forked from c3d2/nix-config
rpi-netboot: produce boot dir; nix-build: enable atftp+nfs
This commit is contained in:
parent
c6cfaaa129
commit
52c6add73e
18
flake.nix
18
flake.nix
|
@ -144,8 +144,6 @@
|
|||
}
|
||||
'';
|
||||
|
||||
rpi-netboot-tarball = self.nixosConfigurations.rpi-netboot.config.system.build.tarball;
|
||||
|
||||
} //
|
||||
|
||||
builtins.foldl' (result: host: result // {
|
||||
|
@ -206,6 +204,20 @@
|
|||
.overrideAttrs (oa: {
|
||||
meta.mainProgram = "run-${host}-vm";
|
||||
});
|
||||
} //
|
||||
nixpkgs.lib.optionalAttrs config.boot.loader.raspberryPi.enable {
|
||||
"${host}-boot" = pkgs.runCommand "tftproot" {} ''
|
||||
mkdir -p $out
|
||||
cp -rs ${pkgs.raspberrypifw}/share/raspberrypi/boot/* $out/
|
||||
rm -f $out/kernel.img $out/initrd.img
|
||||
ln -s ${config.system.build.kernel}/Image $out/kernel.img
|
||||
ln -s ${config.system.build.initialRamdisk}/initrd $out/initrd.img
|
||||
cat << EOF > $out/config.txt
|
||||
kernel kernel.img
|
||||
initramfs initrd.img followkernel
|
||||
EOF
|
||||
echo "dwc_otg.lpm_enable=0 console=ttyAMA0,115200 kgdboc=ttyAMA0,115200 console=tty1 verbose init=${config.system.build.toplevel}/init" > $out/cmdline.txt
|
||||
'';
|
||||
}
|
||||
) {} (builtins.attrNames self.nixosConfigurations)
|
||||
) self.legacyPackages;
|
||||
|
@ -317,6 +329,7 @@
|
|||
extraArgs = { inherit nixpkgs; };
|
||||
modules = [
|
||||
nixos-hardware.nixosModules.raspberry-pi-4
|
||||
self.nixosModules.rpi-netboot
|
||||
./hosts/rpi-netboot
|
||||
];
|
||||
system = "aarch64-linux";
|
||||
|
@ -525,6 +538,7 @@
|
|||
imports = [ ./modules/plume.nix ];
|
||||
nixpkgs.overlays = [ fenix.overlay naersk.overlay ];
|
||||
};
|
||||
rpi-netboot = ./modules/rpi-netboot.nix;
|
||||
};
|
||||
|
||||
hydraJobs = forAllSystems (system:
|
||||
|
|
|
@ -1,6 +1,10 @@
|
|||
{ hostRegistry, zentralwerk, config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
./rpi-netboot.nix
|
||||
];
|
||||
|
||||
networking.hostName = "nix-build"; # Define your hostname.
|
||||
networking.useDHCP = false;
|
||||
networking.interfaces.enp6s18 = {
|
||||
|
@ -11,13 +15,9 @@
|
|||
useDHCP = false;
|
||||
};
|
||||
networking.defaultGateway = "172.20.73.1";
|
||||
networking.firewall.allowedTCPPorts = [ 22 ];
|
||||
networking.firewall.enable = false;
|
||||
networking.nameservers = [ "172.20.73.8" "9.9.9.9" ];
|
||||
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
boot = {
|
||||
loader = {
|
||||
systemd-boot.enable = true;
|
||||
|
|
|
@ -0,0 +1,36 @@
|
|||
{ lib, ... }:
|
||||
let
|
||||
tftpRoot = "/var/lib/tftproot";
|
||||
in
|
||||
{
|
||||
networking.firewall.enable = false;
|
||||
|
||||
# raspberrypi boot
|
||||
services.atftpd = {
|
||||
enable = true;
|
||||
root = tftpRoot;
|
||||
};
|
||||
# share /nix/store via NFS read-only
|
||||
services.nfs.server = {
|
||||
enable = true;
|
||||
exports =
|
||||
let
|
||||
allowed = [
|
||||
"172.22.99.0/24"
|
||||
"172.20.72.0/21"
|
||||
"30c:c3d2:b946:76d0::/64"
|
||||
"2a00:8180:2c00:200::/56"
|
||||
"fd23:42:c3d2:500::/56"
|
||||
];
|
||||
opts = lib.concatStringsSep "," [
|
||||
"async" "ro" "no_subtree_check" "no_root_squash" "fsid=0"
|
||||
];
|
||||
in ''
|
||||
/nix/store ${
|
||||
lib.concatMapStringsSep " " (subnet:
|
||||
"${subnet}(${opts})"
|
||||
) allowed
|
||||
}
|
||||
'';
|
||||
};
|
||||
}
|
|
@ -39,30 +39,6 @@
|
|||
# prevent kernel install fail due to missing modules
|
||||
pkgs.makeModulesClosure (x // { allowMissing = true; });
|
||||
};
|
||||
boot = {
|
||||
# HACK
|
||||
isContainer = true;
|
||||
loader.initScript.enable = true;
|
||||
tmpOnTmpfs = true;
|
||||
postBootCommands = ''
