2 files changed, 110 insertions, 1 deletions
diff --git a/installer/default.nix b/installer/default.nix
index a0c84182..9043d59b 100644
--- a/installer/default.nix
+++ b/installer/default.nix
@@ -26,11 +26,28 @@
    };
    environment.systemPackages = with pkgs; [
-      nvme-cli iotop mosh
+      nvme-cli iotop pciutils bottom
+      cudatoolkit
    ];
    zramSwap.enable = true;
+    users.defaultUserShell = pkgs.zsh;
+    programs = {
+      mosh.enable = true;
+      tmux.enable = true;
+      zsh.enable = true;
+    };
+    # nvidia
+    services.xserver.videoDrivers = [ "nvidia" ];
+    systemd.services.nvidia-control-devices = {
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig.ExecStart = "${pkgs.linuxPackages.nvidia_x11.bin}/bin/nvidia-smi";
+    };
+    nixpkgs.config.allowUnfree = true;
    system.stateVersion = config.system.nixos.release; # No state in installer
  };
 }
diff --git a/installer/shell.nix b/installer/shell.nix
new file mode 100644
index 00000000..043f0ddc
--- /dev/null
+++ b/installer/shell.nix
@@ -0,0 +1,92 @@
+{ system, installerName, config
+, runCommand, makeWrapper, pixiecore, writeShellApplication, coreutils, busybox, nftables, mkShell
+}:
+let
+  pxeBuild = config.config.system.build;
+  pixiecore-wrapped = runCommand "pixiecore-${system}-${installerName}" {
+    nativeBuildInputs = [ makeWrapper ];
+  } ''
+    mkdir -p $out/bin
+    makeWrapper ${pixiecore}/bin/pixiecore $out/bin/pixiecore-${installerName} \
+      --add-flags boot \
+      --add-flags "${pxeBuild.kernel}/bzImage" --add-flags "${pxeBuild.netbootRamdisk}/initrd" \
+      --add-flags "--cmdline \"init=${pxeBuild.toplevel}/init loglevel=4\"" \
+      --add-flags "-dt" --add-flags "--status-port 64172" --add-flags "--port 64172" --add-flags "--dhcp-no-bind"
+  '';
+  udhcpd = writeShellApplication {
+    name = "udhcpd";
+    runtimeInputs = [ coreutils ];
+    text = ''
+      [[ -n "''${INTERFACE-}" ]] || exit 2
+      _LEASES_FILE=$(mktemp --tmpdir udhcpd.XXXXXXXXXX.leases)
+      exec ${busybox}/bin/udhcpd -f <(cat <<EOF
+        interface $INTERFACE
+        lease_file $_LEASES_FILE
+        start 10.0.0.128
+        end 10.0.0.254
+        max_leases 127
+        opt dns 8.8.8.8
+        option subnet 255.255.255.0
+        opt router 10.0.0.1
+        option lease 30
+      EOF
+      )
+    '';
+  };
+  nft_apply = writeShellApplication {
+    name = "pxe-nft-apply";
+    runtimeInputs = [ nftables ];
+    text = ''
+      [[ -n "''${INTERFACE-}" ]] || exit 2
+      exec nft -f - <<EOF
+        table inet filter {
+          chain forward_tmp {
+            iifname $INTERFACE oifname != {lo, wgrz, yggdrasil-wg-4, yggdrasil-wg-6, yggdrasil, ip6tnl, ip6gre, yggre-surtr-6, yggre-surtr-4, yggre-vidhar-4, virbr0} counter accept
+            oifname $INTERFACE ct state {established, related} counter accept
+          }
+          chain input_tmp {
+            iifname $INTERFACE udp dport {67,69,4011} counter accept
+            iifname $INTERFACE tcp dport 64172 counter accept
+          }
+        }
+        table ip nat {
+          chain postrouting_tmp {
+            iifname $INTERFACE oifname != $INTERFACE counter masquerade
+          }
+        }
+        table ip mss_clamp {
+          chain postrouting_tmp {
+            iifname $INTERFACE oifname != $INTERFACE tcp flags & (syn|rst) == syn counter tcp option maxseg size set rt mtu
+          }
+        }
+      EOF
+    '';
+  };
+  nft_flush = writeShellApplication {
+    name = "pxe-nft-flush";
+    runtimeInputs = [ nftables ];
+    text = ''
+      exec nft -f - <<EOF
+        flush chain inet filter forward_tmp
+        flush chain inet filter input_tmp
+        flush chain ip nat postrouting_tmp
+        flush chain ip mss_clamp postrouting_tmp
+      EOF
+    '';
+  };
+in mkShell {
+  name = installerName;
+  nativeBuildInputs = [ pixiecore-wrapped udhcpd nft_apply nft_flush ];
+}

