forked from c3d2/nix-config
nfsroot: provide netbootxyz from this host
This commit is contained in:
parent
0cc1ab2312
commit
b7bc64e2df
|
@ -743,7 +743,8 @@
|
|||
_module.args.tftproots = nixos.lib.filterAttrs (name: _:
|
||||
builtins.match ".+-tftproot" name != null
|
||||
) self.packages.x86_64-linux;
|
||||
} ];
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
riscbert = nixosSystem' {
|
||||
|
|
|
@ -10,6 +10,7 @@ let
|
|||
in {
|
||||
imports = [
|
||||
./tftp.nix
|
||||
./nfs.nix
|
||||
];
|
||||
|
||||
microvm = {
|
||||
|
@ -38,41 +39,4 @@ in {
|
|||
};
|
||||
|
||||
system.stateVersion = "22.05";
|
||||
|
||||
|
||||
services.nfs.server = {
|
||||
enable = true;
|
||||
exports =
|
||||
let
|
||||
allowed = [
|
||||
"172.22.99.0/24"
|
||||
"172.20.72.0/21"
|
||||
"30c:c3d2:b946:76d0::/64"
|
||||
"2a00:8180:2c00:200::/56"
|
||||
"fd23:42:c3d2:500::/56"
|
||||
];
|
||||
opts = o: fsid:
|
||||
lib.concatStringsSep "," [
|
||||
o "async"
|
||||
"no_subtree_check" "no_root_squash"
|
||||
"fsid=${toString fsid}"
|
||||
];
|
||||
in ''
|
||||
/var/lib/nfsroot/dacbert ${
|
||||
lib.concatMapStringsSep " " (subnet:
|
||||
"${subnet}(${opts "rw" 1})"
|
||||
) allowed
|
||||
}
|
||||
/var/lib/nfsroot/riscbert ${
|
||||
lib.concatMapStringsSep " " (subnet:
|
||||
"${subnet}(${opts "rw" 2})"
|
||||
) allowed
|
||||
}
|
||||
/var/lib/dump-dvb/whoopsie ${
|
||||
lib.concatMapStringsSep " " (subnet:
|
||||
"${subnet}(${opts "rw" 3})"
|
||||
) allowed
|
||||
}
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
|
@ -0,0 +1,47 @@
|
|||
{ lib, ... }:
|
||||
{
|
||||
# share /nix/store via NFS read-only
|
||||
services.nfs.server = {
|
||||
enable = true;
|
||||
exports =
|
||||
let
|
||||
allowed = [
|
||||
"172.22.99.0/24"
|
||||
"172.20.72.0/21"
|
||||
"30c:c3d2:b946:76d0::/64"
|
||||
"2a00:8180:2c00:200::/56"
|
||||
"fd23:42:c3d2:500::/56"
|
||||
];
|
||||
opts = o: fsid:
|
||||
lib.concatStringsSep "," [
|
||||
o "async"
|
||||
"no_subtree_check" "no_root_squash"
|
||||
"fsid=${toString fsid}"
|
||||
];
|
||||
in ''
|
||||
# ro-store for netbooting Pi4
|
||||
/nix/store ${
|
||||
lib.concatMapStringsSep " " (subnet:
|
||||
"${subnet}(${opts "ro" 0})"
|
||||
) allowed
|
||||
}
|
||||
# rootfs for 100% nfsroot
|
||||
/var/lib/nfsroot/dacbert ${
|
||||
lib.concatMapStringsSep " " (subnet:
|
||||
"${subnet}(${opts "rw" 1})"
|
||||
) allowed
|
||||
}
|
||||
/var/lib/nfsroot/riscbert ${
|
||||
lib.concatMapStringsSep " " (subnet:
|
||||
"${subnet}(${opts "rw" 2})"
|
||||
) allowed
|
||||
}
|
||||
# shared space for dump-dvb project
|
||||
/var/lib/dump-dvb/whoopsie ${
|
||||
lib.concatMapStringsSep " " (subnet:
|
||||
"${subnet}(${opts "rw" 3})"
|
||||
) allowed
|
||||
}
|
||||
'';
|
||||
};
|
||||
}
|
|
@ -1,11 +1,32 @@
|
|||
{ tftproots, hostRegistry, lib, pkgs, ... }:
|
||||
let
|
||||
netbootxyzVersion = "2.0.60";
|
||||
netbootxyz_efi = pkgs.fetchurl {
|
||||
url = "https://github.com/netbootxyz/netboot.xyz/releases/download/${netbootxyzVersion}/netboot.xyz.efi";
|
||||
sha256 = "1k9i81iw6lhs1h8qy8yapasqcl31yxl2jxn52ls5anvm477650qk";
|
||||
};
|
||||
netbootxyz_kpxe = pkgs.fetchurl {
|
||||
url = "https://github.com/netbootxyz/netboot.xyz/releases/download/${netbootxyzVersion}/netboot.xyz.kpxe";
|
||||
sha256 = "1jr8qwkkj3ccvhdw98fakj07md0nkswy2mlg1rdhcnqzhas7qbj3";
|
||||
};
|
||||
tftpRoot = pkgs.runCommand "tftproot" {} ''
|
||||
mkdir $out
|
||||
|
||||
# PXE for PC
|
||||
ln -s ${netbootxyz_efi} $out/netboot.xyz.efi
|
||||
ln -s ${netbootxyz_kpxe} $out/netboot.xyz.kpxe
|
||||
|
||||
# generic boot files for pis
|
||||
cp -sr ${tftproots.rpi-netboot-tftproot}/* $out/
|
||||
|
||||
# dacbert
|
||||
ln -s /var/lib/nfsroot/dacbert/boot $out/${hostRegistry.hosts.dacbert.serial}
|
||||
|
||||
# boot files for specific pis by serial number subdirectories
|
||||
${lib.concatMapStrings (host: ''
|
||||
ln -s /var/lib/nfsroot/dacbert/boot $out/${hostRegistry.hosts.${host}.serial}
|
||||
if ! [ -L $out/${hostRegistry.hosts.${host}.serial} ]; then
|
||||
ln -s ${tftproots."${host}-tftproot"} $out/${hostRegistry.hosts.${host}.serial}
|
||||
fi
|
||||
'') (
|
||||
builtins.attrNames (
|
||||
lib.filterAttrs (_: { serial ? null, ... }: serial != null)
|
||||
|
@ -22,30 +43,4 @@ in
|
|||
enable = true;
|
||||
root = tftpRoot;
|
||||
};
|
||||
# share /nix/store via NFS read-only
|
||||
services.nfs.server = {
|
||||
enable = true;
|
||||
exports =
|
||||
let
|
||||
allowed = [
|
||||
"172.22.99.0/24"
|
||||
"172.20.72.0/21"
|
||||
"30c:c3d2:b946:76d0::/64"
|
||||
"2a00:8180:2c00:200::/56"
|
||||
"fd23:42:c3d2:500::/56"
|
||||
];
|
||||
opts = o: fsid:
|
||||
lib.concatStringsSep "," [
|
||||
o "async"
|
||||
"no_subtree_check" "no_root_squash"
|
||||
"fsid=${toString fsid}"
|
||||
];
|
||||
in ''
|
||||
/nix/store ${
|
||||
lib.concatMapStringsSep " " (subnet:
|
||||
"${subnet}(${opts "ro" 0})"
|
||||
) allowed
|
||||
}
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue