3 files changed, 179 insertions, 49 deletions
diff --git a/hosts/vidhar/network/default.nix b/hosts/vidhar/network/default.nix
index 0643f0bb..92d755f3 100644
--- a/hosts/vidhar/network/default.nix
+++ b/hosts/vidhar/network/default.nix
@@ -103,7 +103,14 @@ with lib;
          /srv/nfs/nix-store 10.141.0.0/24(ro,async,root_squash) 2a03:4000:52:ada:1::/80(ro,async,root_squash)
        '';
      };
-      settings.nfsd.vers3 = false;
+      settings.nfsd = {
+        rdma = true;
+        vers3 = false;
+        vers4 = true;
+        "vers4.0" = false;
+        "vers4.1" = false;
+        "vers4.2" = true;
+      };
    };
    fileSystems = {
diff --git a/hosts/vidhar/network/dhcp/default.nix b/hosts/vidhar/network/dhcp/default.nix
index 07a83351..098d3061 100644
--- a/hosts/vidhar/network/dhcp/default.nix
+++ b/hosts/vidhar/network/dhcp/default.nix
@@ -1,8 +1,33 @@
-{ flake, config, pkgs, lib, ... }:
+{ flake, config, pkgs, lib, sources, ... }:
 with lib;
-{
+let
+  nfsrootBaseUrl = "http://nfsroot.vidhar.yggdrasil";
+  tftpIp = "10.141.0.1";
+  nfsIp = tftpIp;
+  ipxe = pkgs.ipxe.override {
+    additionalTargets = {
+      "bin-i386-efi/ipxe.efi" = "i386-ipxe.efi";
+    };
+    additionalOptions = [
+      "NSLOOKUP_CMD"
+      "PING_CMD"
+      "CONSOLE_CMD"
+    ];
+    embedScript = pkgs.writeText "yggdrasil.ipxe" ''
+      #!ipxe
+      cpair --background 9 1
+      cpair --background 9 3
+      cpair --background 9 6
+      set user-class iPXE-yggdrasil
+      autoboot
+    '';
+  };
+in {
  config = {
    services.kea = {
      dhcp4 = {
@@ -23,41 +48,67 @@ with lib;
          };
          client-classes = [
-            { name = "eostre-ipxe";
+            { name = "ipxe-eostre";
-              test = "hexstring(pkt4.mac, ':') == '00:d8:61:79:c5:40' and option[77].hex == 'iPXE'";
+              test = "hexstring(pkt4.mac, ':') == '00:d8:61:79:c5:40' and option[77].hex == 'iPXE-yggdrasil'";
-              next-server = "10.141.0.1";
+              next-server = tftpIp;
-              boot-file-name = "http://nfsroot.vidhar.yggdrasil/eostre/netboot.ipxe";
+              boot-file-name = "${nfsrootBaseUrl}/eostre.menu.ipxe";
+              only-if-required = true;
+            }
+            { name = "ipxe-yggdrasil";
+              test = "option[77].hex == 'iPXE-yggdrasil'";
+              next-server = tftpIp;
+              boot-file-name = "${nfsrootBaseUrl}/installer-x86_64-linux.menu.ipxe";
              only-if-required = true;
            }
-            { name = "ipxe";
-              test = "option[77].hex == 'iPXE'";
+            { name = "uefi-http";
-              next-server = "10.141.0.1";
+              test = "option[client-system].hex == 0x0010";
-              boot-file-name = "http://nfsroot.vidhar.yggdrasil/installer-x86_64-linux/netboot.ipxe";
+              option-data = [
+                { name = "vendor-class-identifier"; data = "HTTPClient"; }
+              ];
+              boot-file-name = "${nfsrootBaseUrl}/ipxe.efi";
              only-if-required = true;
            }
+            { name = "ipxe-uefi-64";
+              test = "option[77].hex == 'iPXE' and (substring(option[60].hex,0,20) == 'PXEClient:Arch:00007' or substring(option[60].hex,0,20) == 'PXEClient:Arch:00008' or substring(option[60].hex,0,20) == 'PXEClient:Arch:00009')";
+              boot-file-name = "${nfsrootBaseUrl}/ipxe.efi";
+              only-if-required = true;
+            }
+            { name = "ipxe-uefi-32";
+              test = "option[77].hex == 'iPXE' and (substring(option[60].hex,0,20) == 'PXEClient:Arch:00002' or substring(option[60].hex,0,20) == 'PXEClient:Arch:00006')";
