summaryrefslogtreecommitdiff
path: root/installer/shell.nix
diff options
context:
space:
mode:
Diffstat (limited to 'installer/shell.nix')
-rw-r--r--installer/shell.nix92
1 files changed, 92 insertions, 0 deletions
diff --git a/installer/shell.nix b/installer/shell.nix
new file mode 100644
index 00000000..043f0ddc
--- /dev/null
+++ b/installer/shell.nix
@@ -0,0 +1,92 @@
1{ system, installerName, config
2, runCommand, makeWrapper, pixiecore, writeShellApplication, coreutils, busybox, nftables, mkShell
3}:
4
5let
6 pxeBuild = config.config.system.build;
7 pixiecore-wrapped = runCommand "pixiecore-${system}-${installerName}" {
8 nativeBuildInputs = [ makeWrapper ];
9 } ''
10 mkdir -p $out/bin
11 makeWrapper ${pixiecore}/bin/pixiecore $out/bin/pixiecore-${installerName} \
12 --add-flags boot \
13 --add-flags "${pxeBuild.kernel}/bzImage" --add-flags "${pxeBuild.netbootRamdisk}/initrd" \
14 --add-flags "--cmdline \"init=${pxeBuild.toplevel}/init loglevel=4\"" \
15 --add-flags "-dt" --add-flags "--status-port 64172" --add-flags "--port 64172" --add-flags "--dhcp-no-bind"
16 '';
17 udhcpd = writeShellApplication {
18 name = "udhcpd";
19
20 runtimeInputs = [ coreutils ];
21
22 text = ''
23 [[ -n "''${INTERFACE-}" ]] || exit 2
24
25 _LEASES_FILE=$(mktemp --tmpdir udhcpd.XXXXXXXXXX.leases)
26 exec ${busybox}/bin/udhcpd -f <(cat <<EOF
27 interface $INTERFACE
28 lease_file $_LEASES_FILE
29 start 10.0.0.128
30 end 10.0.0.254
31 max_leases 127
32 opt dns 8.8.8.8
33 option subnet 255.255.255.0
34 opt router 10.0.0.1
35 option lease 30
36 EOF
37 )
38 '';
39 };
40 nft_apply = writeShellApplication {
41 name = "pxe-nft-apply";
42
43 runtimeInputs = [ nftables ];
44
45 text = ''
46 [[ -n "''${INTERFACE-}" ]] || exit 2
47
48 exec nft -f - <<EOF
49 table inet filter {
50 chain forward_tmp {
51 iifname $INTERFACE oifname != {lo, wgrz, yggdrasil-wg-4, yggdrasil-wg-6, yggdrasil, ip6tnl, ip6gre, yggre-surtr-6, yggre-surtr-4, yggre-vidhar-4, virbr0} counter accept
52 oifname $INTERFACE ct state {established, related} counter accept
53 }
54
55 chain input_tmp {
56 iifname $INTERFACE udp dport {67,69,4011} counter accept
57 iifname $INTERFACE tcp dport 64172 counter accept
58 }
59 }
60
61 table ip nat {
62 chain postrouting_tmp {
63 iifname $INTERFACE oifname != $INTERFACE counter masquerade
64 }
65 }
66
67 table ip mss_clamp {
68 chain postrouting_tmp {
69 iifname $INTERFACE oifname != $INTERFACE tcp flags & (syn|rst) == syn counter tcp option maxseg size set rt mtu
70 }
71 }
72 EOF
73 '';
74 };
75 nft_flush = writeShellApplication {
76 name = "pxe-nft-flush";
77
78 runtimeInputs = [ nftables ];
79
80 text = ''
81 exec nft -f - <<EOF
82 flush chain inet filter forward_tmp
83 flush chain inet filter input_tmp
84 flush chain ip nat postrouting_tmp
85 flush chain ip mss_clamp postrouting_tmp
86 EOF
87 '';
88 };
89in mkShell {
90 name = installerName;
91 nativeBuildInputs = [ pixiecore-wrapped udhcpd nft_apply nft_flush ];
92}