diff --git a/installer/default.nix b/installer/default.nix index a0c84182..9043d59b 100644 --- a/installer/default.nix +++ b/installer/default.nix
@@ -26,11 +26,28 @@
26	};	26	};
27		27
28	environment.systemPackages = with pkgs; [	28	environment.systemPackages = with pkgs; [
29	nvme-cli iotop mosh	29	nvme-cli iotop pciutils bottom
		30
		31	cudatoolkit
30	];	32	];
31		33
32	zramSwap.enable = true;	34	zramSwap.enable = true;
33		35
		36	users.defaultUserShell = pkgs.zsh;
		37	programs = {
		38	mosh.enable = true;
		39	tmux.enable = true;
		40	zsh.enable = true;
		41	};
		42
		43	# nvidia
		44	services.xserver.videoDrivers = [ "nvidia" ];
		45	systemd.services.nvidia-control-devices = {
		46	wantedBy = [ "multi-user.target" ];
		47	serviceConfig.ExecStart = "${pkgs.linuxPackages.nvidia_x11.bin}/bin/nvidia-smi";
		48	};
		49	nixpkgs.config.allowUnfree = true;
		50
34	system.stateVersion = config.system.nixos.release; # No state in installer	51	system.stateVersion = config.system.nixos.release; # No state in installer
35	};	52	};
36	}	53	}


diff --git a/installer/shell.nix b/installer/shell.nix new file mode 100644 index 00000000..043f0ddc --- /dev/null +++ b/installer/shell.nix
@@ -0,0 +1,92 @@
		1	{ system, installerName, config
		2	, runCommand, makeWrapper, pixiecore, writeShellApplication, coreutils, busybox, nftables, mkShell
		3	}:
		4
		5	let
		6	pxeBuild = config.config.system.build;
		7	pixiecore-wrapped = runCommand "pixiecore-${system}-${installerName}" {
		8	nativeBuildInputs = [ makeWrapper ];
		9	} ''
		10	mkdir -p $out/bin
		11	makeWrapper ${pixiecore}/bin/pixiecore $out/bin/pixiecore-${installerName} \
		12	--add-flags boot \
		13	--add-flags "${pxeBuild.kernel}/bzImage" --add-flags "${pxeBuild.netbootRamdisk}/initrd" \
		14	--add-flags "--cmdline \"init=${pxeBuild.toplevel}/init loglevel=4\"" \
		15	--add-flags "-dt" --add-flags "--status-port 64172" --add-flags "--port 64172" --add-flags "--dhcp-no-bind"
		16	'';
		17	udhcpd = writeShellApplication {
		18	name = "udhcpd";
		19
		20	runtimeInputs = [ coreutils ];
		21
		22	text = ''
		23	[[ -n "''${INTERFACE-}" ]] \|\| exit 2
		24
		25	_LEASES_FILE=$(mktemp --tmpdir udhcpd.XXXXXXXXXX.leases)
		26	exec ${busybox}/bin/udhcpd -f <(cat <<EOF
		27	interface $INTERFACE
		28	lease_file $_LEASES_FILE
		29	start 10.0.0.128
		30	end 10.0.0.254
		31	max_leases 127
		32	opt dns 8.8.8.8
		33	option subnet 255.255.255.0
		34	opt router 10.0.0.1
		35	option lease 30
		36	EOF
		37	)
		38	'';
		39	};
		40	nft_apply = writeShellApplication {
		41	name = "pxe-nft-apply";
		42
		43	runtimeInputs = [ nftables ];
		44
		45	text = ''
		46	[[ -n "''${INTERFACE-}" ]] \|\| exit 2
		47
		48	exec nft -f - <<EOF
		49	table inet filter {
		50	chain forward_tmp {
		51	iifname $INTERFACE oifname != {lo, wgrz, yggdrasil-wg-4, yggdrasil-wg-6, yggdrasil, ip6tnl, ip6gre, yggre-surtr-6, yggre-surtr-4, yggre-vidhar-4, virbr0} counter accept
		52	oifname $INTERFACE ct state {established, related} counter accept
		53	}
		54
		55	chain input_tmp {
		56	iifname $INTERFACE udp dport {67,69,4011} counter accept
		57	iifname $INTERFACE tcp dport 64172 counter accept
		58	}
		59	}
		60
		61	table ip nat {
		62	chain postrouting_tmp {
		63	iifname $INTERFACE oifname != $INTERFACE counter masquerade
		64	}
		65	}
		66
		67	table ip mss_clamp {
		68	chain postrouting_tmp {
		69	iifname $INTERFACE oifname != $INTERFACE tcp flags & (syn\|rst) == syn counter tcp option maxseg size set rt mtu
		70	}
		71	}
		72	EOF
		73	'';
		74	};
		75	nft_flush = writeShellApplication {
		76	name = "pxe-nft-flush";
		77
		78	runtimeInputs = [ nftables ];
		79
		80	text = ''
		81	exec nft -f - <<EOF
		82	flush chain inet filter forward_tmp
		83	flush chain inet filter input_tmp
		84	flush chain ip nat postrouting_tmp
		85	flush chain ip mss_clamp postrouting_tmp
		86	EOF
		87	'';
		88	};
		89	in mkShell {
		90	name = installerName;
		91	nativeBuildInputs = [ pixiecore-wrapped udhcpd nft_apply nft_flush ];
		92	}