From e9b5de893d33300880bc9733c7412c082301a814 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20=E2=80=9CNiols=E2=80=9D=20Jeannerod?= Date: Tue, 1 Oct 2024 10:02:01 +0200 Subject: [PATCH] Create automatic installation ISOs (#26) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Taeer Bar-Yam Co-authored-by: Valentin Gagarin Reviewed-on: https://git.fediversity.eu/Fediversity/simple-nixos-fediverse/pulls/26 Co-authored-by: Nicolas “Niols” Jeannerod Co-committed-by: Nicolas “Niols” Jeannerod --- README.md | 20 +++++++++++++++++ deploy.nix | 13 ++++++++++++ disk-layout.nix | 36 +++++++++++++++++++++++++++++++ flake.lock | 53 ++++++++++++++++++++++++++++++++++++++-------- flake.nix | 27 +++++++++++++++++++++-- installer.nix | 37 ++++++++++++++++++++++++++++++++ vm/garage-vm.nix | 5 +---- vm/mastodon-vm.nix | 5 +---- vm/peertube-vm.nix | 5 +---- vm/pixelfed-vm.nix | 5 +---- 10 files changed, 179 insertions(+), 27 deletions(-) create mode 100644 deploy.nix create mode 100644 disk-layout.nix create mode 100644 installer.nix diff --git a/README.md b/README.md index 73c3885..66114e7 100644 --- a/README.md +++ b/README.md @@ -46,6 +46,26 @@ NOTE: it sometimes takes a while for the services to start up, and in the meanti ```bash pixelfed-manage user:create --name=test --username=test --email=test@test.com --password=testtest --confirm_email=1 ``` +# Building an installer image + +Build an installer image for the desired configuration, e.g. for `peertube`: + +```bash +nix build .#installers.peertube +``` + +Upload the image in `./result` to Proxmox when creating a VM. +Booting the image will format the disk and install NixOS with the desired configuration. + +# Deploying an updated machine configuration + +> TODO: There is currently no way to specify an actual target machine by name. + +Assuming you have SSH configuration with access to the remote `root` user stored for a machine called e.g. `peertube`, deploy the configuration by the same name: + +```bash +nix run .#deploy.peertube +``` ## debugging notes diff --git a/deploy.nix b/deploy.nix new file mode 100644 index 0000000..5604488 --- /dev/null +++ b/deploy.nix @@ -0,0 +1,13 @@ +{ writeShellApplication }: +name: config: +writeShellApplication { + name = "deploy"; + text = '' + result="$(nix build --print-out-paths ${./.}#nixosConfigurations#${name} --eval-store auto --store ssh-ng://${name})" + # shellcheck disable=SC2087 + ssh ${name} << EOF + nix-env -p /nix/var/nix/profiles/system --set "$result" + "$result"/bin/switch-to-configuration switch + EOF + ''; +} diff --git a/disk-layout.nix b/disk-layout.nix new file mode 100644 index 0000000..13f1a20 --- /dev/null +++ b/disk-layout.nix @@ -0,0 +1,36 @@ +{ ... }: +{ + disko.devices.disk.main = { + device = "/dev/sda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + MBR = { + priority = 0; + size = "1M"; + type = "EF02"; + }; + ESP = { + priority = 1; + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + priority = 2; + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; +} diff --git a/flake.lock b/flake.lock index d25c01c..5c10c66 100644 --- a/flake.lock +++ b/flake.lock @@ -1,17 +1,35 @@ { "nodes": { - "nixpkgs": { + "disko": { + "inputs": { + "nixpkgs": "nixpkgs" + }, "locked": { - "lastModified": 1723726852, - "narHash": "sha256-lRzlx4fPRtzA+dgz9Rh4WK5yAW3TsAXx335DQqxY2XY=", - "owner": "radvendii", - "repo": "nixpkgs", - "rev": "9286249a1673cf5b14a4793e22dd44b70cb69a0d", + "lastModified": 1727347829, + "narHash": "sha256-y7cW6TjJKy+tu7efxeWI6lyg4VVx/9whx+OmrhmRShU=", + "owner": "nix-community", + "repo": "disko", + "rev": "1879e48907c14a70302ff5d0539c3b9b6f97feaa", "type": "github" }, "original": { - "owner": "radvendii", - "ref": "nixos_rebuild_tests", + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1725194671, + "narHash": "sha256-tLGCFEFTB5TaOKkpfw3iYT9dnk4awTP/q4w+ROpMfuw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b833ff01a0d694b910daca6e2ff4a3f26dee478c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } @@ -31,6 +49,22 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1723726852, + "narHash": "sha256-lRzlx4fPRtzA+dgz9Rh4WK5yAW3TsAXx335DQqxY2XY=", + "owner": "radvendii", + "repo": "nixpkgs", + "rev": "9286249a1673cf5b14a4793e22dd44b70cb69a0d", + "type": "github" + }, + "original": { + "owner": "radvendii", + "ref": "nixos_rebuild_tests", + "repo": "nixpkgs", + "type": "github" + } + }, "pixelfed": { "flake": false, "locked": { @@ -50,7 +84,8 @@ }, "root": { "inputs": { - "nixpkgs": "nixpkgs", + "disko": "disko", + "nixpkgs": "nixpkgs_2", "nixpkgs-latest": "nixpkgs-latest", "pixelfed": "pixelfed" } diff --git a/flake.nix b/flake.nix index 5354280..c3bdef7 100644 --- a/flake.nix +++ b/flake.nix @@ -6,11 +6,13 @@ url = "github:pixelfed/pixelfed?ref=v0.12.3"; flake = false; }; + disko.url = "github:nix-community/disko"; }; - outputs = { self, nixpkgs, nixpkgs-latest, pixelfed }: + outputs = { self, nixpkgs, nixpkgs-latest, pixelfed, disko }: let system = "x86_64-linux"; + lib = nixpkgs.lib; pkgs = nixpkgs.legacyPackages.