From c52f9cb05ba3fd6533543d691de778091a30e2e1 Mon Sep 17 00:00:00 2001 From: tilpner Date: Thu, 19 Apr 2018 22:38:13 +0200 Subject: Initial commit --- configuration.nix | 28 +++++++++++++++++ install.nix | 90 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ kexec.nix | 72 ++++++++++++++++++++++++++++++++++++++++++++ release.nix | 37 +++++++++++++++++++++++ target-config.nix | 26 ++++++++++++++++ 5 files changed, 253 insertions(+) create mode 100644 configuration.nix create mode 100644 install.nix create mode 100644 kexec.nix create mode 100644 release.nix create mode 100644 target-config.nix diff --git a/configuration.nix b/configuration.nix new file mode 100644 index 0000000..da4d3b1 --- /dev/null +++ b/configuration.nix @@ -0,0 +1,28 @@ +# new cmd: nix-build '' -A config.system.build.kexec_tarball -I nixos-config=./configuration.nix -Q -j 4 + +{ lib, pkgs, config, ... }: + +with lib; + +{ + imports = [ + + ./kexec.nix + ./install.nix + ]; + + # nixos-install doesn't work with nixUnstable + nix.package = mkForce pkgs.nixStable; + + boot.loader.grub.enable = false; + boot.kernelParams = [ + "console=ttyS0,115200" # allows certain forms of remote access, if the hardware is setup right + "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues + ]; + + networking.hostName = "kexec"; + hardware = { + enableRedistributableFirmware = mkForce false; + opengl.driSupport = mkForce false; + }; +} diff --git a/install.nix b/install.nix new file mode 100644 index 0000000..f4186c7 --- /dev/null +++ b/install.nix @@ -0,0 +1,90 @@ +{ config, pkgs, lib, ... }: + +with lib; +let + cfg = config.kexec.justdoit; +in { + options = { + kexec.justdoit = { + rootDevice = mkOption { + type = types.str; + default = "/dev/sda"; + description = "the root block device that justdoit will nuke from orbit and force nixos onto"; + }; + bootSize = mkOption { + type = types.int; + default = 256; + description = "size of /boot in mb"; + }; + swapSize = mkOption { + type = types.int; + default = 1024; + description = "size of swap in mb"; + }; + }; + }; + + config = lib.mkIf true { + system.build.justdoit = pkgs.writeScriptBin "justdoit" '' + #!${pkgs.stdenv.shell} + + set -e + + vgchange -a n + + dd if=/dev/zero of=${cfg.rootDevice} bs=512 count=10000 + + sfdisk ${cfg.rootDevice} < /mnt/etc/nixos/generated.nix < $out/cmdline + nuke-refs $out/kernel + ''; + + kexec_script = pkgs.writeTextFile { + executable = true; + name = "kexec-nixos"; + text = '' + #!${pkgs.stdenv.shell} + export PATH=${pkgs.kexectools}/bin:${pkgs.cpio}/bin:$PATH + set -x + cd $(mktemp -d) + pwd + mkdir initrd + pushd initrd + cat /ssh_pubkey >> authorized_keys + find -type f | cpio -o -H newc | gzip -9 > ../extra.gz + popd + cat ${image}/initrd extra.gz > final.gz + + kexec -l ${image}/kernel --initrd=final.gz --append="init=${builtins.unsafeDiscardStringContext config.system.build.toplevel}/init ${toString config.boot.kernelParams}" + sync + echo "executing kernel, filesystems will be improperly umounted" + kexec -e + ''; + }; + + kexec_tarball = pkgs.callPackage { + storeContents = [ + { object = config.system.build.kexec_script; symlink = "/kexec_nixos"; } + ]; + contents = []; + }; + + kexec_tarball_self_extract_script = pkgs.writeTextFile { + executable = true; + name = "kexec-nixos"; + text = '' + #!