+              boot-file-name = "${nfsrootBaseUrl}/i386-ipxe.efi";
+              only-if-required = true;
+            }
+            { name = "ipxe-legacy";
+              test = "option[77].hex == 'iPXE' and substring(option[60].hex,0,20) == 'PXEClient:Arch:00000'";
+              boot-file-name = "${nfsrootBaseUrl}/ipxe.lkrn";
+              only-if-required = true;
+            }
            { name = "uefi-64";
              test = "substring(option[60].hex,0,20) == 'PXEClient:Arch:00007' or substring(option[60].hex,0,20) == 'PXEClient:Arch:00008' or substring(option[60].hex,0,20) == 'PXEClient:Arch:00009'";
-              only-if-required = true;
              option-data = [
-                { name = "tftp-server-name"; data = "10.141.0.1"; }
+                { name = "tftp-server-name"; data = tftpIp; }
              ];
              boot-file-name = "ipxe.efi";
+              only-if-required = true;
            }
            { name = "uefi-32";
              test = "substring(option[60].hex,0,20) == 'PXEClient:Arch:00002' or substring(option[60].hex,0,20) == 'PXEClient:Arch:00006'";
-              only-if-required = true;
              option-data = [
-                { name = "tftp-server-name"; data = "10.141.0.1"; }
+                { name = "tftp-server-name"; data = tftpIp; }
              ];
              boot-file-name = "i386-ipxe.efi";
+              only-if-required = true;
            }
            { name = "legacy";
              test = "substring(option[60].hex,0,20) == 'PXEClient:Arch:00000'";
-              only-if-required = true;
              option-data = [
-                { name = "tftp-server-name"; data = "10.141.0.1"; }
+                { name = "tftp-server-name"; data = tftpIp; }
              ];
-              boot-file-name = "undionly.kpxe";
+              boot-file-name = "ipxe.lkrn";
+              only-if-required = true;
            }
          ];
@@ -252,31 +303,75 @@ with lib;
          name = "nfsroot.vidhar.yggdrasil";
          paths =
            (map (system:
-               let
+              pkgs.symlinkJoin {
-                 installerBuild = (flake.nixosConfigurations.${"installer-${system}-nfsroot"}.extendModules {
+                name = "installer-${system}";
-                   modules = [
+                paths = [
-                     ({ ... }: {
+                  (let
-                       config.nfsroot.storeDevice = "10.141.0.1:nix-store";
+                    installerBuild = (flake.nixosConfigurations.${"installer-${system}-nfsroot"}.extendModules {
-                       config.nfsroot.registrationUrl = "http://nfsroot.vidhar.yggdrasil/installer-${system}/registration";
+                      modules = [
-                     })
+                        ({ ... }: {
-                   ];
+                          config.nfsroot.storeDevice = "${nfsIp}:nix-store";
-                 }).config.system.build;
+                          config.nfsroot.registrationUrl = "${nfsrootBaseUrl}/installer-${system}/registration";
-               in builtins.toPath (pkgs.runCommandLocal "install-${system}" {} ''
+                        })
-                 mkdir -p $out/installer-${system}
+                      ];
-                 install -m 0444 -t $out/installer-${system} \
+                    }).config.system.build;
-                   ${installerBuild.initialRamdisk}/initrd \
+                  in builtins.toPath (pkgs.runCommandLocal "install-${system}" {} ''
-                   ${installerBuild.kernel}/bzImage \
