blackberry: wireshark: enable

[julm/julm-nix.git] / hosts / blackberry / pixiecore.nix

{ pkgs, lib, config, inputs, modulesPath, ... }@args:
let
  pixiecore = config.services.pixiecore;
  nixos = import ../minimal.nix
    (args // {
      modules = [ (modulesPath + "/installer/netboot/netboot-minimal.nix") ];
    });
  build = nixos.config.system.build;
in
{
  services.pixiecore = {
    enable = true;
    mode = "boot";
    debug = true;
    dhcpNoBind = false;
    port = 64172;
    statusPort = 64172;
    kernel = "${build.kernel}/bzImage";
    initrd = "${build.netbootRamdisk}/initrd";
    cmdLine = "init=${build.toplevel}/init loglevel=4";
    extraArguments = [];
  };
  networking.nftables.ruleset = ''
    table inet filter {
      chain input-lan {
        udp dport 67 counter accept comment "Pixiecore/DHCP"
        udp dport 69 counter accept comment "Pixiecore/TFTP"
        udp dport 4011 counter accept comment "Pixiecore/ProxyDHCP"
        tcp dport ${toString pixiecore.port} counter accept comment "Pixiecore"
        tcp dport ${toString pixiecore.statusPort} counter accept comment "Pixiecore/status"
      }
      chain output-lan {
      }
    }
  '';
}