/bin/sh + ARCHIVE=`awk '/^__ARCHIVE_BELOW__/ { print NR + 1; exit 0; }' $0` + + tail -n+$ARCHIVE $0 | tar xJ -C / + /kexec_nixos + + exit 0 + + __ARCHIVE_BELOW__ + ''; + }; + + kexec_bundle = pkgs.runCommand "kexec_bundle" {} '' + cat \ + ${kexec_tarball_self_extract_script} \ + ${kexec_tarball}/tarball/nixos-system-${kexec_tarball.system}.tar.xz \ + > $out + chmod +x $out + ''; + }; + + boot.initrd.postMountCommands = '' + mkdir -p /mnt-root/root/.ssh/ + cp /authorized_keys /mnt-root/root/.ssh/ + ''; +} diff --git a/release.nix b/release.nix new file mode 100644 index 0000000..7dd11aa --- /dev/null +++ b/release.nix @@ -0,0 +1,37 @@ +let + pkgs = import { config = {}; }; + callPackage = pkgs.newScope self; + self = { + kexec_tarball = (import { + configuration = ./configuration.nix; + }).config.system.build.kexec_tarball; + + kexec_bundle = (import { + configuration = ./configuration.nix; + }).config.system.build.kexec_bundle; + + qemu_test1 = let + config = (import { configuration = ./configuration.nix; }).config; + image = config.system.build.image; + in pkgs.writeScriptBin "qemu_test1" '' + #!${pkgs.stdenv.shell} + export PATH=${pkgs.qemu_kvm}/bin/:$PATH + + if ! test -e dummy_root.qcow2; then + qemu-img create -f qcow2 dummy_root.qcow2 20G + fi + + qemu-kvm -kernel ${image}/kernel -initrd ${image}/initrd -m 2048 -append "init=${builtins.unsafeDiscardStringContext config.system.build.toplevel}/init ${toString config.boot.kernelParams}" -monitor stdio -drive index=0,id=drive1,file=dummy_root.qcow2,cache=writeback,werror=report,if=virtio + ''; + qemu_test2 = pkgs.writeScriptBin "qemu_test2" '' + #!${pkgs.stdenv.shell} + export PATH=${pkgs.qemu_kvm}/bin/:$PATH + + qemu-kvm -monitor stdio -drive index=0,id=drive1,file=dummy_root.qcow2,cache=writeback,werror=report,if=virtio + ''; + qemu_test = pkgs.buildEnv { + name = "qemu_test"; + paths = with self; [ qemu_test1 qemu_test2 ]; + }; + }; +in self diff --git a/target-config.nix b/target-config.nix new file mode 100644 index 0000000..8243786 --- /dev/null +++ b/target-config.nix @@ -0,0 +1,26 @@ +{ ... }: + +{ + imports = [ + ./hardware-configuration.nix + ./generated.nix + ]; + + boot.loader.grub = { + enable = true; + version = 2; + }; + + services.openssh = { + enable = true; + permitRootLogin = "yes"; + }; + + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDuNResYJNUNlReRIxPMMnI3hAaW5dNs3E2qoeqHsU/nwnL+czVKOkHnG8gQaKSN7q0wVP3o3ozSsGHdYBJ0YrAYMccOPGkPJ6Aua/7LBkxTc1bVbGrPAEVDYfvNKTU0KjbOfUt6bAbtx1KzbzttBHRR14AxHSUH3ELja6a1foATQWyArLmykmo8aFp75n9+b8XVkmtVtSB0VFibMGwLekNgTD1zOZfzqjxD2EQop279Y8s9kfadpxznONLBNgNUZEzkk++MTh2a6OXW4WA2+dH8WaG2hwjghYbqSDlYe9yjyxhRS0ZtUuVlxlMlTsn0MIt/fYlYNSJts4I11ehBQFkzWUv/i/BgKFKX2M1A5fZTI9emlKJ/Iz3EyXNg1VNc/8iCVaWMpKUbT8Hao8qvwihoZegyVZRmCbUDyxVpjy2Qyl3/dl8mjsYbzYK6CyLo198rCeSrYlF7c81KikPmNuibzSL0UHvA94HK7hVWfu+iZKPZOYVdIle25+hZcL+s7GROy5iGWA9qwgaqXShbqhyyg/lXCY8MdyDBdomWrdk9SvQ0hbNLwSrNlcHAoO3H8/HRcoW4/faiFsm8SFF4RnsIYfVNKCUYlf4kspbHUxUWuEMtOxpo/uu3Zs7hI+TQL9FKwrLRgnu72sx0Y1o4PIGHUldSgzoYAxL+EaF3qgYhoOyiVFa5IRioaG9FRFJ1hboq+0XxQXYzJ8z9CrRa/Gxrp/Etqdevm8IjuOWelDAR4UPgeQsvjHvZVxLOGay8wBtA0/My9meouPDn7jzPjfFUcmdB99PM/PfrqJBC+WdldEfURrAeax6b2LidFl3bN4BLGwK0BlPybjgj7jm1THMnnM4F7BmhzA8MN1tmcEIiZSbW3lRjMxTikGkhvq1NbMp/k6ZmMkwJcwORSJRVdji3wYOuQxl2/u+Ey2NtBXyA5TomPvkWR/h9us+2/8WOxVlpjs6PtYEguehLbuqPWANM1FG9ngAMc1yGMp9YXPKQn+xVvOssOK6VoAu57q9zHJ5GQe8Pm6+2Qpq7hWRDkxIfnDGAeLDIlHa4JunX+okSCH14fx2PpwRfQ1UUhp5wnDtcAfkWGmq82HQknAigNWih5LqPthfjMuhUUcgYsciWYFKZbum4/yecfXUUx9SlcAwVrEZ+kwvNw1UsjrRtITsCBaBlSDpioyXYmJ6ldxUOKZiqAvAKeB0zRF3xpALWZuADh22BzWaNeLL8Gw5uR9TV7PGQ9wpd07SRsdabqLtYqg2P0/t+zPlKHNkL80vZjmuYJeHZ6Zmv3K4PsKEsHG3nXcA8PUI09IfvBbUnzlUb46V5K2O6E3iiSeQBRv7jWEkwGZy9/lBMUM7Qxw3a9Hv till@hoeppner.ws" + ]; + + boot.kernelParams = [ + "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues + ]; +} -- cgit v1.2.3