+                    mkdir -p $out/installer-${system}
-                   ${installerBuild.netbootIpxeScript}/netboot.ipxe \
+                    install -m 0444 -t $out/installer-${system} \
-                   ${pkgs.closureInfo { rootPaths = installerBuild.storeContents; }}/registration
+                      ${installerBuild.initialRamdisk}/initrd \
-               '')
+                      ${installerBuild.kernel}/bzImage \
-              ) ["x86_64-linux"]
+                      ${installerBuild.netbootIpxeScript}/netboot.ipxe \
+                      ${pkgs.closureInfo { rootPaths = installerBuild.storeContents; }}/registration
+                  ''))
+                  (pkgs.writeTextFile {
+                    name = "installer-${system}.menu.ipxe";
+                    destination = "/installer-${system}.menu.ipxe";
+                    text = ''
+                      #!ipxe
+                      :start
+                      menu iPXE boot menu for installer-${system}
+                      item installer installer-${system}
+                      item memtest memtest86plus
+                      item netboot netboot.xyz
+                      item shell iPXE shell
+                      choose --timeout 0 --default installer selected || goto shell
+                      goto ''${selected}
+                      :shell
+                      shell
+                      goto start
+                      :installer
+                      chain installer-${system}/netboot.ipxe
+                      goto start
+                      :netboot
+                      iseq ''${platform} efi && chain --autofree netboot.xyz.efi || chain --autofree netboot.xyz.lkrn
+                      goto start
+                      :memtest
+                      iseq ''${platform} efi && chain --autofree memtest.efi || chain --autofree memtest.bin
+                      goto start
+                    '';
+                  })
+                ];
+              }) ["x86_64-linux"]
            ) ++ [
+              (pkgs.runCommandLocal "utils" {} ''
+                mkdir $out
+                install -m 0444 -t $out \
+                  ${ipxe}/{ipxe.efi,i386-ipxe.efi,ipxe.lkrn} \
+                  ${pkgs.memtest86plus}/{memtest.efi,memtest.bin}
+                install -m 0444 ${sources.netbootxyz-efi.src} $out/netboot.xyz.efi
+                install -m 0444 ${sources.netbootxyz-lkrn.src} $out/netboot.xyz.lkrn
+              '')
              (let
                 eostreBuild = (flake.nixosConfigurations.eostre.extendModules {
                   modules = [
                     ({ ... }: {
-                       config.nfsroot.storeDevice = "10.141.0.1:nix-store";
+                       config.nfsroot.storeDevice = "${nfsIp}:nix-store";
-                       config.nfsroot.registrationUrl = "http://nfsroot.vidhar.yggdrasil/eostre/registration";
+                       config.nfsroot.registrationUrl = "${nfsrootBaseUrl}/eostre/registration";
                     })
                   ];
                 }).config.system.build;
@@ -288,6 +383,42 @@ with lib;
                      ${eostreBuild.netbootIpxeScript}/netboot.ipxe \
                      ${pkgs.closureInfo { rootPaths = eostreBuild.storeContents; }}/registration
                  ''))
+              (pkgs.writeTextFile {
+                name = "eostre.menu.ipxe";
+                destination = "/eostre.menu.ipxe";
+                text = ''
+                  #!ipxe
+                  set menu-timeout 5000
+                  :start
+                  menu iPXE boot menu for eostre
