From b50bb442f7bce486f381a0eb585f658583b7a91d Mon Sep 17 00:00:00 2001 From: Kiara Grouwstra Date: Tue, 23 Sep 2025 10:44:45 +0200 Subject: [PATCH] get nix run to build a vm bootable by qemu ``` cp /nix/store/.../nixos.img disk.raw chmod 0644 disk.raw qemu-system-x86_64 -enable-kvm -m 2048 -drive if=virtio,file=./disk.raw,format=raw -bios "$(nix eval --impure --expr '(import { }).OVMF.fd.outPath' | jq -r)/FV/OVMF.fd" ``` Signed-off-by: Kiara Grouwstra --- deployment/check/common/data-model.nix | 42 ++- deployment/check/common/deployerNode.nix | 1 + deployment/check/common/targetNode.nix | 2 +- .../data-model-bash-proxmox/constants.nix | 11 + .../check/data-model-bash-proxmox/default.nix | 48 ++++ .../data-model-bash-proxmox/nixosTest.nix | 245 ++++++++++++++++++ deployment/nixos.nix | 10 +- flake.nix | 75 ++++++ infra/common/nixos/default.nix | 1 + infra/common/nixos/repart.nix | 102 ++++++++ infra/common/proxmox-qemu-vm.nix | 14 +- infra/proxmox-provision.sh | 85 ++++-- infra/proxmox-remove.sh | 3 +- 13 files changed, 605 insertions(+), 34 deletions(-) create mode 100644 deployment/check/data-model-bash-proxmox/constants.nix create mode 100644 deployment/check/data-model-bash-proxmox/default.nix create mode 100644 deployment/check/data-model-bash-proxmox/nixosTest.nix create mode 100644 infra/common/nixos/repart.nix diff --git a/deployment/check/common/data-model.nix b/deployment/check/common/data-model.nix index 321d5a38..dac46ea2 100644 --- a/deployment/check/common/data-model.nix +++ b/deployment/check/common/data-model.nix @@ -123,10 +123,50 @@ let imports = [ ./data-model-options.nix ../common/sharedOptions.nix - ../common/targetNode.nix + # ../common/targetNode.nix "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" + # ../../../infra/common/nixos/repart.nix + # disko needed in makeInstallerIso.nix + # "${sources.disko}/module.nix" + # ../../../infra/common/proxmox-qemu-vm.nix ]; + # boot.loader.systemd-boot.enable = true; + # boot.loader.efi.efiSysMountPoint = "/boot"; + # boot.loader.systemd-boot.memtest86.enable = true; + # boot.loader.systemd-boot.netbootxyz.enable = true; + # boot.loader.systemd-boot.edk2-uefi-shell.enable = true; + # boot.loader.efi.canTouchEfiVariables = true; + # boot.loader.systemd-boot.extraEntries = { + # "banana.conf" = '' + # title banana + # ''; + # }; + # # proxmox.qemuConf.bios == "ovmf"; + + # boot.growPartition = true; + # boot.kernelParams = [ "console=ttyS0" ]; + # boot.loader.timeout = 1; + + # # users.users.root.initialPassword = "root"; + # boot.loader.grub.enable = true; + # # boot.loader.grub.device = "/dev/vda"; + # # boot.loader.grub.device = "/dev/sda"; + # # boot.loader.grub.device = "/dev/sda1"; + # # boot.loader.grub.device = "/dev/sda2"; + # # boot.loader.grub.device = "/dev/sda3"; + # # boot.loader.grub.device = "/dev/disk/by-partlabel/disk-main-root"; + # # boot.loader.grub.device = "/dev/disk/by-partlabel/disk-main-nixos"; + # # boot.loader.grub.device = "/dev/disk/by-partlabel/disk-main-esp"; + # # boot.loader.grub.device = "/dev/disk/by-partlabel/root"; + # boot.loader.grub.device = "/dev/disk/by-partlabel/esp"; + # # boot.loader.grub.device = "/dev/disk/by-partlabel/nixos"; + # # boot.loader.grub.device = "/dev/disk/by-uuid/aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa"; + # # boot.loader.grub.device = "/dev/disk/by-uuid/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb"; + # boot.loader.grub.efiSupport = lib.mkDefault true; + # boot.loader.grub.efiInstallAsRemovable = lib.mkDefault true; + system.stateVersion = "25.05"; + users.users = environment.config.resources."operator-environment".login-shell.apply { resources = lib.filterAttrs (_name: value: value ? login-shell) ( lib.concatMapAttrs ( diff --git a/deployment/check/common/deployerNode.nix b/deployment/check/common/deployerNode.nix index dcb5deef..d6e1a9fa 100644 --- a/deployment/check/common/deployerNode.nix +++ b/deployment/check/common/deployerNode.nix @@ -62,6 +62,7 @@ in sources.nixpkgs sources.flake-inputs sources.git-hooks + sources.disko pkgs.stdenv pkgs.stdenvNoCC diff --git a/deployment/check/common/targetNode.nix b/deployment/check/common/targetNode.nix index e88be811..8abc6aed 100644 --- a/deployment/check/common/targetNode.nix +++ b/deployment/check/common/targetNode.nix @@ -16,7 +16,7 @@ in imports = [ (modulesPath + "/profiles/qemu-guest.nix") - (modulesPath + "/../lib/testing/nixos-test-base.nix") + # (modulesPath + "/../lib/testing/nixos-test-base.nix") ./sharedOptions.nix ]; diff --git a/deployment/check/data-model-bash-proxmox/constants.nix b/deployment/check/data-model-bash-proxmox/constants.nix new file mode 100644 index 00000000..e7e9c18a --- /dev/null +++ b/deployment/check/data-model-bash-proxmox/constants.nix @@ -0,0 +1,11 @@ +{ + targetMachines = [ + "mypve" + ]; + pathToRoot = builtins.path { + path = ../../..; + name = "root"; + }; + pathFromRoot = "/deployment/check/data-model-bash-proxmox"; + enableAcme = true; +} diff --git a/deployment/check/data-model-bash-proxmox/default.nix b/deployment/check/data-model-bash-proxmox/default.nix new file mode 100644 index 00000000..e6f7b08f --- /dev/null +++ b/deployment/check/data-model-bash-proxmox/default.nix @@ -0,0 +1,48 @@ +{ + runNixOSTest, + inputs, + sources, + system, +}: + +let + pkgs = import sources.nixpkgs-stable { + inherit system; + overlays = [ overlay ]; + }; + overlay = _: _: { + inherit + (import "${sources.proxmox-nixos}/pkgs" { + craneLib = pkgs.callPackage "${sources.crane}/lib" { }; + # breaks from https://github.com/NixOS/nixpkgs/commit/06b354eb2dc535c57e9b4caaa16d79168f117a26, + # which updates libvncserver to 0.9.15, which was not yet patched at https://git.proxmox.com/?p=vncterm.git. + inherit pkgs; + # not so picky about version for our purposes + pkgs-unstable = pkgs; + }) + proxmox-ve + pve-ha-manager + ; + }; +in +runNixOSTest { + node.specialArgs = { + inherit + sources + pkgs + ; + }; + imports = [ + ../../data-model.nix + ../../function.nix + ../common/nixosTest.nix + ./nixosTest.nix + ]; + _module.args = { inherit inputs sources; }; + inherit (import ./constants.nix) + targetMachines + pathToRoot + pathFromRoot + enableAcme + ; +} diff --git a/deployment/check/data-model-bash-proxmox/nixosTest.nix b/deployment/check/data-model-bash-proxmox/nixosTest.nix new file mode 100644 index 00000000..f083634c --- /dev/null +++ b/deployment/check/data-model-bash-proxmox/nixosTest.nix @@ -0,0 +1,245 @@ +{ + lib, + pkgs, + sources, + ... +}: +let + inherit (pkgs) system; + deployment-config = { + inherit (import ./constants.nix) pathToRoot; + nodeName = "pve"; + targetSystem = system; + sshOpts = [ ]; + proxmox-user = "root@pam"; + proxmox-password = "mytestpw"; + node-name = "pve"; + vm-names = [ "test14" ]; + }; + # FIXME