${system}; pkgsLatest = nixpkgs-latest.legacyPackages.${system}; bleedingFediverseOverlay = (self: super: { @@ -21,7 +23,6 @@ ## TODO: give mastodon, peertube the same treatment }); in { - nixosModules = { ## Bleeding-edge fediverse packages bleedingFediverse = { @@ -36,12 +37,16 @@ mastodon-vm = import ./vm/mastodon-vm.nix; peertube-vm = import ./vm/peertube-vm.nix; pixelfed-vm = import ./vm/pixelfed-vm.nix; + + disk-layout = import ./disk-layout.nix; }; nixosConfigurations = { mastodon = nixpkgs.lib.nixosSystem { inherit system; modules = with self.nixosModules; [ + disko.nixosModules.default + disk-layout bleedingFediverse fediversity interactive-vm @@ -53,6 +58,8 @@ peertube = nixpkgs.lib.nixosSystem { inherit system; modules = with self.nixosModules; [ + disko.nixosModules.default + disk-layout bleedingFediverse fediversity interactive-vm @@ -64,6 +71,8 @@ pixelfed = nixpkgs.lib.nixosSystem { inherit system; modules = with self.nixosModules; [ + disko.nixosModules.default + disk-layout bleedingFediverse fediversity interactive-vm @@ -75,6 +84,8 @@ all = nixpkgs.lib.nixosSystem { inherit system; modules = with self.nixosModules; [ + disko.nixosModules.default + disk-layout bleedingFediverse fediversity interactive-vm @@ -86,6 +97,18 @@ }; }; + installers = + let + installer = (import ./installer.nix) nixpkgs; + in + lib.mapAttrs (_: config: installer config) self.nixosConfigurations; + + deploy = + let + deployCommand = (pkgs.callPackage ./deploy.nix { }); + in + lib.mapAttrs (name: config: deployCommand name config) self.nixosConfigurations; + checks.${system} = { mastodon-garage = import ./tests/mastodon-garage.nix { inherit pkgs self; }; pixelfed-garage = import ./tests/pixelfed-garage.nix { inherit pkgs self; }; diff --git a/installer.nix b/installer.nix new file mode 100644 index 0000000..cbd2ba5 --- /dev/null +++ b/installer.nix @@ -0,0 +1,37 @@ +/** + Convert a NixOS configuration to one for a minimal installer ISO + + WARNING: Running this installer will format the target disk! +*/ +nixpkgs: machine: + let + installer = { config, pkgs, lib, ... }: + let + bootstrap = pkgs.writeShellApplication { + name = "bootstrap"; + runtimeInputs = with pkgs; [ nixos-install-tools ]; + text = '' + ${machine.config.system.build.diskoScript} + nixos-install --no-root-password --no-channel-copy --system ${machine.config.system.build.toplevel} + ''; + }; + in + { + imports = [ + "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix" + ]; + nixpkgs.hostPlatform = "x86_64-linux"; + services.getty.autologinUser = lib.mkForce "root"; + programs.bash.loginShellInit = '' + ${nixpkgs.lib.getExe bootstrap} + ''; + + isoImage = { + compressImage = false; + squashfsCompression = "gzip -Xcompression-level 1"; + isoName = lib.mkForce "installer.iso"; + }; + }; + in + (nixpkgs.lib.nixosSystem { modules = [installer];}).config.system.build.isoImage + diff --git a/vm/garage-vm.nix b/vm/garage-vm.nix index 8deb49f..a8f78f3 100644 --- a/vm/garage-vm.nix +++ b/vm/garage-vm.nix @@ -6,10 +6,7 @@ let fedicfg = config.fediversity.internal.garage; in { - imports = [ - ../fediversity - (modulesPath + "/virtualisation/qemu-vm.nix") - ]; + imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ]; services.nginx.virtualHosts.${fedicfg.web.rootDomain} = { forceSSL = mkVMOverride false; diff --git a/vm/mastodon-vm.nix b/vm/mastodon-vm.nix index ea17f27..5a9734b 100644 --- a/vm/mastodon-vm.nix +++ b/vm/mastodon-vm.nix @@ -1,9 +1,6 @@ { modulesPath, lib, config, ... }: { - imports = [ - ../fediversity - (modulesPath + "/virtualisation/qemu-vm.nix") - ]; + imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ]; config = lib.mkMerge [ { diff --git a/vm/peertube-vm.nix b/vm/peertube-vm.nix index 5f40f4f..58c4667 100644 --- a/vm/peertube-vm.nix +++ b/vm/peertube-vm.nix @@ -1,9 +1,6 @@ { pkgs, modulesPath, ... }: { - imports = [ - ../fediversity - (modulesPath + "/virtualisation/qemu-vm.nix") - ]; + imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ]; services.peertube = { enableWebHttps = false; diff --git a/vm/pixelfed-vm.nix b/vm/pixelfed-vm.nix index 3353648..76fbb59 100644 --- a/vm/pixelfed-vm.nix +++ b/vm/pixelfed-vm.nix @@ -4,10 +4,7 @@ let inherit (lib) mkVMOverride; in { - imports = [ - ../fediversity - (modulesPath + "/virtualisation/qemu-vm.nix") - ]; + imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ]; fediversity = { enable = true;