diff --git a/DEV_NOTES.md b/DEV_NOTES.md index dffe4da..c1f00e5 100644 --- a/DEV_NOTES.md +++ b/DEV_NOTES.md @@ -1,21 +1,17 @@ -# How to build community builders - -Building: Make a `build.cfg` file and run `./build.sh`: +# How to build community build box ``` -pxeUrlPrefix https://yourdomain.com/pxe-images -pxeUrlSuffix netboot.ipxe -packetKey your-packet-api-key -packetDevice your-packet-device-id -buildHost user@an-aarch64-capable-build-box -imageName nixos-packet-aarch64-2018-01-03v1 -pxeHost user@web-accessible-server -pxeDir /path/to/web/root +nix build .#hydraJobs.system ``` -The build will happen on `buildHost` then copied directly from buildHost -to `pxeHost:pxeDir/imageName` (via netcat and openssl). -If the destination directory already exists, it will be overwritten. +You will need to be on an aarch64-linux machine or have an +aarch64-linux builder configured. + +You can use +[nix-netboot-serve](https://github.com/DeterminateSystems/nix-netboot-serve/) +to provide netboot for the resulting configuration. + +(TODO: this isn't implemented yet) +The production machine boots via the [build on hydra.nixos.org](TODO) +using netboot.nixos.org, which is also running nix-netboot-serve. -Update the PXE url and restart the server with `./restart.sh`. The PXE -URL will be calculated by `pxeUrlPrefix/imageName/pxeUrlSuffix`. diff --git a/configuration.nix b/configuration.nix index 3714440..d71d1cf 100644 --- a/configuration.nix +++ b/configuration.nix @@ -1,58 +1,7 @@ -{ pkgs ? import ./nix { system = "aarch64-linux"; } -}: -let - makeNetboot = config: - let - config_evaled = import "${pkgs.path}/nixos/lib/eval-config.nix" config; - build = config_evaled.config.system.build; - kernelTarget = config_evaled.pkgs.stdenv.hostPlatform.linux-kernel.target; - in - pkgs.symlinkJoin { - name="netboot"; - paths=[ - build.netbootRamdisk - build.kernel - build.netbootIpxeScript - ]; - postBuild = '' - mkdir -p $out/nix-support - echo "file ${kernelTarget} $out/${kernelTarget}" >> $out/nix-support/hydra-build-products - echo "file initrd $out/initrd" >> $out/nix-support/hydra-build-products - echo "file ipxe $out/netboot.ipxe" >> $out/nix-support/hydra-build-products - ''; - }; - - postDeviceCommands = pkgs.writeScript "post-device-commands" - '' - #!/bin/sh - - set -eu - set -o pipefail - - PATH="${pkgs.coreutils}/bin:${pkgs.util-linux}/bin:${pkgs.gnugrep}/bin:${pkgs.gnused}/bin:${pkgs.e2fsprogs}/bin:${pkgs.btrfs-progs}/bin" - - exec ${./post-devices.sh} - ''; - - postMountCommands = pkgs.writeScript "post-mount-commands" - '' - #!/bin/sh - - set -eu - set -o pipefail - - PATH="${pkgs.coreutils}/bin:${pkgs.util-linux}/bin:${pkgs.gnugrep}/bin:${pkgs.gnused}/bin:${pkgs.e2fsprogs}/bin" - - exec ${./persistence.sh} - ''; - - ofborg = builtins.storePath ./nix/ofborg-path; - -in makeNetboot { - system = "aarch64-linux"; - modules = [ - "${pkgs.path}/nixos/modules/profiles/all-hardware.nix" - "${pkgs.path}/nixos/modules/profiles/minimal.nix" +{ pkgs, modulesPath, lib, ... }: { + imports = [ + (modulesPath + "/profiles/all-hardware.nix") + (modulesPath + "/profiles/minimal.nix") ./modules/netboot.nix @@ -155,8 +104,26 @@ in makeNetboot { security.sudo.wheelNeedsPassword = false; boot.supportedFilesystems = [ "zfs" ]; - boot.initrd.postDeviceCommands = "${postDeviceCommands}"; - boot.initrd.postMountCommands = "${postMountCommands}"; + boot.initrd.postDeviceCommands = "${pkgs.writeScript "post-device-commands" '' + #!