Compare commits

...
This repository has been archived on 2024-11-13. You can view files and clone it, but cannot push or open issues or pull requests.

7 commits

Author SHA1 Message Date
Valentin Gagarin 6bbda4b4b3 run installer as root 2024-09-26 10:58:26 +02:00
Valentin Gagarin 591dd87752 deduplicate 2024-09-25 12:23:34 +02:00
Valentin Gagarin cc3ccbc59a use stable CLI for deploying 2024-09-25 12:23:27 +02:00
Valentin Gagarin dfb02038ac use npins
at least that works
2024-09-25 12:10:03 +02:00
Valentin Gagarin 8236802a74 don't pass around self needlessly 2024-09-25 12:10:03 +02:00
Valentin Gagarin f699c095da add documentation 2024-09-25 12:10:03 +02:00
Valentin Gagarin 5ed89f0c1f WIP: add installer generation and deployment scripts
This doesn't work yet for reasons that are not entirely clear to me:

    > nix run .#deploy.all --show-trace
    error: 'nixosConfigurations.all.type' is not a string but

sic!

    > nix build .#installers.all
    warning: Git tree '/home/vg/src/simple-nixos-fediverse' is dirty
    error:
           … while calling the 'derivationStrict' builtin

             at /builtin/derivation.nix:9:12: (source not available)

           … while evaluating derivation 'nixos-24.11.20240815.9286249-x86_64-linux.iso'
             whose name attribute is located at /nix/store/nqqkj0pwx2ymv8rxpw1m80zd4fxkvk0s-source/pkgs/stdenv/generic/make-derivation.nix:334:7

           … while evaluating attribute 'sources' of derivation 'nixos-24.11.20240815.9286249-x86_64-linux.iso'

             at /nix/store/nqqkj0pwx2ymv8rxpw1m80zd4fxkvk0s-source/nixos/lib/make-iso9660-image.nix:76:3:

               75|
               76|   sources = map (x: x.source) contents;
                 |   ^
               77|   targets = map (x: x.target) contents;

           (stack trace truncated; use '--show-trace' to show the full trace)

           error: Could not load a value as a module, because it is of type "flake", in file /nix/store/nqqkj0pwx2ymv8rxpw1m80zd4fxkvk0s-source/flake.nix.

???
2024-09-25 12:10:03 +02:00
12 changed files with 403 additions and 54 deletions

