nixos-config/config/services/router.nix

176 lines
5.3 KiB
Nix
Raw Normal View History

2023-03-19 19:05:26 +00:00
{
nixos-config-for-netboot,
pkgs,
...
}: let
2023-05-23 14:27:01 +00:00
win11Iso = pkgs.stdenv.mkDerivation {
2023-05-24 08:05:35 +00:00
name = "Win11_22H2_EnglishInternational_x64v2.iso";
2023-05-23 14:39:00 +00:00
src = pkgs.emptyDirectory;
2023-05-23 14:27:01 +00:00
buildPhase = ''
echo "Manually add a win11.iso with the correct hash to your store"
exit 1
'';
2023-05-24 08:05:35 +00:00
outputHash = "0dgv9vjv375d5jx80y67ljz5vvpnb0inmia0cifga1zlsp1sq9zz";
2023-05-23 14:27:01 +00:00
outputHashMode = "flat";
outputHashAlgo = "sha256";
};
installBat = pkgs.writeText "install.bat" ''
wpeinit
ipconfig
net use i: \\192.168.2.1\INSTALL /user:none none
i:
setup.exe /AddBootMgrLast
'';
winpeshlIni = pkgs.writeText "winpeshl.ini" ''
[LaunchhApps]
"install.bat"
'';
win11SetupDir = pkgs.stdenv.mkDerivation {
name = "win11-boot";
src = pkgs.emptyDirectory;
nativeBuildInputs = [pkgs.p7zip];
buildPhase = "";
installPhase = ''
mkdir $out
cd $out
7z x ${win11Iso} boot efi sources/boot.wim
ln -sv ${installBat} install.bat
ln -sv ${winpeshlIni} winpeshl.ini
'';
};
2023-05-23 14:27:01 +00:00
win11IsoDir = pkgs.stdenv.mkDerivation {
name = "win11";
2023-05-23 14:39:00 +00:00
src = pkgs.emptyDirectory;
2023-05-23 14:27:01 +00:00
buildPhase = "true";
installPhase = ''
mkdir $out
ln -sv ${win11Iso} $out/win11.iso
ln -sv ${win11SetupDir} $out/setup
2023-05-23 14:27:01 +00:00
'';
};
2023-05-23 13:34:44 +00:00
bootIpxeX86Script = pkgs.writeTextDir "boot.ipxe" ''
#!ipxe
:start
menu iPXE boot menu
item --gap -- ------------------------- Operating systems ------------------------------
item --key n linux (N)ixOS (netboot)
2023-05-23 14:27:01 +00:00
item --key w windows (W)indows 11 (installer)
2023-05-23 13:34:44 +00:00
item --gap -- ----------------------------- Utilities ----------------------------------
item --key e ext (E)xit
item --key s shell EFI (S)hell
choose version && goto ${"$"}{version} || goto start
:linux
chain http://192.168.2.1/x86_64/netboot.ipxe
2023-05-23 14:27:01 +00:00
:windows
imgfree
kernel http://192.168.2.1/x86_64/share/wimboot/wimboot.x86_64.efi gui
initrd http://192.168.2.1/x86_64/setup/install.bat install.bat
initrd http://192.168.2.1/x86_64/setup/winpeshl.ini winpeshl.ini
initrd http://192.168.2.1/x86_64/setup/efi/microsoft/boot/bcd BCD
initrd http://192.168.2.1/x86_64/setup/boot/fonts/segmono_boot.ttf segmono_boot.ttf
initrd http://192.168.2.1/x86_64/setup/boot/fonts/segoe_slboot.ttf segoe_slboot.ttf
initrd http://192.168.2.1/x86_64/setup/boot/fonts/segoen_slboot.ttf segoen_slboot.ttf
initrd http://192.168.2.1/x86_64/setup/boot/fonts/wgl4_boot.ttf wgl4_boot.ttf
initrd http://192.168.2.1/x86_64/setup/boot/boot.sdi boot.sdi
initrd http://192.168.2.1/x86_64/setup/sources/boot.wim boot.wim
boot
2023-05-23 14:27:01 +00:00
2023-05-23 13:34:44 +00:00
:shell
chain http://192.168.2.1/x86_64/shell.efi
:ext
exit
'';
2023-03-19 19:05:26 +00:00
netboot-x86_64 = pkgs.symlinkJoin {
name = "netboot-x86_64";
paths = [
pkgs.ipxe
2023-03-19 19:11:32 +00:00
nixos-config-for-netboot.nixosConfigurations.netboot.config.system.build.kernel
