1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
{ system, installerName, config
, runCommand, makeWrapper, pixiecore, writeShellApplication, coreutils, busybox, nftables, mkShell
}:
let
pxeBuild = config.config.system.build;
pixiecore-wrapped = runCommand "pixiecore-${system}-${installerName}" {
nativeBuildInputs = [ makeWrapper ];
} ''
mkdir -p $out/bin
makeWrapper ${pixiecore}/bin/pixiecore $out/bin/pixiecore-${installerName} \
--add-flags boot \
--add-flags "${pxeBuild.kernel}/bzImage" --add-flags "${pxeBuild.netbootRamdisk}/initrd" \
--add-flags "--cmdline \"init=${pxeBuild.toplevel}/init loglevel=4\"" \
--add-flags "-dt" --add-flags "--status-port 64172" --add-flags "--port 64172" --add-flags "--dhcp-no-bind"
'';
udhcpd = writeShellApplication {
name = "udhcpd";
runtimeInputs = [ coreutils ];
text = ''
[[ -n "''${INTERFACE-}" ]] || exit 2
_LEASES_FILE=$(mktemp --tmpdir udhcpd.XXXXXXXXXX.leases)
exec ${busybox}/bin/udhcpd -f <(cat <<EOF
interface $INTERFACE
lease_file $_LEASES_FILE
start 10.0.0.128
end 10.0.0.254
max_leases 127
opt dns 8.8.8.8
option subnet 255.255.255.0
opt router 10.0.0.1
option lease 30
EOF
)
'';
};
nft_apply = writeShellApplication {
name = "pxe-nft-apply";
runtimeInputs = [ nftables ];
text = ''
[[ -n "''${INTERFACE-}" ]] || exit 2
exec nft -f - <<EOF
table inet filter {
chain forward_tmp {
iifname $INTERFACE oifname != {lo, wgrz, yggdrasil-wg-4, yggdrasil-wg-6, yggdrasil, ip6tnl, ip6gre, yggre-surtr-6, yggre-surtr-4, yggre-vidhar-4, virbr0} counter accept
oifname $INTERFACE ct state {established, related} counter accept
}
chain input_tmp {
iifname $INTERFACE udp dport {67,69,4011} counter accept
iifname $INTERFACE tcp dport 64172 counter accept
}
}
table ip nat {
chain postrouting_tmp {
iifname $INTERFACE oifname != $INTERFACE counter masquerade
}
}
table ip mss_clamp {
chain postrouting_tmp {
iifname $INTERFACE oifname != $INTERFACE tcp flags & (syn|rst) == syn counter tcp option maxseg size set rt mtu
}
}
EOF
'';
};
nft_flush = writeShellApplication {
name = "pxe-nft-flush";
runtimeInputs = [ nftables ];
text = ''
exec nft -f - <<EOF
flush chain inet filter forward_tmp
flush chain inet filter input_tmp
flush chain ip nat postrouting_tmp
flush chain ip mss_clamp postrouting_tmp
EOF
'';
};
in mkShell {
name = installerName;
nativeBuildInputs = [ pixiecore-wrapped udhcpd nft_apply nft_flush ];
}
|
