diff options
Diffstat (limited to 'installer')
-rw-r--r-- | installer/default.nix | 19 | ||||
-rw-r--r-- | installer/shell.nix | 92 |
2 files changed, 110 insertions, 1 deletions
diff --git a/installer/default.nix b/installer/default.nix index a0c84182..9043d59b 100644 --- a/installer/default.nix +++ b/installer/default.nix | |||
@@ -26,11 +26,28 @@ | |||
26 | }; | 26 | }; |
27 | 27 | ||
28 | environment.systemPackages = with pkgs; [ | 28 | environment.systemPackages = with pkgs; [ |
29 | nvme-cli iotop mosh | 29 | nvme-cli iotop pciutils bottom |
30 | |||
31 | cudatoolkit | ||
30 | ]; | 32 | ]; |
31 | 33 | ||
32 | zramSwap.enable = true; | 34 | zramSwap.enable = true; |
33 | 35 | ||
36 | users.defaultUserShell = pkgs.zsh; | ||
37 | programs = { | ||
38 | mosh.enable = true; | ||
39 | tmux.enable = true; | ||
40 | zsh.enable = true; | ||
41 | }; | ||
42 | |||
43 | # nvidia | ||
44 | services.xserver.videoDrivers = [ "nvidia" ]; | ||
45 | systemd.services.nvidia-control-devices = { | ||
46 | wantedBy = [ "multi-user.target" ]; | ||
47 | serviceConfig.ExecStart = "${pkgs.linuxPackages.nvidia_x11.bin}/bin/nvidia-smi"; | ||
48 | }; | ||
49 | nixpkgs.config.allowUnfree = true; | ||
50 | |||
34 | system.stateVersion = config.system.nixos.release; # No state in installer | 51 | system.stateVersion = config.system.nixos.release; # No state in installer |
35 | }; | 52 | }; |
36 | } | 53 | } |
diff --git a/installer/shell.nix b/installer/shell.nix new file mode 100644 index 00000000..043f0ddc --- /dev/null +++ b/installer/shell.nix | |||
@@ -0,0 +1,92 @@ | |||
1 | { system, installerName, config | ||
2 | , runCommand, makeWrapper, pixiecore, writeShellApplication, coreutils, busybox, nftables, mkShell | ||
3 | }: | ||
4 | |||
5 | let | ||
6 | pxeBuild = config.config.system.build; | ||
7 | pixiecore-wrapped = runCommand "pixiecore-${system}-${installerName}" { | ||
8 | nativeBuildInputs = [ makeWrapper ]; | ||
9 | } '' | ||
10 | mkdir -p $out/bin | ||
11 | makeWrapper ${pixiecore}/bin/pixiecore $out/bin/pixiecore-${installerName} \ | ||
12 | --add-flags boot \ | ||
13 | --add-flags "${pxeBuild.kernel}/bzImage" --add-flags "${pxeBuild.netbootRamdisk}/initrd" \ | ||
14 | --add-flags "--cmdline \"init=${pxeBuild.toplevel}/init loglevel=4\"" \ | ||
15 | --add-flags "-dt" --add-flags "--status-port 64172" --add-flags "--port 64172" --add-flags "--dhcp-no-bind" | ||
16 | ''; | ||
17 | udhcpd = writeShellApplication { | ||
18 | name = "udhcpd"; | ||
19 | |||
20 | runtimeInputs = [ coreutils ]; | ||
21 | |||
22 | text = '' | ||
23 | [[ -n "''${INTERFACE-}" ]] || exit 2 | ||
24 | |||
25 | _LEASES_FILE=$(mktemp --tmpdir udhcpd.XXXXXXXXXX.leases) | ||
26 | exec ${busybox}/bin/udhcpd -f <(cat <<EOF | ||
27 | interface $INTERFACE | ||
28 | lease_file $_LEASES_FILE | ||
29 | start 10.0.0.128 | ||
30 | end 10.0.0.254 | ||
31 | max_leases 127 | ||
32 | opt dns 8.8.8.8 | ||
33 | option subnet 255.255.255.0 | ||
34 | opt router 10.0.0.1 | ||
35 | option lease 30 | ||
36 | EOF | ||
37 | ) | ||
38 | ''; | ||
39 | }; | ||
40 | nft_apply = writeShellApplication { | ||
41 | name = "pxe-nft-apply"; | ||
42 | |||
43 | runtimeInputs = [ nftables ]; | ||
44 | |||
45 | text = '' | ||
46 | [[ -n "''${INTERFACE-}" ]] || exit 2 | ||
47 | |||
48 | exec nft -f - <<EOF | ||
49 | table inet filter { | ||
50 | chain forward_tmp { | ||
51 | iifname $INTERFACE oifname != {lo, wgrz, yggdrasil-wg-4, yggdrasil-wg-6, yggdrasil, ip6tnl, ip6gre, yggre-surtr-6, yggre-surtr-4, yggre-vidhar-4, virbr0} counter accept | ||
52 | oifname $INTERFACE ct state {established, related} counter accept | ||
53 | } | ||
54 | |||
55 | chain input_tmp { | ||
56 | iifname $INTERFACE udp dport {67,69,4011} counter accept | ||
57 | iifname $INTERFACE tcp dport 64172 counter accept | ||
58 | } | ||
59 | } | ||
60 | |||
61 | table ip nat { | ||
62 | chain postrouting_tmp { | ||
63 | iifname $INTERFACE oifname != $INTERFACE counter masquerade | ||
64 | } | ||
65 | } | ||
66 | |||
67 | table ip mss_clamp { | ||
68 | chain postrouting_tmp { | ||
69 | iifname $INTERFACE oifname != $INTERFACE tcp flags & (syn|rst) == syn counter tcp option maxseg size set rt mtu | ||
70 | } | ||
71 | } | ||
72 | EOF | ||
73 | ''; | ||
74 | }; | ||
75 | nft_flush = writeShellApplication { | ||
76 | name = "pxe-nft-flush"; | ||
77 | |||
78 | runtimeInputs = [ nftables ]; | ||
79 | |||
80 | text = '' | ||
81 | exec nft -f - <<EOF | ||
82 | flush chain inet filter forward_tmp | ||
83 | flush chain inet filter input_tmp | ||
84 | flush chain ip nat postrouting_tmp | ||
85 | flush chain ip mss_clamp postrouting_tmp | ||
86 | EOF | ||
87 | ''; | ||
88 | }; | ||
89 | in mkShell { | ||
90 | name = installerName; | ||
91 | nativeBuildInputs = [ pixiecore-wrapped udhcpd nft_apply nft_flush ]; | ||
92 | } | ||