/bin/sh + + set -eu + set -o pipefail + + PATH="${pkgs.coreutils}/bin:${pkgs.util-linux}/bin:${pkgs.gnugrep}/bin:${pkgs.gnused}/bin:${pkgs.e2fsprogs}/bin:${pkgs.btrfs-progs}/bin" + + exec ${./post-devices.sh} + ''}"; + boot.initrd.postMountCommands = "${pkgs.writeScript "post-mount-commands" '' + #!/bin/sh + + set -eu + set -o pipefail + + PATH="${pkgs.coreutils}/bin:${pkgs.util-linux}/bin:${pkgs.gnugrep}/bin:${pkgs.gnused}/bin:${pkgs.e2fsprogs}/bin" + + exec ${./persistence.sh} + ''}"; boot.postBootCommands = '' ls -la / rm /etc/ssh/ssh_host_* @@ -210,7 +177,13 @@ in makeNetboot { environment.etc.host-nix-channel.source = pkgs.path; }) - ({pkgs, ...}: { + { + options.ofborg.package = lib.mkOption { + description = "Ofborg package"; + type = lib.types.package; + }; + } + ({pkgs, config, ...}: { users.users.gc-of-borg = { description = "GC Of Borg Workers"; home = "/var/lib/gc-of-borg"; @@ -255,7 +228,7 @@ in makeNetboot { git config --global user.name "GrahamCOfBorg" export RUST_BACKTRACE=1 - ${ofborg}/bin/builder /persist/ofborg/config-${id}.json + ${config.ofborg.package}/bin/builder /persist/ofborg/config-${id}.json ''; }; diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..b054300 --- /dev/null +++ b/flake.lock @@ -0,0 +1,79 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1713454724, + "narHash": "sha256-0Htjy5e/ELoFH9/r20/9MsGHLD9adqsPMF5ns8B0m74=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "bc279bbacf1f11a48e1f9cdf32228f27e28f0291", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-for-php": { + "locked": { + "lastModified": 1670538458, + "narHash": "sha256-mvKmBkdlhzsMBtnzYXjYn08EGw9rFBEE9hp4Uqgol1Q=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "99ec06122f481588abafd91f2710d80a5320efe6", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-22.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1670543317, + "narHash": "sha256-4mMR56rtxKr+Gwz399jFr4i76SQZxsLWxxyfQlPXRm0=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "7a6a010c3a1d00f8470a5ca888f2f927f1860a19", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-22.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "ofborg": { + "inputs": { + "nixpkgs": "nixpkgs_2", + "nixpkgs-for-php": "nixpkgs-for-php" + }, + "locked": { + "lastModified": 1711723603, + "narHash": "sha256-flBA7790rvXpIPsrSIpxRwPopEMtrjuPBONuDAtWuJM=", + "owner": "nixos", + "repo": "ofborg", + "rev": "3fd6b66cd36ef2ec7adbb23370007604f02ebcfb", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "ofborg", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs", + "ofborg": "ofborg" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..1df6b82 --- /dev/null +++ b/flake.nix @@ -0,0 +1,14 @@ +{ + inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small"; + inputs.ofborg.url = "github:nixos/ofborg"; + outputs = { nixpkgs, self, ofborg }: { + nixosConfigurations.aarch64-build-box = nixpkgs.lib.nixosSystem { + system = "aarch64-linux"; + modules = [ + ./configuration.nix + { ofborg.package = ofborg.packages.aarch64-linux.ofborg.rs; } + ]; + }; + hydraJobs.system = self.nixosConfigurations.aarch64-build-box.config.system.build.toplevel; + }; +} diff --git a/users.nix b/users.nix index e8e2d75..e847963 100644 --- a/users.nix +++ b/users.nix @@ -1,7 +1,5 @@ +{ lib, ... }: let - pkgs = import {}; - inherit (pkgs) lib; - users = { # 1. Generate an SSH key for your root account and add the public # key to a file matching your name in ./keys/