+                  item eostre eostre
+                  item memtest memtest86plus
+                  item netboot netboot.xyz
+                  item shell iPXE shell
+                  choose --timeout ''${menu-timeout} --default eostre selected || goto shell
+                  set menu-timeout 0
+                  goto ''${selected}
+                  :shell
+                  set menu-timeout 0
+                  shell
+                  goto start
+                  :eostre
+                  chain eostre/netboot.ipxe
+                  goto start
+                  :netboot
+                  iseq ''${platform} efi && chain --autofree netboot.xyz.efi || chain --autofree netboot.xyz.lkrn
+                  goto start
+                  :memtest
+                  iseq ''${platform} efi && chain --autofree memtest.efi || chain --autofree memtest.bin
+                  goto start
+                '';
+              })
            ];
        };
      };
@@ -298,20 +429,12 @@ with lib;
      after = [ "network.target" ];
      wantedBy = [ "multi-user.target" ];
      serviceConfig.ExecStart = let
-        ipxe = pkgs.ipxe.override {
-          additionalTargets = {
-            "bin-i386-efi/ipxe.efi" = "i386-ipxe.efi";
-          };
-          additionalOptions = [
-            "NSLOOKUP_CMD"
-          ];
-        };
        tftpRoot = pkgs.runCommandLocal "netboot" {} ''
          mkdir -p $out
          install -m 0444 -t $out \
-            ${ipxe}/ipxe.efi ${ipxe}/i386-ipxe.efi ${ipxe}/undionly.kpxe
+            ${ipxe}/{ipxe.efi,i386-ipxe.efi,ipxe.lkrn}
        '';
-      in "${pkgs.atftp}/sbin/atftpd --daemon --no-fork --bind-address=10.141.0.1 ${tftpRoot}";
+      in "${pkgs.atftp}/sbin/atftpd --daemon --no-fork --bind-address=${tftpIp} ${tftpRoot}";
    };
  };
 }
diff --git a/hosts/vidhar/paperless/default.nix b/hosts/vidhar/paperless/default.nix
index 34cd18c4..dd02da38 100644
--- a/hosts/vidhar/paperless/default.nix
+++ b/hosts/vidhar/paperless/default.nix
@@ -4,7 +4,7 @@
  config = {
    services.paperless = {
      enable = true;
-      address = "[2a03:4000:52:ada:4:1::]";
+      address = "2a03:4000:52:ada:4:1::";
      passwordFile = config.sops.secrets."paperless-rootpw".path;
      settings = {
        PAPERLESS_OCR_LANGUAGE = "deu+eng";

diff --git a/hosts/vidhar/network/default.nix b/hosts/vidhar/network/default.nix index 0643f0bb..92d755f3 100644 --- a/hosts/vidhar/network/default.nix +++ b/hosts/vidhar/network/default.nix
@@ -103,7 +103,14 @@ with lib;
103	/srv/nfs/nix-store 10.141.0.0/24(ro,async,root_squash) 2a03:4000:52:ada:1::/80(ro,async,root_squash)	103	/srv/nfs/nix-store 10.141.0.0/24(ro,async,root_squash) 2a03:4000:52:ada:1::/80(ro,async,root_squash)
104	'';	104	'';
105	};	105	};
106	settings.nfsd.vers3 = false;	106	settings.nfsd = {
		107	rdma = true;
		108	vers3 = false;
		109	vers4 = true;
		110	"vers4.0" = false;
		111	"vers4.1" = false;
		112	"vers4.2" = true;
		113	};
107	};	114	};
108		115
109	fileSystems = {	116	fileSystems = {


diff --git a/hosts/vidhar/network/dhcp/default.nix b/hosts/vidhar/network/dhcp/default.nix index 07a83351..098d3061 100644 --- a/hosts/vidhar/network/dhcp/default.nix +++ b/hosts/vidhar/network/dhcp/default.nix
@@ -1,8 +1,33 @@
1	{ flake, config, pkgs, lib, ... }:	1	{ flake, config, pkgs, lib, sources, ... }:
2		2
3	with lib;	3	with lib;
4		4
5	{	5	let
		6	nfsrootBaseUrl = "http://nfsroot.vidhar.yggdrasil";
		7	tftpIp = "10.141.0.1";
		8	nfsIp = tftpIp;
		9	ipxe = pkgs.ipxe.override {
		10	additionalTargets = {
		11	"bin-i386-efi/ipxe.efi" = "i386-ipxe.efi";
		12	};
		13	additionalOptions = [
