feat(gengetsu): nfs root fs

2026-02-09 04:19:19 -08:00 · 2024-11-24 15:34:08 -08:00 · 2024-11-24 15:34:08 -08:00 · 179ac7ac55
commit 179ac7ac55
parent 3c5e7179bb
5 changed files with 54 additions and 15 deletions
--- a/nixos/base/system.nix
+++ b/nixos/base/system.nix
@ -6,7 +6,7 @@
  ...
 }: let
  inherit (gensokyo-zone.lib) mkAlmostOptionDefault;
-  inherit (lib.modules) mkDefault;
+  inherit (lib.modules) mkIf mkDefault;
 in {
  hardware.enableRedistributableFirmware = mkDefault true;
  boot.zfs.package = mkDefault pkgs.zfs_unstable;
@ -29,4 +29,8 @@ in {
    useTmpfs = mkAlmostOptionDefault true;
    tmpfsSize = mkAlmostOptionDefault "80%";
  };
+  system.switch.enableNg = mkIf (config.boot.supportedFilesystems.nfs or false) (
+    # XXX: workaround for nixos switch bug
+    mkAlmostOptionDefault false
+  );
 }
--- a/nixos/netboot/kyuuto.nix
+++ b/nixos/netboot/kyuuto.nix
@ -7,7 +7,7 @@
  ...
 }: let
  inherit (lib.options) mkOption mkEnableOption mkPackageOption;
-  inherit (lib.modules) mkIf mkDefault mkMerge;
+  inherit (lib.modules) mkIf mkMerge mkOptionDefault mkDefault;
  cfg = config.gensokyo-zone.netboot;
  nfsEnabled = config.boot.initrd.supportedFilesystems.nfs or config.boot.initrd.supportedFilesystems.nfs4 or false;
  defaultCacheTimeoutMax = 60 * 60; # 1h
@ -20,6 +20,9 @@ in {
      package = mkPackageOption pkgs "nfs-utils" {
        example = "pkgs.mkinitcpio-nfs-utils";
      };
+      host = mkOption {
+        type = str;
+      };
      security = mkOption {
        type = str;
        default = "sys";
@ -39,6 +42,20 @@ in {
    };
  };
  config = {
+    gensokyo-zone.netboot = {
+      nfs = {
+        host = let
+          nfsUrl = access.proxyUrlFor {
+            serviceName = "nfs";
+            scheme = "";
+            defaultPort = 2049;
+            # XXX: consider using dns hostname here instead? (does this require the dns_resolver kernel module?)
+            getAddressFor = "getAddress4For";
+          };
+        in
+          mkOptionDefault nfsUrl;
+      };
+    };
    boot = {
      initrd = {
        network = {
@ -75,15 +92,7 @@ in {
      };
    };
    fileSystems = let
-      nfsUrl =
-        access.proxyUrlFor {
-          serviceName = "nfs";
-          scheme = "";
-          defaultPort = 2049;
-          # XXX: consider using dns hostname here instead? (does this require the dns_resolver kernel module?)
-          getAddressFor = "getAddress4For";
-        }
-        + ":/srv/fs/kyuuto/systems/${systemConfig.name}";
+      nfsUrl = "${cfg.nfs.host}:/srv/fs/kyuuto/systems/${systemConfig.name}";
      nfsOpts =
        [
          "sec=${cfg.nfs.security}"
@ -101,5 +110,8 @@ in {
        options = nfsOpts;
      };
    };
+    systemd.services.systemd-remount-fs = mkIf (config.fileSystems."/".fsType == "nfs") {
+      unitConfig.ConditionPathExists = "/tmp/systemd-remount-fs-broken";
+    };
  };
 }
--- a/nixos/nfs.nix
+++ b/nixos/nfs.nix
@ -107,6 +107,10 @@ in {
        ];
        adminClients = [
          "@admin"
+          # TODO: "@personal-admin" host group too...
+          # shanghai.tail:
+          "fd7a:115c:a1e0::4e01:2d2c/128"
+          "100.107.45.44/32"
          # XXX: include tailscale addresses of trusted machines here too?
        ];
        tailClients = optionals config.services.tailscale.enable cidrForNetwork.tail.all;