{ config, pkgs, lib, ... }: # ============================================================================== # CUSTOM NETBOOT CONFIGURATION EXAMPLE # ============================================================================== # This example demonstrates how to create a custom netboot configuration with: # - Custom kernel version and modules # - Additional packages for specialized use cases # - Hardware-specific drivers # - Custom network configuration # - Debugging tools # # Usage: # 1. Copy this file to nix/images/netboot-custom.nix # 2. Add to flake.nix: # nixosConfigurations.netboot-custom = nixpkgs.lib.nixosSystem { # system = "x86_64-linux"; # modules = [ ./nix/images/netboot-custom.nix ]; # }; # 3. Build: ./build-images.sh --profile custom # ============================================================================== { imports = [ ../netboot-base.nix # Adjust path as needed ../../modules # PlasmaCloud service modules ]; # ============================================================================ # CUSTOM KERNEL CONFIGURATION # ============================================================================ # Use specific kernel version instead of latest boot.kernelPackages = pkgs.linuxPackages_6_6; # LTS kernel # Add custom kernel modules for specialized hardware boot.kernelModules = [ # Infiniband/RDMA support "ib_core" "ib_uverbs" "mlx5_core" "mlx5_ib" # GPU support (for GPU compute nodes) "nvidia" "nvidia_uvm" # Custom storage controller "megaraid_sas" "mpt3sas" ]; # Custom kernel parameters boot.kernelParams = [ # Default console configuration "console=ttyS0,115200" "console=tty0" "loglevel=4" # Custom parameters "intel_iommu=on" # Enable IOMMU for PCI passthrough "iommu=pt" # Passthrough mode "hugepagesz=2M" # 2MB hugepages "hugepages=1024" # Allocate 1024 hugepages (2GB) "isolcpus=2-7" # CPU isolation for real-time workloads ]; # Blacklist problematic modules boot.blacklistedKernelModules = [ "nouveau" # Disable nouveau if using proprietary NVIDIA "i915" # Disable Intel GPU if not needed ]; # ============================================================================ # ADDITIONAL PACKAGES # ============================================================================ environment.systemPackages = with pkgs; [ # Networking diagnostics iperf3 # Network performance testing mtr # Network diagnostic tool nmap # Network scanner wireshark-cli # Packet analyzer # Storage tools nvme-cli # NVMe management smartmontools # SMART monitoring fio # I/O performance testing sg3_utils # SCSI utilities # Hardware diagnostics pciutils # lspci usbutils # lsusb dmidecode # Hardware information lshw # Hardware lister hwinfo # Hardware info tool # Debugging tools strace # System call tracer ltrace # Library call tracer gdb # GNU debugger valgrind # Memory debugger # Performance tools perf # Linux perf tool bpftrace # eBPF tracing sysstat # System statistics (sar, iostat) # Container/virtualization tools qemu_full # Full QEMU with all features libvirt # Virtualization management virt-manager # VM management (CLI) docker # Container runtime podman # Alternative container runtime # Development tools (for on-site debugging) python3Full # Python with all modules python3Packages.pip nodejs # Node.js runtime git # Version control gcc # C compiler rustc # Rust compiler cargo # Rust package manager # Custom tools # Add your organization's custom packages here ]; # ============================================================================ # CUSTOM NETWORK CONFIGURATION # ============================================================================ # Static IP instead of DHCP (example) networking.useDHCP = lib.mkForce false; networking.interfaces.eth0 = { useDHCP = false; ipv4.addresses = [{ address = "10.0.1.100"; prefixLength = 24; }]; }; networking.defaultGateway = "10.0.1.1"; networking.nameservers = [ "10.0.1.1" "8.8.8.8" ]; # Custom DNS domain networking.domain = "custom.example.com"; # Enable jumbo frames networking.interfaces.eth0.mtu = 9000; # ============================================================================ # CUSTOM SSH CONFIGURATION # ============================================================================ # Multiple SSH keys for different operators users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOperator1Key operator1@example.com" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOperator2Key operator2@example.com" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOperator3Key operator3@example.com" ]; # Custom SSH port (for security through obscurity - not recommended for production) # services.openssh.ports = [ 2222 ]; # ============================================================================ # CUSTOM SERVICES # ============================================================================ # Enable only specific PlasmaCloud services services.plasmavmc = { enable = lib.mkDefault false; port = 8081; }; services.novanet = { enable = lib.mkDefault false; port = 8082; }; # ============================================================================ # DEBUGGING AND LOGGING # ============================================================================ # Enable verbose boot logging boot.kernelParams = lib.mkAfter [ "loglevel=7" "debug" ]; # Enable systemd debug logging systemd.services."serial-getty@ttyS0".environment = { SYSTEMD_LOG_LEVEL = "debug"; }; # Enable additional logging services.journald.extraConfig = '' Storage=persistent MaxRetentionSec=7day SystemMaxUse=1G ''; # ============================================================================ # PERFORMANCE TUNING # ============================================================================ # Custom sysctl settings for high-performance networking boot.kernel.sysctl = { # Network buffer sizes "net.core.rmem_max" = 268435456; # 256 MB "net.core.wmem_max" = 268435456; # 256 MB "net.core.rmem_default" = 67108864; # 64 MB "net.core.wmem_default" = 67108864; # 64 MB # TCP tuning "net.ipv4.tcp_rmem" = "4096 87380 134217728"; "net.ipv4.tcp_wmem" = "4096 65536 134217728"; "net.ipv4.tcp_congestion_control" = "bbr"; # Connection tracking "net.netfilter.nf_conntrack_max" = 1048576; # File descriptor limits "fs.file-max" = 2097152; # Virtual memory "vm.swappiness" = 1; "vm.vfs_cache_pressure" = 50; "vm.dirty_ratio" = 10; "vm.dirty_background_ratio" = 5; # Kernel "kernel.pid_max" = 4194304; }; # Increase systemd limits systemd.extraConfig = '' DefaultLimitNOFILE=1048576 DefaultLimitNPROC=1048576 ''; # ============================================================================ # HARDWARE-SPECIFIC CONFIGURATION # ============================================================================ # Enable CPU microcode updates hardware.cpu.intel.updateMicrocode = true; hardware.cpu.amd.updateMicrocode = true; # Enable firmware updates hardware.enableRedistributableFirmware = true; # GPU support (example for NVIDIA) # Uncomment if using NVIDIA GPUs # hardware.nvidia.modesetting.enable = true; # services.xserver.videoDrivers = [ "nvidia" ]; # ============================================================================ # CUSTOM INITIALIZATION # ============================================================================ # Run custom script on boot systemd.services.custom-init = { description = "Custom initialization script"; wantedBy = [ "multi-user.target" ]; after = [ "network-online.target" ]; wants = [ "network-online.target" ]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; }; script = '' echo "Running custom initialization..." # Example: Configure network interfaces ${pkgs.iproute2}/bin/ip link set dev eth1 up # Example: Load custom kernel modules ${pkgs.kmod}/bin/modprobe custom_driver || true # Example: Call home to provisioning server ${pkgs.curl}/bin/curl -X POST http://provisioning.example.com/api/register \ -d "hostname=$(hostname)" \ -d "ip=$(${pkgs.iproute2}/bin/ip -4 addr show eth0 | grep -oP '(?<=inet\s)\d+(\.\d+){3}')" \ || true echo "Custom initialization complete" ''; }; # ============================================================================ # FIREWALL CONFIGURATION # ============================================================================ # Custom firewall rules (disabled by default in netboot, but example provided) networking.firewall = { enable = lib.mkDefault false; # Disabled during provisioning # When enabled, allow these ports allowedTCPPorts = [ 22 # SSH 8081 # PlasmaVMC 8082 # NovaNET ]; # Custom iptables rules extraCommands = '' # Allow ICMP iptables -A INPUT -p icmp -j ACCEPT # Rate limit SSH connections iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP ''; }; # ============================================================================ # NIX CONFIGURATION # ============================================================================ # Custom binary caches nix.settings = { substituters = [ "https://cache.nixos.org" "https://custom-cache.example.com" # Your organization's cache ]; trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "custom-cache.example.com:YourPublicKeyHere" ]; # Build settings max-jobs = "auto"; cores = 0; # Use all available cores # Experimental features experimental-features = [ "nix-command" "flakes" "repl-flake" ]; }; # ============================================================================ # TIMEZONE AND LOCALE # ============================================================================ # Custom timezone (instead of UTC) time.timeZone = lib.mkForce "America/New_York"; # Additional locale support i18n.supportedLocales = [ "en_US.UTF-8/UTF-8" "ja_JP.UTF-8/UTF-8" # Japanese support ]; i18n.defaultLocale = "en_US.UTF-8"; # ============================================================================ # SYSTEM STATE VERSION # ============================================================================ system.stateVersion = "24.11"; }