		14	"NSLOOKUP_CMD"
		15	"PING_CMD"
		16	"CONSOLE_CMD"
		17	];
		18	embedScript = pkgs.writeText "yggdrasil.ipxe" ''
		19	#!ipxe
		20
		21	cpair --background 9 1
		22	cpair --background 9 3
		23	cpair --background 9 6
		24
		25	set user-class iPXE-yggdrasil
		26
		27	autoboot
		28	'';
		29	};
		30	in {
6	config = {	31	config = {
7	services.kea = {	32	services.kea = {
8	dhcp4 = {	33	dhcp4 = {
@@ -23,41 +48,67 @@ with lib;
23	};	48	};
24		49
25	client-classes = [	50	client-classes = [
26	{ name = "eostre-ipxe";	51	{ name = "ipxe-eostre";
27	test = "hexstring(pkt4.mac, ':') == '00:d8:61:79:c5:40' and option[77].hex == 'iPXE'";	52	test = "hexstring(pkt4.mac, ':') == '00:d8:61:79:c5:40' and option[77].hex == 'iPXE-yggdrasil'";
28	next-server = "10.141.0.1";	53	next-server = tftpIp;
29	boot-file-name = "http://nfsroot.vidhar.yggdrasil/eostre/netboot.ipxe";	54	boot-file-name = "${nfsrootBaseUrl}/eostre.menu.ipxe";
		55	only-if-required = true;
		56	}
		57	{ name = "ipxe-yggdrasil";
		58	test = "option[77].hex == 'iPXE-yggdrasil'";
		59	next-server = tftpIp;
		60	boot-file-name = "${nfsrootBaseUrl}/installer-x86_64-linux.menu.ipxe";
30	only-if-required = true;	61	only-if-required = true;
31	}	62	}
32	{ name = "ipxe";	63
33	test = "option[77].hex == 'iPXE'";	64	{ name = "uefi-http";
34	next-server = "10.141.0.1";	65	test = "option[client-system].hex == 0x0010";
35	boot-file-name = "http://nfsroot.vidhar.yggdrasil/installer-x86_64-linux/netboot.ipxe";	66	option-data = [
		67	{ name = "vendor-class-identifier"; data = "HTTPClient"; }
		68	];
		69	boot-file-name = "${nfsrootBaseUrl}/ipxe.efi";
36	only-if-required = true;	70	only-if-required = true;
37	}	71	}
		72
		73	{ name = "ipxe-uefi-64";
		74	test = "option[77].hex == 'iPXE' and (substring(option[60].hex,0,20) == 'PXEClient:Arch:00007' or substring(option[60].hex,0,20) == 'PXEClient:Arch:00008' or substring(option[60].hex,0,20) == 'PXEClient:Arch:00009')";
		75	boot-file-name = "${nfsrootBaseUrl}/ipxe.efi";
		76	only-if-required = true;
		77	}
		78	{ name = "ipxe-uefi-32";
		79	test = "option[77].hex == 'iPXE' and (substring(option[60].hex,0,20) == 'PXEClient:Arch:00002' or substring(option[60].hex,0,20) == 'PXEClient:Arch:00006')";
		80	boot-file-name = "${nfsrootBaseUrl}/i386-ipxe.efi";
		81	only-if-required = true;
		82	}
		83	{ name = "ipxe-legacy";
		84	test = "option[77].hex == 'iPXE' and substring(option[60].hex,0,20) == 'PXEClient:Arch:00000'";
		85	boot-file-name = "${nfsrootBaseUrl}/ipxe.lkrn";
		86	only-if-required = true;
		87	}
		88
38	{ name = "uefi-64";	89	{ name = "uefi-64";
39	test = "substring(option[60].hex,0,20) == 'PXEClient:Arch:00007' or substring(option[60].hex,0,20) == 'PXEClient:Arch:00008' or substring(option[60].hex,0,20) == 'PXEClient:Arch:00009'";	90	test = "substring(option[60].hex,0,20) == 'PXEClient:Arch:00007' or substring(option[60].hex,0,20) == 'PXEClient:Arch:00008' or substring(option[60].hex,0,20) == 'PXEClient:Arch:00009'";
40	only-if-required = true;
41	option-data = [	91	option-data = [
42	{ name = "tftp-server-name"; data = "10.141.0.1"; }	92	{ name = "tftp-server-name"; data = tftpIp; }
43	];	93	];
44	boot-file-name = "ipxe.efi";	94	boot-file-name = "ipxe.efi";
		95	only-if-required = true;
45	}	96	}
46	{ name = "uefi-32";	97	{ name = "uefi-32";
47	test = "substring(option[60].hex,0,20) == 'PXEClient:Arch:00002' or substring(option[60].hex,0,20) == 'PXEClient:Arch:00006'";	98	test = "substring(option[60].hex,0,20) == 'PXEClient:Arch:00002' or substring(option[60].hex,0,20) == 'PXEClient:Arch:00006'";
48	only-if-required = true;
49	option-data = [	99	option-data = [