nixos-config-for-netboot.nixosConfigurations.netboot.config.system.build.netbootRamdisk
nixos-config-for-netboot.nixosConfigurations.netboot.config.system.build.netbootIpxeScript
2023-05-23 13:34:44 +00:00
pkgs.edk2-uefi-shell
bootIpxeX86Script
2023-05-23 14:27:01 +00:00
win11IsoDir
pkgs.wimboot
2023-03-19 19:05:26 +00:00
];
};
bootIpxeScript = pkgs.writeText "boot.ipxe" ''
2023-05-23 13:34:44 +00:00
#!ipxe
set arch ${"$"}{buildarch}
iseq ${"$"}{arch} i386 && cpuid --ext 29 && set arch x86_64 ||
chain http://192.168.2.1/${"$"}{arch}/boot.ipxe
2023-03-19 19:05:26 +00:00
'';
netboot = pkgs.stdenvNoCC.mkDerivation {
name = "netboot";
src = pkgs.emptyDirectory;
2023-03-20 07:10:37 +00:00
buildPhase = "true";
2023-03-19 19:05:26 +00:00
installPhase = ''
mkdir $out
cp ${bootIpxeScript} $out/boot.ipxe
ln -svf ${netboot-x86_64} $out/x86_64
'';
};
in {
2023-03-18 09:02:19 +00:00
networking.dhcpcd.allowInterfaces = ["enp2s0f0u4"]; # yes a usb network card dont judge
2022-05-05 19:58:29 +00:00
services.dhcpd4 = {
enable = true;
extraConfig = ''
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.2.255;
option routers 192.168.2.1;
2022-05-05 20:24:55 +00:00
option domain-name-servers 1.1.1.1;
2022-05-05 19:58:29 +00:00
subnet 192.168.2.0 netmask 255.255.255.0 {
range 192.168.2.100 192.168.2.200;
}
2022-06-20 20:11:25 +00:00
option client-arch code 93 = unsigned integer 16;
if exists user-class and option user-class = "iPXE" {
2022-06-21 12:35:44 +00:00
filename "http://192.168.2.1/boot.ipxe";
2023-03-19 19:05:26 +00:00
} elsif substring (option vendor-class-identifier, 0, 10) = "HTTPClient" {
2023-05-23 13:34:44 +00:00
option vendor-class-identifier "HTTPClient";
2023-03-19 19:05:26 +00:00
filename "http://192.168.2.1/x86_64/ipxe.efi";
2022-06-20 20:11:25 +00:00
} elsif option client-arch != 00:00 {
2023-05-23 13:34:44 +00:00
filename "ipxe.efi";
2023-03-19 19:05:26 +00:00
next-server 192.168.2.1;
2022-06-20 20:11:25 +00:00
} else {
2023-05-23 13:34:44 +00:00
filename "undionly.kpxe";
2023-03-19 19:05:26 +00:00
next-server 192.168.2.1;
2022-06-20 20:11:25 +00:00
}
2022-05-05 19:58:29 +00:00
'';
2022-06-12 15:39:15 +00:00
interfaces = ["br0"];
2022-05-05 19:58:29 +00:00
};
2023-05-23 13:34:44 +00:00
services.atftpd = {
2022-06-20 20:11:25 +00:00
enable = true;
2023-05-23 13:34:44 +00:00
root = pkgs.ipxe;
2022-06-20 20:11:25 +00:00
};
2023-03-19 19:05:26 +00:00
services.caddy.virtualHosts."http://192.168.2.1".extraConfig = ''
import baseConfig
root * ${netboot}
file_server
'';
2022-06-21 12:48:31 +00:00
networking.firewall.interfaces."br0".allowedUDPPorts = [69 4011];
2022-05-05 19:58:29 +00:00
# No i dont have ipv6 :(
networking.firewall.extraCommands = ''
iptables -A FORWARD -i br0 -j ACCEPT
2023-03-18 09:02:19 +00:00
iptables -t nat -A POSTROUTING -o enp2s0f0u4 -s 192.168.2.0/24 -j MASQUERADE
2022-05-05 19:58:29 +00:00
'';
2023-05-21 17:32:58 +00:00
networking.interfaces.enp2s0f0u4.macAddress = "00:d8:61:d0:de:1e"; # fucking ISP
2022-05-05 20:24:55 +00:00
boot.kernel.sysctl = {
"net.ipv4.conf.all.forwarding" = true;
"net.ipv6.conf.all.forwarding" = true;
};
fileSystems."/mnt/win" = {
device = "${win11Iso}";
options = ["loop" "ro"];
};
2022-05-05 19:58:29 +00:00
}