [
        "nfs"
      ];
      includeDefaultModules = false;
      availableKernelModules = [
        "genet"
        "usbhid"
      ];
    };

    tmpOnTmpfs = true;
  };

  fileSystems."/nix/store" = {
    device = "${hostRegistry.hosts.nix-build.ip4}:/nix/store";
    fsType = "nfs";
    options = [ "nfsvers=3" "proto=tcp" "nolock" "hard" "async" "ro" ];
    neededForBoot = true;
  };

  hardware.deviceTree.enable = true;

  environment.systemPackages = with pkgs; [
    libraspberrypi
    raspberrypi-eeprom
  ];
  systemd = {
    # r/o /nix/store
    services.nix-daemon.enable = false;
    sockets.nix-daemon.enable = false;
    services.nix-gc.enable = false;
  };
  nix.gc.automatic = lib.mkForce false;
  services.journald.extraConfig = ''
    Storage=volatile
  '';

  system.build.tftproot = pkgs.runCommand "tftproot-${config.networking.hostName}" {} ''
    mkdir -p $out

    cp -rs ${pkgs.raspberrypifw}/share/raspberrypi/boot/* $out/
    ln -sf ${config.system.build.kernel}/Image $out/kernel8.img
    ln -sf ${config.system.build.initialRamdisk}/initrd $out/initrd.img

    chmod u+w $out/overlays
    rm -fr $out/*.dtb $out/overlays
    for f in $(find ${config.hardware.deviceTree.package}/ -name \*.dtb) ; do
      ln -s $f $out/
    done

    cat << EOF > $out/config.txt
    kernel=kernel8.img
    initramfs initrd.img followkernel
    arm_64bit=1
    ${toString config.boot.loader.raspberryPi.firmwareConfig}
    EOF

    echo "dwc_otg.lpm_enable=0 init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}" > $out/cmdline.txt
  '';
}