50	{ name = "tftp-server-name"; data = "10.141.0.1"; }	100	{ name = "tftp-server-name"; data = tftpIp; }
51	];	101	];
52	boot-file-name = "i386-ipxe.efi";	102	boot-file-name = "i386-ipxe.efi";
		103	only-if-required = true;
53	}	104	}
54	{ name = "legacy";	105	{ name = "legacy";
55	test = "substring(option[60].hex,0,20) == 'PXEClient:Arch:00000'";	106	test = "substring(option[60].hex,0,20) == 'PXEClient:Arch:00000'";
56	only-if-required = true;
57	option-data = [	107	option-data = [
58	{ name = "tftp-server-name"; data = "10.141.0.1"; }	108	{ name = "tftp-server-name"; data = tftpIp; }
59	];	109	];
60	boot-file-name = "undionly.kpxe";	110	boot-file-name = "ipxe.lkrn";
		111	only-if-required = true;
61	}	112	}
62	];	113	];
63		114
@@ -252,31 +303,75 @@ with lib;
252	name = "nfsroot.vidhar.yggdrasil";	303	name = "nfsroot.vidhar.yggdrasil";
253	paths =	304	paths =
254	(map (system:	305	(map (system:
255	let	306	pkgs.symlinkJoin {
256	installerBuild = (flake.nixosConfigurations.${"installer-${system}-nfsroot"}.extendModules {	307	name = "installer-${system}";
257	modules = [	308	paths = [
258	({ ... }: {	309	(let
259	config.nfsroot.storeDevice = "10.141.0.1:nix-store";	310	installerBuild = (flake.nixosConfigurations.${"installer-${system}-nfsroot"}.extendModules {
260	config.nfsroot.registrationUrl = "http://nfsroot.vidhar.yggdrasil/installer-${system}/registration";	311	modules = [
261	})	312	({ ... }: {
262	];	313	config.nfsroot.storeDevice = "${nfsIp}:nix-store";
263	}).config.system.build;	314	config.nfsroot.registrationUrl = "${nfsrootBaseUrl}/installer-${system}/registration";
264	in builtins.toPath (pkgs.runCommandLocal "install-${system}" {} ''	315	})
265	mkdir -p $out/installer-${system}	316	];
266	install -m 0444 -t $out/installer-${system} \	317	}).config.system.build;
267	${installerBuild.initialRamdisk}/initrd \	318	in builtins.toPath (pkgs.runCommandLocal "install-${system}" {} ''
268	${installerBuild.kernel}/bzImage \	319	mkdir -p $out/installer-${system}
269	${installerBuild.netbootIpxeScript}/netboot.ipxe \	320	install -m 0444 -t $out/installer-${system} \
270	${pkgs.closureInfo { rootPaths = installerBuild.storeContents; }}/registration	321	${installerBuild.initialRamdisk}/initrd \
271	'')	322	${installerBuild.kernel}/bzImage \
272	) ["x86_64-linux"]	323	${installerBuild.netbootIpxeScript}/netboot.ipxe \
		324	${pkgs.closureInfo { rootPaths = installerBuild.storeContents; }}/registration
		325	''))
		326	(pkgs.writeTextFile {
		327	name = "installer-${system}.menu.ipxe";
		328	destination = "/installer-${system}.menu.ipxe";
		329	text = ''
		330	#!ipxe
		331
		332	:start
		333	menu iPXE boot menu for installer-${system}
		334	item installer installer-${system}
		335	item memtest memtest86plus
		336	item netboot netboot.xyz
		337	item shell iPXE shell
		338	choose --timeout 0 --default installer selected \|\| goto shell
		339	goto ''${selected}
		340
		341	:shell
		342	shell
		343	goto start
		344
		345	:installer
		346	chain installer-${system}/netboot.ipxe
		347	goto start
		348
		349	:netboot
		350	iseq ''${platform} efi && chain --autofree netboot.xyz.efi \|\| chain --autofree netboot.xyz.lkrn
		351	goto start
		352
		353	:memtest
		354	iseq ''${platform} efi && chain --autofree memtest.efi \|\| chain --autofree memtest.bin
		355	goto start
		356	'';
		357	})
		358	];
		359	}) ["x86_64-linux"]
273	) ++ [	360	) ++ [
		361	(pkgs.runCommandLocal "utils" {} ''
		362	mkdir $out
		363	install -m 0444 -t $out \
		364	${ipxe}/{ipxe.efi,i386-ipxe.efi,ipxe.lkrn} \
		365	${pkgs.memtest86plus}/{memtest.efi,memtest.bin}
