Update provisioning documentation and scripts for improved Proxmox deployment</message>

<message>Add a new step-by-step guide for deploying the CM4 eMMC provisioning service on a new Proxmox instance, enhancing clarity for users. Update existing documentation to reflect changes in network configuration options, including the introduction of LAN subnet settings for DHCP and TFTP. Modify cloud-init scripts to ensure proper management of DNS settings and improve the handling of network interfaces. Additionally, enhance the toggle script for network boot to dynamically read the LAN gateway from configuration files, streamlining the setup process and improving user experience.
2026-03-03 08:24:18 +02:00
parent 7dd9f2b74f
commit 123fd8748e
16 changed files with 500 additions and 33 deletions
--- a/emmc-provisioning/lxc/README.md
+++ b/emmc-provisioning/lxc/README.md
@@ -2,10 +2,12 @@

 Config files for the **provisioning LXC** when using **eth1** as a provisioning LAN (DHCP + TFTP for network boot, NAT for internet).

+**LAN subnet:** When you deploy with `DEPLOY_LXC_LAN_SUBNET` (e.g. `10.100.1.1/24`), the deploy script writes `/opt/cm4-provisioning/lan-subnet.conf` inside the LXC with `LAN_GW`, `LAN_CIDR`, and `DHCP_RANGE_START`/`DHCP_RANGE_END`. The setup script and toggle script read this file so dnsmasq, NAT, and PXE options all use the same subnet. If the file is missing, defaults are `10.20.50.1/24` and `10.20.50.100`–`10.20.50.200`.
+
 | File | Purpose |
 |------|--------|
-| **dnsmasq-network-boot.conf** | dnsmasq: DHCP + TFTP on eth1 only. Copied to `/etc/dnsmasq.d/` by `scripts/setup-network-boot-on-lxc.sh`. |
-| **nft-nat-lan.conf** | nftables NAT so 10.20.50.0/24 uses eth0 for internet. Applied by the setup script to `/etc/nftables.d/nat-lan.conf`. |
+| **dnsmasq-network-boot.conf** | Template: dnsmasq DHCP + TFTP on eth1. Setup script writes `/etc/dnsmasq.d/network-boot.conf` using values from `lan-subnet.conf`. |
+| **nft-nat-lan.conf** | Template: nftables NAT for LAN→WAN. Setup script writes `/etc/nftables.d/nat-lan.conf` using `LAN_CIDR` from `lan-subnet.conf`. |

 Setup is done by running (from your machine):

--- a/emmc-provisioning/lxc/dnsmasq-network-boot-pxe.conf
+++ b/emmc-provisioning/lxc/dnsmasq-network-boot-pxe.conf
@@ -1,5 +1,6 @@
 # PXE/network-boot DHCP options (option 66 = next-server, 67 = boot file).
 # When this file is present, dnsmasq advertises network boot; when removed, devices get DHCP only and boot from local storage.
 # Toggle with: /opt/cm4-provisioning/toggle-network-boot-dhcp.sh enable|disable
+# Template; toggle script writes the real next-server from /opt/cm4-provisioning/lan-subnet.conf (LAN_GW).
 dhcp-option=66,10.20.50.1
 dhcp-option=67,start4cd.elf
--- a/emmc-provisioning/lxc/dnsmasq-network-boot.conf
+++ b/emmc-provisioning/lxc/dnsmasq-network-boot.conf
@@ -1,12 +1,14 @@
 # dnsmasq: DHCP + TFTP on eth1 only (provisioning LAN).
 # Install to /etc/dnsmasq.d/network-boot.conf on the LXC.
 # Restrict to eth1 so we don't interfere with host/other DHCP.
+# When using setup-network-boot-on-lxc.sh, the actual subnet and DHCP range
+# come from /opt/cm4-provisioning/lan-subnet.conf (written by deploy-to-proxmox.sh).

 # Listen only on eth1 (provisioning LAN)
 interface=eth1
 bind-interfaces

-# DHCP range for devices on eth1 (adjust if you use a different subnet)
+# DHCP range for devices on eth1 (template; setup script uses lan-subnet.conf)
 dhcp-range=10.20.50.100,10.20.50.200,12h

 # TFTP for Raspberry Pi / CM4 network boot
--- a/emmc-provisioning/lxc/nft-nat-lan.conf
+++ b/emmc-provisioning/lxc/nft-nat-lan.conf
@@ -1,6 +1,6 @@
 # nftables: NAT for LAN (eth1) so clients use WAN (eth0) for internet.
 # Load with: nft -f /etc/nftables.d/nat-lan.conf
-# Or use the inline rules in setup-network-boot-on-lxc.sh (no separate file dependency).
+# When using setup-network-boot-on-lxc.sh, the subnet is taken from /opt/cm4-provisioning/lan-subnet.conf (LAN_CIDR).

 table ip nat {
 	chain postrouting {
--- a/emmc-provisioning/lxc/toggle-network-boot-dhcp.sh
+++ b/emmc-provisioning/lxc/toggle-network-boot-dhcp.sh
@@ -3,11 +3,19 @@
 # When disabled, TFTP is stopped and no boot server is advertised; DHCP still runs.
 # Usage: toggle-network-boot-dhcp.sh enable | disable | status
 # Run as root. Install to /opt/cm4-provisioning/toggle-network-boot-dhcp.sh
+# LAN gateway for TFTP/next-server is read from /opt/cm4-provisioning/lan-subnet.conf (written by deploy-to-proxmox.sh).

 set -e
 PXE_CONF="/etc/dnsmasq.d/network-boot-pxe.conf"
 MAIN_CONF="/etc/dnsmasq.d/network-boot.conf"

+LAN_CONF="/opt/cm4-provisioning/lan-subnet.conf"
+if [[ -f "$LAN_CONF" ]]; then
+  source "$LAN_CONF"
+else
+  LAN_GW="10.20.50.1"
+fi
+
 # Remove enable-tftp / tftp-root from main config if present (legacy; these belong in PXE conf)
 cleanup_main_conf() {
  if [ -f "$MAIN_CONF" ] && grep -q 'enable-tftp\|tftp-root' "$MAIN_CONF" 2>/dev/null; then
@@ -18,19 +26,19 @@ cleanup_main_conf() {
 case "${1:-}" in
  enable)
    cleanup_main_conf
-    cat > "$PXE_CONF" << 'EOF'
+    cat > "$PXE_CONF" << EOF
 # PXE/network boot ENABLED - managed by toggle-network-boot-dhcp.sh
 # TFTP server (only active when network boot is enabled)
 enable-tftp
 tftp-root=/srv/tftpboot
 # BOOTP fields (siaddr = TFTP server, filename = boot file)
-dhcp-boot=start4cd.elf,,10.20.50.1
+dhcp-boot=start4cd.elf,,${LAN_GW}
 # DHCP options 66/67 (some PXE clients prefer these)
-dhcp-option=66,10.20.50.1
+dhcp-option=66,${LAN_GW}
 dhcp-option=67,start4cd.elf
 EOF
    systemctl restart dnsmasq 2>/dev/null || service dnsmasq restart 2>/dev/null || true
-    echo "Network boot enabled."
+    echo "Network boot enabled (TFTP next-server: $LAN_GW)."
    ;;
  disable)
    cleanup_main_conf