48 lines
1.1 KiB
Nix
48 lines
1.1 KiB
Nix
{ tftproots, hostRegistry, lib, pkgs, ... }:
|
|
let
|
|
tftpRoot = pkgs.runCommand "tftproot" {} ''
|
|
mkdir $out
|
|
cp -sr ${tftproots.rpi-netboot-tftproot}/* $out/
|
|
${lib.concatMapStrings (host: ''
|
|
ln -s ${tftproots."${host}-tftproot"} $out/${hostRegistry.hosts.${host}.serial}
|
|
'') (
|
|
builtins.attrNames (
|
|
lib.filterAttrs (_: { serial ? null, ... }: serial != null)
|
|
hostRegistry.hosts
|
|
)
|
|
)}
|
|
'';
|
|
in
|
|
{
|
|
networking.firewall.enable = false;
|
|
|
|
# raspberrypi boot
|
|
services.atftpd = {
|
|
enable = true;
|
|
root = tftpRoot;
|
|
};
|
|
# share /nix/store via NFS read-only
|
|
services.nfs.server = {
|
|
enable = true;
|
|
exports =
|
|
let
|
|
allowed = [
|
|
"172.22.99.0/24"
|
|
"172.20.72.0/21"
|
|
"30c:c3d2:b946:76d0::/64"
|
|
"2a00:8180:2c00:200::/56"
|
|
"fd23:42:c3d2:500::/56"
|
|
];
|
|
opts = lib.concatStringsSep "," [
|
|
"async" "ro" "no_subtree_check" "no_root_squash" "fsid=0"
|
|
];
|
|
in ''
|
|
/nix/store ${
|
|
lib.concatMapStringsSep " " (subnet:
|
|
"${subnet}(${opts})"
|
|
) allowed
|
|
}
|
|
'';
|
|
};
|
|
}
|