		366	install -m 0444 ${sources.netbootxyz-efi.src} $out/netboot.xyz.efi
		367	install -m 0444 ${sources.netbootxyz-lkrn.src} $out/netboot.xyz.lkrn
		368	'')
274	(let	369	(let
275	eostreBuild = (flake.nixosConfigurations.eostre.extendModules {	370	eostreBuild = (flake.nixosConfigurations.eostre.extendModules {
276	modules = [	371	modules = [
277	({ ... }: {	372	({ ... }: {
278	config.nfsroot.storeDevice = "10.141.0.1:nix-store";	373	config.nfsroot.storeDevice = "${nfsIp}:nix-store";
279	config.nfsroot.registrationUrl = "http://nfsroot.vidhar.yggdrasil/eostre/registration";	374	config.nfsroot.registrationUrl = "${nfsrootBaseUrl}/eostre/registration";
280	})	375	})
281	];	376	];
282	}).config.system.build;	377	}).config.system.build;
@@ -288,6 +383,42 @@ with lib;
288	${eostreBuild.netbootIpxeScript}/netboot.ipxe \	383	${eostreBuild.netbootIpxeScript}/netboot.ipxe \
289	${pkgs.closureInfo { rootPaths = eostreBuild.storeContents; }}/registration	384	${pkgs.closureInfo { rootPaths = eostreBuild.storeContents; }}/registration
290	''))	385	''))
		386	(pkgs.writeTextFile {
		387	name = "eostre.menu.ipxe";
		388	destination = "/eostre.menu.ipxe";
		389	text = ''
		390	#!ipxe
		391
		392	set menu-timeout 5000
		393
		394	:start
		395	menu iPXE boot menu for eostre
		396	item eostre eostre
		397	item memtest memtest86plus
		398	item netboot netboot.xyz
		399	item shell iPXE shell
		400	choose --timeout ''${menu-timeout} --default eostre selected \|\| goto shell
		401	set menu-timeout 0
		402	goto ''${selected}
		403
		404	:shell
		405	set menu-timeout 0
		406	shell
		407	goto start
		408
		409	:eostre
		410	chain eostre/netboot.ipxe
		411	goto start
		412
		413	:netboot
		414	iseq ''${platform} efi && chain --autofree netboot.xyz.efi \|\| chain --autofree netboot.xyz.lkrn
		415	goto start
		416
		417	:memtest
		418	iseq ''${platform} efi && chain --autofree memtest.efi \|\| chain --autofree memtest.bin
		419	goto start
		420	'';
		421	})
291	];	422	];
292	};	423	};
293	};	424	};
@@ -298,20 +429,12 @@ with lib;
298	after = [ "network.target" ];	429	after = [ "network.target" ];
299	wantedBy = [ "multi-user.target" ];	430	wantedBy = [ "multi-user.target" ];
300	serviceConfig.ExecStart = let	431	serviceConfig.ExecStart = let
301	ipxe = pkgs.ipxe.override {
302	additionalTargets = {
303	"bin-i386-efi/ipxe.efi" = "i386-ipxe.efi";
304	};
305	additionalOptions = [
306	"NSLOOKUP_CMD"
307	];
308	};
309	tftpRoot = pkgs.runCommandLocal "netboot" {} ''	432	tftpRoot = pkgs.runCommandLocal "netboot" {} ''
310	mkdir -p $out	433	mkdir -p $out
311	install -m 0444 -t $out \	434	install -m 0444 -t $out \
312	${ipxe}/ipxe.efi ${ipxe}/i386-ipxe.efi ${ipxe}/undionly.kpxe	435	${ipxe}/{ipxe.efi,i386-ipxe.efi,ipxe.lkrn}
313	'';	436	'';
314	in "${pkgs.atftp}/sbin/atftpd --daemon --no-fork --bind-address=10.141.0.1 ${tftpRoot}";	437	in "${pkgs.atftp}/sbin/atftpd --daemon --no-fork --bind-address=${tftpIp} ${tftpRoot}";
315	};	438	};
316	};	439	};
317	}	440	}


diff --git a/hosts/vidhar/paperless/default.nix b/hosts/vidhar/paperless/default.nix index 34cd18c4..dd02da38 100644 --- a/hosts/vidhar/paperless/default.nix +++ b/hosts/vidhar/paperless/default.nix
@@ -4,7 +4,7 @@
4	config = {	4	config = {
5	services.paperless = {	5	services.paperless = {
6	enable = true;	6	enable = true;
7	address = "[2a03:4000:52:ada:4:1::]";	7	address = "2a03:4000:52:ada:4:1::";
8	passwordFile = config.sops.secrets."paperless-rootpw".path;	8	passwordFile = config.sops.secrets."paperless-rootpw".path;
9	settings = {	9	settings = {
10	PAPERLESS_OCR_LANGUAGE = "deu+eng";	10	PAPERLESS_OCR_LANGUAGE = "deu+eng";