View file

@ -47,6 +47,27 @@ NOTE: it sometimes takes a while for the services to start up, and in the meanti
pixelfed-manage user:create --name=test --username=test --email=test@test.com --password=testtest --confirm_email=1
```
# Building an installer image
Build an installer image for the desired configuration, e.g. for `peertube`:
```bash
nix build .#installers.peertube
```
Upload the image in `./result` to Proxmox when creating a VM.
Booting the image will format the disk and install NixOS with the desired configuration.
# Deploying an updated machine configuration
> TODO: There is currently no way to specify an actual target machine by name.
Assuming you have SSH configuration with access to the remote `root` user stored for a machine called e.g. `peertube`, deploy the configuration by the same name:
```bash
nix run .#deploy.peertube
```
## debugging notes
- it is sometimes useful to `cat result/bin/run-nixos-vm` to see what's really going on (e.g. which ports are getting forwarded)

105
default.nix Normal file
View file

@ -0,0 +1,105 @@
{ inputs ? import ./npins
, system ? builtins.currentSystem
, pkgs ? import inputs.nixpkgs { config = { }; overlays = [ ]; inherit system; }
, lib ? import "${inputs.nixpkgs}/lib"
// {
nixosSystem = args:
import "${inputs.nixpkgs}/nixos/lib/eval-config.nix"
(
{
inherit lib;
# Allow system to be set modularly in nixpkgs.system.
# We set it to null, to remove the "legacy" entrypoint's
# non-hermetic default.
system = null;
modules = args.modules;
}
// builtins.removeAttrs args [ "modules" ]
);
}
,
}:
rec {
nixosModules = {
disko = "${inputs.disko}/module.nix";
disk-layout = import ./vm/disk-layout.nix;
interactive-vm = import ./vm/interactive-vm.nix;
mastodon-vm = import ./vm/mastodon-vm.nix;
peertube-vm = import ./vm/peertube-vm.nix;
pixelfed-vm = import ./vm/pixelfed-vm.nix;
};
# test with
# nix-build -A nixosConfigurations.<config>.installTest
nixosConfigurations = {
mastodon = lib.nixosSystem {
inherit system;
modules = with nixosModules; [
disko
disk-layout
interactive-vm
mastodon-vm
];
};
peertube = lib.nixosSystem {
inherit system;
modules = with nixosModules; [
disko
disk-layout
interactive-vm
peertube-vm
];
};
pixelfed = lib.nixosSystem {
inherit system;
modules = with nixosModules; [
disko
disk-layout
interactive-vm
pixelfed-vm
];
};
all = lib.nixosSystem {
inherit system;
modules = with nixosModules; [
interactive-vm
disko
disk-layout
peertube-vm
pixelfed-vm
mastodon-vm
];
};
};
# build with
# nix-build -A installers.<config>
installers =
let
installer = (import ./installer.nix) { inherit lib; outPath = inputs.nixpkgs; };
in
lib.mapAttrs (_: config: installer config) nixosConfigurations;
# run with
# $(nix-build -A deploy.<machine> --no-out-link)/bin/deploy
deploy =
let
deployCommand = (pkgs.callPackage ./deploy.nix { });
in
lib.mapAttrs (name: config: deployCommand name config) nixosConfigurations;
tests = {
mastodon-garage = import ./tests/mastodon-garage.nix { inherit pkgs; };
pixelfed-garage = import ./tests/pixelfed-garage.nix { inherit pkgs; };
};
shell = pkgs.mkShell {
packages = with pkgs; [
nil
];
};
}

13
deploy.nix Normal file
View file

@ -0,0 +1,13 @@
{ writeShellApplication }:
name: config:
writeShellApplication {
name = "deploy";
text = ''
result="$(nix-build ${./.} -A nixosConfigurations.${name} --eval-store auto --store ssh-ng://${name})"
# shellcheck disable=SC2087
ssh ${name} << EOF
nix-env -p /nix/var/nix/profiles/system --set "$result"
"$result"/bin/switch-to-configuration switch
EOF
'';
}

View file

@ -1,6 +1,40 @@
{
"nodes": {
"disko": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1727249977,
"narHash": "sha256-lAqOCDI4B6hA+t+KHSm/Go8hQF/Ob5sgXaIRtMAnMKw=",
"owner": "nix-community",
"repo": "disko",
"rev": "c1c472f4cd91e4b0703e02810a8c7ed30186b6fa",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1725194671,
"narHash": "sha256-tLGCFEFTB5TaOKkpfw3iYT9dnk4awTP/q4w+ROpMfuw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b833ff01a0d694b910daca6e2ff4a3f26dee478c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1723726852,
"narHash": "sha256-lRzlx4fPRtzA+dgz9Rh4WK5yAW3TsAXx335DQqxY2XY=",
@ -18,7 +52,8 @@
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs"
"disko": "disko",
"nixpkgs": "nixpkgs_2"
}
}
},

View file

@ -3,62 +3,28 @@
inputs = {
nixpkgs.url = "github:radvendii/nixpkgs/nixos_rebuild_tests";
disko.url = "github:nix-community/disko";
};
outputs = { self, nixpkgs }:
outputs = inputs@{ self, nixpkgs, disko, ... }:
let
system = "x86_64-linux";
pkgs = nixpkgs.legacyPackages.${system};
default = import ./default.nix { inherit system inputs; };
in {
nixosModules = {
## Fediversity modules
fediversity = import ./fediversity;
inherit (default)
nixosModules
nixosConfigurations
# build with
# nix build .#installers.<config>
installers
# run with
# nix run .#deploy.<machine>
deploy
;
## VM-specific modules
interactive-vm = import ./vm/interactive-vm.nix;
mastodon-vm = import ./vm/mastodon-vm.nix;
peertube-vm = import ./vm/peertube-vm.nix;
pixelfed-vm = import ./vm/pixelfed-vm.nix;
};
checks.${system} = default.tests;
nixosConfigurations = {
mastodon = nixpkgs.lib.nixosSystem {
inherit system;
modules = with self.nixosModules; [ fediversity interactive-vm mastodon-vm ];
};
peertube = nixpkgs.lib.nixosSystem {
inherit system;
modules = with self.nixosModules; [ fediversity interactive-vm peertube-vm ];
};
pixelfed = nixpkgs.lib.nixosSystem {
inherit system;
modules = with self.nixosModules; [ fediversity interactive-vm pixelfed-vm ];
};
all = nixpkgs.lib.nixosSystem {
inherit system;
modules = with self.nixosModules; [
fediversity
interactive-vm
peertube-vm
pixelfed-vm
mastodon-vm
];
};
};
checks.${system} = {
mastodon-garage = import ./tests/mastodon-garage.nix { inherit pkgs self; };
pixelfed-garage = import ./tests/pixelfed-garage.nix { inherit pkgs self; };
};
devShells.${system}.default = pkgs.mkShell {
inputs = with pkgs; [
nil
];
};
devShells.${system}.default = default.shell;
};
}

30
installer.nix Normal file
View file

@ -0,0 +1,30 @@
/**
Convert a NixOS configuration to one for a minimal installer ISO
WARNING: Running this installer will format the target disk!
*/
nixpkgs: machine:
let
installer = { config, pkgs, lib, ... }:
let
bootstrap = pkgs.writeShellApplication {
name = "bootstrap";
runtimeInputs = with pkgs; [ nixos-install-tools ];
text = ''
${machine.config.system.build.diskoScript}
nixos-install --no-root-password --no-channel-copy --system ${machine.config.system.build.toplevel}
'';
};
in
{
imports = [
"${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"
];
nixpkgs.hostPlatform = "x86_64-linux";
services.getty.autologinUser = lib.mkForce "root";
programs.bash.loginShellInit = ''
${nixpkgs.lib.getExe bootstrap}
'';
};
in
(nixpkgs.lib.nixosSystem { modules = [installer];}).config.system.build.isoImage

80
npins/default.nix Normal file
View file

@ -0,0 +1,80 @@
# Generated by npins. Do not modify; will be overwritten regularly
let
data = builtins.fromJSON (builtins.readFile ./sources.json);
version = data.version;
mkSource =
spec:
assert spec ? type;
let
path =
if spec.type == "Git" then
mkGitSource spec
else if spec.type == "GitRelease" then
mkGitSource spec
else if spec.type == "PyPi" then
mkPyPiSource spec
else if spec.type == "Channel" then
mkChannelSource spec
else
builtins.throw "Unknown source type ${spec.type}";
in
spec // { outPath = path; };
mkGitSource =
{
repository,
revision,
url ? null,
hash,
branch ? null,
...
}:
assert repository ? type;
# At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository
# In the latter case, there we will always be an url to the tarball
if url != null then
(builtins.fetchTarball {
inherit url;
sha256 = hash; # FIXME: check nix version & use SRI hashes
})
else
assert repository.type == "Git";
let
urlToName =
url: rev:
let
matched = builtins.match "^.*/([^/]*)(\\.git)?$" repository.url;
short = builtins.substring 0 7 rev;
appendShort = if (builtins.match "[a-f0-9]*" rev) != null then "-${short}" else "";
in
"${if matched == null then "source" else builtins.head matched}${appendShort}";
name = urlToName repository.url revision;
in
builtins.fetchGit {
url = repository.url;
rev = revision;
inherit name;
# hash = hash;
};
mkPyPiSource =
{ url, hash, ... }:
builtins.fetchurl {
inherit url;
sha256 = hash;
};
mkChannelSource =
{ url, hash, ... }:
builtins.fetchTarball {
inherit url;
sha256 = hash;
};
in
if version == 3 then
builtins.mapAttrs (_: mkSource) data.pins
else
throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`"

32
npins/sources.json Normal file
View file

@ -0,0 +1,32 @@
{
"pins": {
"disko": {
"type": "GitRelease",
"repository": {
"type": "GitHub",
"owner": "nix-community",
"repo": "disko"
},
"pre_releases": false,
"version_upper_bound": null,
"release_prefix": null,
"version": "v1.8.0",
"revision": "624fd86460e482017ed9c3c3c55a3758c06a4e7f",
"url": "https://api.github.com/repos/nix-community/disko/tarball/v1.8.0",
"hash": "06ifryv6rw25cz8zda4isczajdgrvcl3aqr145p8njxx5jya2d77"
},
"nixpkgs": {
"type": "Git",
"repository": {
"type": "GitHub",
"owner": "radvendii",
"repo": "nixpkgs"
},
"branch": "nixos_rebuild_tests",
"revision": "8648620e5c0d8a63f7319bbdaaa9a7f3bccae0f0",
"url": "https://github.com/radvendii/nixpkgs/archive/8648620e5c0d8a63f7319bbdaaa9a7f3bccae0f0.tar.gz",
"hash": "18s3731h59rby16hv1vkdjaib91h3myxbr041fndq6j5m7jjkbap"
}
},
"version": 3
}

31
shell.nix Normal file
View file

@ -0,0 +1,31 @@
{ ... }:
{
disko.devices.disk.main = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
priority = 1;
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
priority = 2;
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
}

View file

@ -1,4 +1,4 @@
{ pkgs, self }:
{ pkgs }:
let
lib = pkgs.lib;
rebuildableTest = import ./rebuildableTest.nix pkgs;
@ -37,7 +37,7 @@ pkgs.nixosTest {
nodes = {
server = { config, ... }: {
virtualisation.memorySize = lib.mkVMOverride 4096;
imports = with self.nixosModules; [ mastodon-vm ];
imports = [ ./../vm/mastodon-vm.nix ];
# TODO: pair down
environment.systemPackages = with pkgs; [
python3

View file

@ -1,4 +1,4 @@
{ pkgs, self }:
{ pkgs }:
let
lib = pkgs.lib;
rebuildableTest = import ./rebuildableTest.nix pkgs;
@ -136,7 +136,7 @@ pkgs.nixosTest {
memorySize = lib.mkVMOverride 8192;
cores = 8;
};
imports = with self.nixosModules; [ pixelfed-vm ];
imports = [ ../../vm/pixelfed-vm.nix ];
# TODO: pair down
environment.systemPackages = with pkgs; [
python3

36
vm/disk-layout.nix Normal file
View file

@ -0,0 +1,36 @@
{ ... }:
{
disko.devices.disk.main = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
MBR = {
priority = 0;
size = "1M";
type = "EF02";
};
ESP = {
priority = 1;
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
priority = 2;
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
}