Update provisioning documentation and scripts for improved Proxmox deployment</message>

<message>Add a new step-by-step guide for deploying the CM4 eMMC provisioning service on a new Proxmox instance, enhancing clarity for users. Update existing documentation to reflect changes in network configuration options, including the introduction of LAN subnet settings for DHCP and TFTP. Modify cloud-init scripts to ensure proper management of DNS settings and improve the handling of network interfaces. Additionally, enhance the toggle script for network boot to dynamically read the LAN gateway from configuration files, streamlining the setup process and improving user experience.

emmc-provisioning/scripts/setup-network-boot-on-lxc.sh

@@ -25,7 +25,17 @@ if [[ -n "$TARGET" ]]; then
 fi
 
 # --- Running inside the LXC from here ---
-echo "Configuring network boot (DHCP + TFTP on eth1, NAT via eth0) ..."
+# LAN subnet: use /opt/cm4-provisioning/lan-subnet.conf (written by deploy-to-proxmox.sh when DEPLOY_LXC_LAN_SUBNET is set)
+LAN_CONF="/opt/cm4-provisioning/lan-subnet.conf"
+if [[ -f "$LAN_CONF" ]]; then
+  source "$LAN_CONF"
+else
+  LAN_GW="10.20.50.1"
+  LAN_CIDR="10.20.50.0/24"
+  DHCP_RANGE_START="10.20.50.100"
+  DHCP_RANGE_END="10.20.50.200"
+fi
+echo "Configuring network boot (DHCP + TFTP on eth1, NAT via eth0) — LAN $LAN_CIDR (gateway $LAN_GW), DHCP ${DHCP_RANGE_START}-${DHCP_RANGE_END} ..."
 
 # 1) Install dnsmasq
 if ! command -v dnsmasq >/dev/null 2>&1; then
@@ -34,12 +44,12 @@ fi
 
 # 2) dnsmasq config for eth1 only (DHCP + TFTP); PXE options in network-boot-pxe.conf (toggle with toggle-network-boot-dhcp.sh)
 mkdir -p /etc/dnsmasq.d
-cat > /etc/dnsmasq.d/network-boot.conf << 'DNSMASQ'
+cat > /etc/dnsmasq.d/network-boot.conf << DNSMASQ
 # DHCP on eth1 only (provisioning LAN)
 # TFTP and PXE options are in network-boot-pxe.conf, controlled by toggle-network-boot-dhcp.sh
 interface=eth1
 bind-interfaces
-dhcp-range=10.20.50.100,10.20.50.200,12h
+dhcp-range=${DHCP_RANGE_START},${DHCP_RANGE_END},12h
 log-dhcp
 log-queries
 port=0
@@ -89,14 +99,14 @@ fi
 echo 'net.ipv4.ip_forward=1' > /etc/sysctl.d/99-cm4-network-boot.conf
 sysctl -p /etc/sysctl.d/99-cm4-network-boot.conf 2>/dev/null || sysctl -w net.ipv4.ip_forward=1
 
-# 5) NAT: 10.20.50.0/24 -> eth0 (masquerade)
+# 5) NAT: LAN subnet -> eth0 (masquerade)
 if command -v nft >/dev/null 2>&1; then
   mkdir -p /etc/nftables.d
-  cat > /etc/nftables.d/nat-lan.conf << 'NFT'
+  cat > /etc/nftables.d/nat-lan.conf << NFT
 table ip nat {
 	chain postrouting {
 		type nat hook postrouting priority srcnat; policy accept;
-		ip saddr 10.20.50.0/24 oifname "eth0" masquerade
+		ip saddr ${LAN_CIDR} oifname "eth0" masquerade
 	}
 }
 NFT
@@ -110,8 +120,8 @@ NFT
   echo "NAT rule added (nftables) and saved to /etc/nftables.d/nat-lan.conf"
 else
   # Fallback iptables
-  iptables -t nat -C POSTROUTING -s 10.20.50.0/24 -o eth0 -j MASQUERADE 2>/dev/null || \
-    iptables -t nat -A POSTROUTING -s 10.20.50.0/24 -o eth0 -j MASQUERADE
+  iptables -t nat -C POSTROUTING -s "${LAN_CIDR}" -o eth0 -j MASQUERADE 2>/dev/null || \
+    iptables -t nat -A POSTROUTING -s "${LAN_CIDR}" -o eth0 -j MASQUERADE
   echo "NAT rule added (iptables)."
 fi
 
@@ -120,6 +130,6 @@ systemctl enable dnsmasq
 systemctl restart dnsmasq
 
 echo "Network boot setup done."
-echo "  - DHCP + TFTP on eth1 (10.20.50.1), range 10.20.50.100-200"
-echo "  - NAT: 10.20.50.0/24 -> eth0 (internet)"
+echo "  - DHCP + TFTP on eth1 ($LAN_GW), range ${DHCP_RANGE_START}-${DHCP_RANGE_END}"
+echo "  - NAT: ${LAN_CIDR} -> eth0 (internet)"
 echo "  - TFTP root: /srv/tftpboot (RPi boot files; initrd.img if provided)"