WIP: rewrite config #618

Draft
darkkirb wants to merge 345 commits from rewrite into main
7 changed files with 142 additions and 1 deletions
Showing only changes of commit cfc8962db5 - Show all commits

View file

@ -184,6 +184,10 @@
config = ./machine/not522/installer;
system = "riscv64-linux";
};
oracle-installer = {
config = ./machine/oracle-installer;
system = "aarch64-linux";
};
pc-installer = {
config = ./machine/pc-installer;
system = "x86_64-linux";

View file

@ -0,0 +1 @@
Taken from https://github.com/cleverca22/nix-tests/tree/master/kexec, released under the apache 2.0 license

View file

@ -0,0 +1,21 @@
{ config, lib, ... }:
{
options = {
kexec.autoReboot = lib.mkOption {
default = true;
description = "auto-reboot at the end of the hour";
type = lib.types.bool;
};
};
config = lib.mkIf config.kexec.autoReboot {
systemd.timers.autoreboot = {
partOf = [ "autoreboot.service" ];
wantedBy = [ "timers.target" ];
timerConfig.OnCalendar = "hourly";
};
systemd.services.autoreboot = {
script = "shutdown -r +5";
};
};
}

View file

@ -0,0 +1,32 @@
# new cmd: nix-build '<nixpkgs/nixos>' -A config.system.build.kexec_tarball -I nixos-config=./configuration.nix -Q -j 4
{
lib,
nixpkgs,
...
}:
with lib;
{
imports = [
"${nixpkgs}/nixos/modules/installer/netboot/netboot-minimal.nix"
./autoreboot.nix
./kexec.nix
];
boot.supportedFilesystems = lib.mkForce [
"btrfs"
"vfat"
];
boot.loader.grub.enable = false;
boot.kernelParams = [
"console=ttyS0,115200" # allows certain forms of remote access, if the hardware is setup right
"panic=30"
"boot.panic_on_fail" # reboot the machine upon fatal boot issues
];
systemd.services.sshd.wantedBy = mkForce [ "multi-user.target" ];
networking.hostName = "kexec";
# example way to embed an ssh pubkey into the tar
# users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC34wZQFEOGkA5b0Z6maE3aKy/ix1MiK1D0Qmg4E9skAA57yKtWYzjA23r5OCF4Nhlj1CuYd6P1sEI/fMnxf+KkqqgW3ZoZ0+pQu4Bd8Ymi3OkkQX9kiq2coD3AFI6JytC6uBi6FaZQT5fG59DbXhxO5YpZlym8ps1obyCBX0hyKntD18RgHNaNM+jkQOhQ5OoxKsBEobxQOEdjIowl2QeEHb99n45sFr53NFqk3UCz0Y7ZMf1hSFQPuuEC/wExzBBJ1Wl7E1LlNA4p9O3qJUSadGZS4e5nSLqMnbQWv2icQS/7J8IwY0M8r1MsL8mdnlXHUofPlG1r4mtovQ2myzOx clever@nixos" ];
}

View file

@ -0,0 +1,33 @@
{
nixos-config,
pkgs,
lib,
...
}:
{
imports = [
./configuration.nix
"${nixos-config}/config"
];
# Make it use predictable interface names starting with eth0
boot.kernelParams = [ "net.ifnames=0" ];
networking.useDHCP = true;
isInstaller = true;
environment.impermanence.enable = false;
boot.initrd.systemd.enable = lib.mkForce false;
home-manager.sharedModules = [ { home.persistence = lib.mkForce { }; } ];
environment.systemPackages = [
(pkgs.writeShellScriptBin "install-oracle-unattended" ''
set -eux
exec ${pkgs.disko}/bin/disko-install --flake "${nixos-config}#oracle" --disk main "${nixos-config.nixosConfigurations.thinkrac.config.disko.devices.disk.main.device}"
'')
];
users.users.root.openssh.authorizedKeys.keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDXQlfvRUm/z6eP1EjsajIbMibkq9n+ymlbBi7NFiOuaAAAABHNzaDo= ssh:"
];
}

View file

@ -0,0 +1,51 @@
{ pkgs, config, ... }:
{
system.build = rec {
image = pkgs.runCommand "image" { buildInputs = [ pkgs.nukeReferences ]; } ''
mkdir $out
cp ${config.system.build.kernel}/${config.system.boot.loader.kernelFile} $out/kernel
cp ${config.system.build.netbootRamdisk}/initrd $out/initrd
echo "init=${builtins.unsafeDiscardStringContext config.system.build.toplevel}/init ${toString config.boot.kernelParams}" > $out/cmdline
nuke-refs $out/kernel
'';
kexec_script = pkgs.writeTextFile {
executable = true;
name = "kexec-nixos";
text = ''
#!${pkgs.stdenv.shell}
export PATH=${pkgs.kexectools}/bin:${pkgs.cpio}/bin:$PATH
set -x
set -e
cd $(mktemp -d)
pwd
mkdir initrd
pushd initrd
if [ -e /ssh_pubkey ]; then
cat /ssh_pubkey >> authorized_keys
fi
find -type f | cpio -o -H newc | gzip -9 > ../extra.gz
popd
cat ${image}/initrd extra.gz > final.gz
kexec -l ${image}/kernel --initrd=final.gz --append="init=${builtins.unsafeDiscardStringContext config.system.build.toplevel}/init ${toString config.boot.kernelParams}"
sync
echo "executing kernel, filesystems will be improperly umounted"
kexec -e
'';
};
};
boot.initrd.postMountCommands = ''
mkdir -p /mnt-root/root/.ssh/
cp /authorized_keys /mnt-root/root/.ssh/
'';
system.build.kexec_tarball = pkgs.callPackage (pkgs.path + "/nixos/lib/make-system-tarball.nix") {
storeContents = [
{
object = config.system.build.kexec_script;
symlink = "/kexec_nixos";
}
];
contents = [ ];
};
}

View file

@ -47,7 +47,6 @@
options usbcore autosuspend=2
# Fan control for thinkpads
options thinkpad_acpi fan_control=1
options zfs zfs_arc_max=4294967296
'';
boot.kernel.sysctl = {
# Probably unnecessary