Merge pull request #189 from lheckemann/flake

Flakify the system

DEV_NOTES.md

@@ -1,21 +1,17 @@
-# How to build community builders
-
-Building: Make a `build.cfg` file and run `./build.sh`:
+# How to build community build box
 
 ```
-pxeUrlPrefix    https://yourdomain.com/pxe-images
-pxeUrlSuffix    netboot.ipxe
-packetKey       your-packet-api-key
-packetDevice    your-packet-device-id
-buildHost       user@an-aarch64-capable-build-box
-imageName       nixos-packet-aarch64-2018-01-03v1
-pxeHost         user@web-accessible-server
-pxeDir          /path/to/web/root
+nix build .#hydraJobs.system
 ```
 
-The build will happen on `buildHost` then copied directly from buildHost
-to `pxeHost:pxeDir/imageName` (via netcat and openssl).
-If the destination directory already exists, it will be overwritten.
+You will need to be on an aarch64-linux machine or have an
+aarch64-linux builder configured.
+
+You can use
+[nix-netboot-serve](https://github.com/DeterminateSystems/nix-netboot-serve/)
+to provide netboot for the resulting configuration.
+
+(TODO: this isn't implemented yet)
+The production machine boots via the [build on hydra.nixos.org](TODO)
+using netboot.nixos.org, which is also running nix-netboot-serve.
 
-Update the PXE url and restart the server with `./restart.sh`. The PXE
-URL will be calculated by `pxeUrlPrefix/imageName/pxeUrlSuffix`.

configuration.nix

@@ -1,58 +1,7 @@
-{ pkgs ? import ./nix { system = "aarch64-linux"; }
-}:
-let
-  makeNetboot = config:
-    let
-      config_evaled = import "${pkgs.path}/nixos/lib/eval-config.nix" config;
-      build = config_evaled.config.system.build;
-      kernelTarget = config_evaled.pkgs.stdenv.hostPlatform.linux-kernel.target;
-    in
-      pkgs.symlinkJoin {
-        name="netboot";
-        paths=[
-          build.netbootRamdisk
-          build.kernel
-          build.netbootIpxeScript
-        ];
-        postBuild = ''
-          mkdir -p $out/nix-support
-          echo "file ${kernelTarget} $out/${kernelTarget}" >> $out/nix-support/hydra-build-products
-          echo "file initrd $out/initrd" >> $out/nix-support/hydra-build-products
-          echo "file ipxe $out/netboot.ipxe" >> $out/nix-support/hydra-build-products
-        '';
-      };
-
-  postDeviceCommands = pkgs.writeScript "post-device-commands"
-    ''
-      #!/bin/sh
-
-      set -eu
-      set -o pipefail
-
-      PATH="${pkgs.coreutils}/bin:${pkgs.util-linux}/bin:${pkgs.gnugrep}/bin:${pkgs.gnused}/bin:${pkgs.e2fsprogs}/bin:${pkgs.btrfs-progs}/bin"
-
-      exec ${./post-devices.sh}
-    '';
-
-  postMountCommands = pkgs.writeScript "post-mount-commands"
-    ''
-      #!/bin/sh
-
-      set -eu
-      set -o pipefail
-
-      PATH="${pkgs.coreutils}/bin:${pkgs.util-linux}/bin:${pkgs.gnugrep}/bin:${pkgs.gnused}/bin:${pkgs.e2fsprogs}/bin"
-
-      exec ${./persistence.sh}
-    '';
-
-  ofborg = builtins.storePath ./nix/ofborg-path;
-
-in makeNetboot {
-  system = "aarch64-linux";
-  modules = [
-    "${pkgs.path}/nixos/modules/profiles/all-hardware.nix"
-    "${pkgs.path}/nixos/modules/profiles/minimal.nix"
+{ pkgs, modulesPath, lib, ... }: {
+  imports = [
+    (modulesPath + "/profiles/all-hardware.nix")
+    (modulesPath + "/profiles/minimal.nix")
 
     ./modules/netboot.nix
 
@@ -155,8 +104,26 @@ in makeNetboot {
       security.sudo.wheelNeedsPassword = false;
 
       boot.supportedFilesystems = [ "zfs" ];
-      boot.initrd.postDeviceCommands = "${postDeviceCommands}";
-      boot.initrd.postMountCommands = "${postMountCommands}";
+      boot.initrd.postDeviceCommands = "${pkgs.writeScript "post-device-commands" ''
+        #!/bin/sh
+
+        set -eu
+        set -o pipefail
+
+        PATH="${pkgs.coreutils}/bin:${pkgs.util-linux}/bin:${pkgs.gnugrep}/bin:${pkgs.gnused}/bin:${pkgs.e2fsprogs}/bin:${pkgs.btrfs-progs}/bin"
+
+        exec ${./post-devices.sh}
+      ''}";
+      boot.initrd.postMountCommands = "${pkgs.writeScript "post-mount-commands" ''
+        #!/bin/sh
+
+        set -eu
+        set -o pipefail
+
+        PATH="${pkgs.coreutils}/bin:${pkgs.util-linux}/bin:${pkgs.gnugrep}/bin:${pkgs.gnused}/bin:${pkgs.e2fsprogs}/bin"
+
+        exec ${./persistence.sh}
+        ''}";
       boot.postBootCommands = ''
         ls -la /
         rm /etc/ssh/ssh_host_*
@@ -210,7 +177,13 @@ in makeNetboot {
       environment.etc.host-nix-channel.source = pkgs.path;
     })
 
-    ({pkgs, ...}: {
+    {
+      options.ofborg.package = lib.mkOption {
+        description = "Ofborg package";
+        type = lib.types.package;
+      };
+    }
+    ({pkgs, config, ...}: {
       users.users.gc-of-borg = {
         description = "GC Of Borg Workers";
         home = "/var/lib/gc-of-borg";
@@ -255,7 +228,7 @@ in makeNetboot {
             git config --global user.name "GrahamCOfBorg"
             export RUST_BACKTRACE=1
 
-            ${ofborg}/bin/builder /persist/ofborg/config-${id}.json
+            ${config.ofborg.package}/bin/builder /persist/ofborg/config-${id}.json
           '';
         };
 

flake.nix

@@ -0,0 +1,14 @@
+{
+  inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small";
+  inputs.ofborg.url = "github:nixos/ofborg";
+  outputs = { nixpkgs, self, ofborg }: {
+    nixosConfigurations.aarch64-build-box = nixpkgs.lib.nixosSystem {
+      system = "aarch64-linux";
+      modules = [
+        ./configuration.nix
+        { ofborg.package = ofborg.packages.aarch64-linux.ofborg.rs; }
+      ];
+    };
+    hydraJobs.system = self.nixosConfigurations.aarch64-build-box.config.system.build.toplevel;
+  };
+}

users.nix

@@ -1,7 +1,5 @@
+{ lib, ... }:
 let
-  pkgs = import <nixpkgs> {};
-  inherit (pkgs) lib;
-
   users = {
     # 1. Generate an SSH key for your root account and add the public
     #    key to a file matching your name in ./keys/