diff --git a/flake.nix b/flake.nix index f27d4f2f..787a110a 100644 --- a/flake.nix +++ b/flake.nix @@ -184,6 +184,10 @@ config = ./machine/not522/installer; system = "riscv64-linux"; }; + oracle-installer = { + config = ./machine/oracle-installer; + system = "aarch64-linux"; + }; pc-installer = { config = ./machine/pc-installer; system = "x86_64-linux"; diff --git a/machine/oracle-installer/README.md b/machine/oracle-installer/README.md new file mode 100644 index 00000000..e65ec25c --- /dev/null +++ b/machine/oracle-installer/README.md @@ -0,0 +1 @@ +Taken from https://github.com/cleverca22/nix-tests/tree/master/kexec, released under the apache 2.0 license \ No newline at end of file diff --git a/machine/oracle-installer/autoreboot.nix b/machine/oracle-installer/autoreboot.nix new file mode 100644 index 00000000..68099b37 --- /dev/null +++ b/machine/oracle-installer/autoreboot.nix @@ -0,0 +1,21 @@ +{ config, lib, ... }: + +{ + options = { + kexec.autoReboot = lib.mkOption { + default = true; + description = "auto-reboot at the end of the hour"; + type = lib.types.bool; + }; + }; + config = lib.mkIf config.kexec.autoReboot { + systemd.timers.autoreboot = { + partOf = [ "autoreboot.service" ]; + wantedBy = [ "timers.target" ]; + timerConfig.OnCalendar = "hourly"; + }; + systemd.services.autoreboot = { + script = "shutdown -r +5"; + }; + }; +} diff --git a/machine/oracle-installer/configuration.nix b/machine/oracle-installer/configuration.nix new file mode 100644 index 00000000..fa1efc4f --- /dev/null +++ b/machine/oracle-installer/configuration.nix @@ -0,0 +1,32 @@ +# new cmd: nix-build '' -A config.system.build.kexec_tarball -I nixos-config=./configuration.nix -Q -j 4 + +{ + lib, + nixpkgs, + ... +}: + +with lib; + +{ + imports = [ + "${nixpkgs}/nixos/modules/installer/netboot/netboot-minimal.nix" + ./autoreboot.nix + ./kexec.nix + ]; + + boot.supportedFilesystems = lib.mkForce [ + "btrfs" + "vfat" + ]; + boot.loader.grub.enable = false; + boot.kernelParams = [ + "console=ttyS0,115200" # allows certain forms of remote access, if the hardware is setup right + "panic=30" + "boot.panic_on_fail" # reboot the machine upon fatal boot issues + ]; + systemd.services.sshd.wantedBy = mkForce [ "multi-user.target" ]; + networking.hostName = "kexec"; + # example way to embed an ssh pubkey into the tar + # users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC34wZQFEOGkA5b0Z6maE3aKy/ix1MiK1D0Qmg4E9skAA57yKtWYzjA23r5OCF4Nhlj1CuYd6P1sEI/fMnxf+KkqqgW3ZoZ0+pQu4Bd8Ymi3OkkQX9kiq2coD3AFI6JytC6uBi6FaZQT5fG59DbXhxO5YpZlym8ps1obyCBX0hyKntD18RgHNaNM+jkQOhQ5OoxKsBEobxQOEdjIowl2QeEHb99n45sFr53NFqk3UCz0Y7ZMf1hSFQPuuEC/wExzBBJ1Wl7E1LlNA4p9O3qJUSadGZS4e5nSLqMnbQWv2icQS/7J8IwY0M8r1MsL8mdnlXHUofPlG1r4mtovQ2myzOx clever@nixos" ]; +} diff --git a/machine/oracle-installer/default.nix b/machine/oracle-installer/default.nix new file mode 100644 index 00000000..73024ca6 --- /dev/null +++ b/machine/oracle-installer/default.nix @@ -0,0 +1,33 @@ +{ + nixos-config, + pkgs, + lib, + ... +}: +{ + imports = [ + ./configuration.nix + "${nixos-config}/config" + ]; + + # Make it use predictable interface names starting with eth0 + boot.kernelParams = [ "net.ifnames=0" ]; + + networking.useDHCP = true; + isInstaller = true; + + environment.impermanence.enable = false; + boot.initrd.systemd.enable = lib.mkForce false; + home-manager.sharedModules = [ { home.persistence = lib.mkForce { }; } ]; + + environment.systemPackages = [ + (pkgs.writeShellScriptBin "install-oracle-unattended" '' + set -eux + exec ${pkgs.disko}/bin/disko-install --flake "${nixos-config}#oracle" --disk main "${nixos-config.nixosConfigurations.thinkrac.config.disko.devices.disk.main.device}" + '') + ]; + + users.users.root.openssh.authorizedKeys.keys = [ + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDXQlfvRUm/z6eP1EjsajIbMibkq9n+ymlbBi7NFiOuaAAAABHNzaDo= ssh:" + ]; +} diff --git a/machine/oracle-installer/kexec.nix b/machine/oracle-installer/kexec.nix new file mode 100644 index 00000000..e2805b02 --- /dev/null +++ b/machine/oracle-installer/kexec.nix @@ -0,0 +1,51 @@ +{ pkgs, config, ... }: + +{ + system.build = rec { + image = pkgs.runCommand "image" { buildInputs = [ pkgs.nukeReferences ]; } '' + mkdir $out + cp ${config.system.build.kernel}/${config.system.boot.loader.kernelFile} $out/kernel + cp ${config.system.build.netbootRamdisk}/initrd $out/initrd + echo "init=${builtins.unsafeDiscardStringContext config.system.build.toplevel}/init ${toString config.boot.kernelParams}" > $out/cmdline + nuke-refs $out/kernel + ''; + kexec_script = pkgs.writeTextFile { + executable = true; + name = "kexec-nixos"; + text = '' + #!${pkgs.stdenv.shell} + export PATH=${pkgs.kexectools}/bin:${pkgs.cpio}/bin:$PATH + set -x + set -e + cd $(mktemp -d) + pwd + mkdir initrd + pushd initrd + if [ -e /ssh_pubkey ]; then + cat /ssh_pubkey >> authorized_keys + fi + find -type f | cpio -o -H newc | gzip -9 > ../extra.gz + popd + cat ${image}/initrd extra.gz > final.gz + + kexec -l ${image}/kernel --initrd=final.gz --append="init=${builtins.unsafeDiscardStringContext config.system.build.toplevel}/init ${toString config.boot.kernelParams}" + sync + echo "executing kernel, filesystems will be improperly umounted" + kexec -e + ''; + }; + }; + boot.initrd.postMountCommands = '' + mkdir -p /mnt-root/root/.ssh/ + cp /authorized_keys /mnt-root/root/.ssh/ + ''; + system.build.kexec_tarball = pkgs.callPackage (pkgs.path + "/nixos/lib/make-system-tarball.nix") { + storeContents = [ + { + object = config.system.build.kexec_script; + symlink = "/kexec_nixos"; + } + ]; + contents = [ ]; + }; +} diff --git a/machine/thinkrac/hardware.nix b/machine/thinkrac/hardware.nix index d7482541..b881a447 100644 --- a/machine/thinkrac/hardware.nix +++ b/machine/thinkrac/hardware.nix @@ -47,7 +47,6 @@ options usbcore autosuspend=2 # Fan control for thinkpads options thinkpad_acpi fan_control=1 - options zfs zfs_arc_max=4294967296 ''; boot.kernel.sysctl = { # Probably unnecessary