|
||||
# nixos-rebuild also requires a "system" profile and an
|
||||
# /etc/NIXOS tag.
|
||||
touch /etc/NIXOS
|
||||
${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
|
||||
'';
|
||||
};
|
||||
fileSystems."/" = {
|
||||
fsType = "tmpfs";
|
||||
options = [ "mode=0755" ];
|
||||
};
|
||||
fileSystems."/etc" = {
|
||||
fsType = "tmpfs";
|
||||
options = [ "mode=0755" ];
|
||||
};
|
||||
fileSystems."/var" = {
|
||||
fsType = "tmpfs";
|
||||
options = [ "mode=0755" ];
|
||||
};
|
||||
hardware.raspberry-pi."4" = {
|
||||
# fkms-3d.enable = true;
|
||||
};
|
||||
|
|
|
@ -110,29 +110,6 @@ in
|
|||
};
|
||||
};
|
||||
};
|
||||
services.nfs.server = {
|
||||
enable = true;
|
||||
exports =
|
||||
let
|
||||
allowed = [
|
||||
"172.22.99.0/24"
|
||||
"172.20.72.0/21"
|
||||
"30c:c3d2:b946:76d0::/64"
|
||||
"2a00:8180:2c00:200::/56"
|
||||
"fd23:42:c3d2:500::/56"
|
||||
];
|
||||
opts = lib.concatStringsSep "," [
|
||||
"async" "ro" "no_subtree_check" "no_root_squash" "fsid=0"
|
||||
];
|
||||
in ''
|
||||
/mnt/cephfs/c3d2/hosts/rpi-nfsroot ${
|
||||
lib.concatMapStringsSep " " (subnet:
|
||||
"${subnet}(${opts})"
|
||||
) allowed
|
||||
}
|
||||
'';
|
||||
createMountPoints = true;
|
||||
};
|
||||
|
||||
networking.firewall.enable = false;
|
||||
|
||||
|
|
|
@ -0,0 +1,62 @@
|
|||
{ hostRegistry, pkgs, lib, ... }:
|
||||
{
|
||||
boot = {
|
||||
loader.raspberryPi = {
|
||||
enable = true;
|
||||
version = 4;
|
||||
};
|
||||
kernelPackages = pkgs.linuxPackages_rpi4;
|
||||
kernelParams = [
|
||||
"verbose" "shell_on_fail"
|
||||
"elevator=deadline"
|
||||
];
|
||||
initrd = {
|
||||
network = {
|
||||
enable = true;
|
||||
flushBeforeStage2 = false;
|
||||
};
|
||||
supportedFilesystems = lib.mkForce [
|
||||
"nfs"
|
||||
];
|
||||
# TODO: still needed?
|
||||
extraUtilsCommands = ''
|
||||
cp -v ${pkgs.klibc}/lib/klibc/bin.static/nfsmount $out/bin
|
||||
cp -v ${pkgs.glibc}/lib/libresolv.so.* $out/lib
|
||||
'';
|
||||
};
|
||||
|
||||
tmpOnTmpfs = true;
|
||||
};
|
||||
|
||||
fileSystems."/" = {
|
||||
fsType = "tmpfs";
|
||||
options = [ "mode=0755" ];
|
||||
};
|
||||
fileSystems."/etc" = {
|
||||
fsType = "tmpfs";
|
||||
options = [ "mode=0755" ];
|
||||
};
|
||||
fileSystems."/var" = {
|
||||
fsType = "tmpfs";
|
||||
options = [ "mode=0755" ];
|
||||
};
|
||||
fileSystems."/nix/store" = {
|
||||
device = "${hostRegistry.hosts.nix-build.ip4}:/nix/store";
|
||||
fsType = "nfs";
|
||||
options = [ "nfsvers=3" "proto=tcp" "nolock" "hard" "async" "ro" ];
|
||||
neededForBoot = true;
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
libraspberrypi
|
||||
raspberrypi-eeprom
|
||||
];
|
||||
systemd = {
|
||||
# r/o /nix/store
|
||||
services.nix-daemon.enable = false;
|
||||
sockets.nix-daemon.enable = false;
|
||||
};
|
||||
services.journald.extraConfig = ''
|
||||
Storage=volatile
|
||||
'';
|
||||
}
|
Loading…
Reference in New Issue