generate the image `nixos-generate` was to make, but now do it for a desired `-c configuration.nix` rather than whatever generic thing now + deployment = + (import ../common/data-model.nix { + inherit system; + config = deployment-config; + # opt not to pass `inputs`, as we could only pass serializable arguments through to its self-call + })."bash-proxmox-deployment".bash-proxmox-host; + # tracking non-tarball downloads seems unsupported still in npins: + # https://github.com/andir/npins/issues/163 + minimalIso = pkgs.fetchurl { + url = "https://releases.nixos.org/nixos/24.05/nixos-24.05.7139.bcba2fbf6963/nixos-minimal-24.05.7139.bcba2fbf6963-x86_64-linux.iso"; + hash = "sha256-plre/mIHdIgU4xWU+9xErP+L4i460ZbcKq8iy2n4HT8="; + }; +in +{ + _class = "nixosTest"; + imports = [ + ../common/data-model-options.nix + ]; + + name = "deployment-model"; + sourceFileset = lib.fileset.unions [ + ../../run/tf-proxmox/run.sh + ]; + + nodes.pve = + { sources, ... }: + { + imports = [ + "${sources.proxmox-nixos}/modules/proxmox-ve" + ]; + users.users.root = { + password = "mytestpw"; + hashedPasswordFile = lib.mkForce null; + }; + services.proxmox-ve = { + enable = true; + ipAddress = "192.168.1.1"; + vms = { + myvm1 = { + vmid = 100; + memory = 1024; + cores = 1; + sockets = 1; + kvm = true; + scsi = [ { file = "local:16"; } ]; + cdrom = "local:iso/minimal.iso"; + }; + }; + }; + virtualisation = { + additionalPaths = [ minimalIso ]; + diskSize = 2*1024; + memorySize = 2048; + }; + }; + + nodes.deployer = + { ... }: + { + nix.nixPath = [ + (lib.concatStringsSep ":" (lib.mapAttrsToList (k: v: k + "=" + v) sources)) + ]; + + environment.systemPackages = [ + deployment.run + ]; + + # needed only when building from deployer + system.extraDependenciesFromModule = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + hello + ]; + }; + system.extraDependencies = + # (lib.lists.map lib.traceVal) + # ( + # (lib.lists.concatMap ( + # pkg: + # ( + # if + # pkg ? inputDerivation + # # error: output '/nix/store/dki9d3vldafg9ydrfm7x0g0rr0qljk98-sudo-1.9.16p2' is not allowed to refer to the following paths: + # # /nix/store/2xdmps65ryklmbf025bm4pxv16gb8ajv-sudo-1.9.16p2.tar.gz + # # /nix/store/58br4vk3q5akf4g8lx0pqzfhn47k3j8d-bash-5.2p37 + # # /nix/store/8v6k283dpbc0qkdq81nb6mrxrgcb10i1-gcc-wrapper-14-20241116 + # # /nix/store/9r1nl9ksiyszy4qzzg6y2gcdkca0xmhy-stdenv-linux + # # /nix/store/a4rmp6in7igbl1wbz9pli5nq0wiclq0y-groff-1.23.0 + # # /nix/store/dki9d3vldafg9ydrfm7x0g0rr0qljk98-sudo-1.9.16p2 + # # /nix/store/f5y58qz2fzpzgkhp0nizixi10x04ppyy-linux-pam-1.6.1 + # # /nix/store/shkw4qm9qcw5sc5n1k5jznc83ny02r39-default-builder.sh + # # /nix/store/vj1c3wf9c11a0qs6p3ymfvrnsdgsdcbq-source-stdenv.sh + # # /nix/store/yh6qg1nsi5h2xblcr67030pz58fsaxx3-coreutils-9.6 + # && !(lib.strings.hasInfix "sudo" (lib.traceVal (builtins.toString pkg))) + # then + # lib.trace "yes" [ + # # lib.traceVal pkg.inputDerivation # not of type `path in the Nix store' + # ( + # ( + # x: builtins.trace "${builtins.toString pkg}: ${builtins.toString (lib.isPath x.inputDerivation)}" x + # ) + # pkg + # ).inputDerivation + # ] + # else + # lib.trace "no" [ ] + # ) + # ) machine.environment.systemPackages) + # ++ (let + # base = + # (import "${pkgs.nixos-generators}/share/nixos-generator/nixos-generate.nix" { + # inherit system; + # inherit (sources) nixpkgs; + # formatConfig = "${pkgs.nixos-generators}/share/nixos-generator/formats/proxmox.nix"; + # configuration = "${pkgs.nixos-generators}/share/nixos-generator/configuration.nix"; + # }).config; + # in [ + # base.system.build.toplevel.inputDerivation + # base.system.build.etc.inputDerivation + # base.system.build.etcBasedir.inputDerivation + # base.system.build.etcMetadataImage.inputDerivation + # base.system.build.extraUtils.inputDerivation + # base.system.path.inputDerivation + # base.system.build.setEnvironment.inputDerivation + # base.system.build.vm.inputDerivation + # base.system.build.bootStage1.inputDerivation + # base.system.build.bootStage2.inputDerivation + # ]) + # ++ + [ + # ) + # ( + # (x: builtins.trace "machine.system.build.vm.inputDerivation: ${builtins.toString (lib.isPath x)}" x) + # machine.system.build.toplevel.inputDerivation + # machine.system.build.etc.inputDerivation + # machine.system.build.etcBasedir.inputDerivation + # machine.system.build.etcMetadataImage.inputDerivation + # machine.system.build.extraUtils.inputDerivation + # machine.system.path.inputDerivation + # machine.system.build.setEnvironment.inputDerivation + # machine.system.build.vm.inputDerivation + # machine.system.build.bootStage1.inputDerivation + # machine.system.build.bootStage2.inputDerivation + pkgs.gnu-config + # pkgs.gnu-config.inputDerivation + pkgs.byacc + # pkgs.byacc.inputDerivation + pkgs.stdenv + pkgs.stdenvNoCC + sources.nixpkgs + pkgs.vte + + # ( + # ## We build a whole NixOS system that contains the module + # ## `system.extraDependenciesFromModule`, only to grab its + # ## configuration and the store paths needed to build it and + # ## dump them in `system.extraDependencies`. + # # see: https://git.fediversity.eu/Fediversity/Fediversity/pulls/338/files + + # pkgs.closureInfo { + # rootPaths = map (drv: drv.drvPath) ( + # [ + # machine.system.build.toplevel.inputDerivation + # machine.system.build.etc.inputDerivation + # machine.system.build.etcBasedir.inputDerivation + # machine.system.build.etcMetadataImage.inputDerivation + # machine.system.build.extraUtils.inputDerivation + # machine.system.path.inputDerivation + # machine.system.build.setEnvironment.inputDerivation + # machine.system.build.vm.inputDerivation + # machine.system.build.bootStage1.inputDerivation + # machine.system.build.bootStage2.inputDerivation + # ] + # ++ lib.concatMap (x: if x ? source.inputDerivation then [ x.source.inputDerivation ] else [ ]) ( + # lib.attrValues machine.environment.etc + # ) + # ++ machine.environment.systemPackages + # ); + # } + # ) + + ] + # ++ lib.concatLists ( + # lib.mapAttrsToList ( + # _k: v: + # if v ? source.inputDerivation then + # [ + # # v.source.inputDerivation + # ( + # ( + # x: + # builtins.trace "${builtins.toString (lib.attrNames v)}: ${builtins.toString (lib.isPath x.source.inputDerivation)}" x + # ) + # v + # ).source.inputDerivation + # ] + # else + # [ ] + # ) machine.environment.etc + # ) + # ) + ; + }; + + extraTestScript = '' + pve.wait_for_unit("pveproxy.service") + assert "running" in pve.succeed("pveproxy status") + pve.succeed("mkdir -p /run/pve") + assert "Proxmox" in pve.succeed("curl -s -i -k https://localhost:8006") + # pve.succeed("pvesh get /nodes && exit 1") + + # pve.succeed("pvesh set /access/password --userid root@pam --password mypwdlol --confirmation-password mytestpw 1>&2") + # pve.succeed("curl -s -i -k -d '{\"userid\":\"root@pam\",\"password\":\"mypwdhaha\",\"confirmation-password\":\"mypwdlol\"}' -X PUT https://localhost:8006/api2/json/access/password 1>&2") + # on mistake: 401 No ticket + # pve.succeed("haha") + + with subtest("Run the deployment"): + # target.fail("hello 1>&2") + deployer.succeed(""" + ${lib.getExe deployment.run} + """) + # target.wait_for_unit("multi-user.target") + # target.succeed("su - operator -c hello 1>&2") + ''; +} diff --git a/deployment/nixos.nix b/deployment/nixos.nix index 5dde156e..54d65812 100644 --- a/deployment/nixos.nix +++ b/deployment/nixos.nix @@ -12,8 +12,8 @@ let modules = [ configuration ]; }; in -{ - inherit (eval) pkgs config options; - system = eval.config.system.build.toplevel; - inherit (eval.config.system.build) vm vmWithBootLoader; -} + { + inherit (eval) pkgs config options; + system = eval.config.system.build.toplevel; + inherit (eval.config.system.build) vm vmWithBootLoader; + } diff --git a/flake.nix b/flake.nix index cab1e641..e3d47627 100644 --- a/flake.nix +++ b/flake.nix @@ -52,6 +52,81 @@ trim-trailing-whitespace.enable = true; shellcheck.enable = true; }; + + # https://192.168.51.81:8006/#v1:0:=node%2Fnode051:4:::::8::=apitokens + + # apps.default = { + # type = "app"; + # program = pkgs.writers.writeBashBin "provision-proxmox.sh" + # { + # makeWrapperArgs = [ + # "--prefix" + # "PATH" + # ":" + # "${lib.makeBinPath [ + # pkgs.jq + # pkgs.httpie + # ]}" + # ]; + # } + # '' + # sh ./infra/proxmox-remove.sh --api-url "https://192.168.51.81:8006/api2/json" --username "kiara@ProcoliX" --password "" 7014 # test14 + # sh ./infra/proxmox-provision.sh --api-url "https://192.168.51.81:8006/api2/json" --username "kiara@ProcoliX" --password "" test14 + # ''; + # }; + + # api_token = "terraform@pve!provider=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" + # kiara@ProcoliX!dsdfsfdsfd=30df234b-02f3-4ed9-b778-00d28ad3499c + + # # iso: No bootable option or device was found + # apps.default = let + # inherit (pkgs) system; + # deployment = + # (import ./deployment/check/common/data-model.nix { + # inherit system; + # config = { + # targetSystem = system; + # nodeName = "192.168.51.81"; # root@fediversity-proxmox + # pathToRoot = builtins.path { + # path = ./.; + # name = "root"; + # }; + # sshOpts = []; + # proxmox-user = "kiara@ProcoliX"; + # proxmox-password = ""; + # node-name = "node051"; + # vm-names = [ "test14" ]; + # }; + # })."bash-proxmox-deployment".bash-proxmox-host; + # in { + # type = "app"; + # program = deployment.run; + # }; + + apps.default = let + inherit (pkgs) system; + deployment = + (import ./deployment/check/common/data-model.nix { + inherit system; + config = { + targetSystem = system; + nodeName = "192.168.51.81"; # root@fediversity-proxmox + pathToRoot = builtins.path { + path = ./.; + name = "root"; + }; + sshOpts = []; + proxmox-user = "kiara@ProcoliX"; + proxmox-password = ""; + node-name = "node051"; + }; + # opt not to pass `inputs`, as we could only pass serializable arguments through to its self-call + })."tf-proxmox-deployment".tf-proxmox-host; + in { + type = "app"; + program = deployment.run; + }; + }; } ); diff --git a/infra/common/nixos/default.nix b/infra/common/nixos/default.nix index 71b08426..e3cfee5c 100644 --- a/infra/common/nixos/default.nix +++ b/infra/common/nixos/default.nix @@ -10,6 +10,7 @@ in imports = [ ./networking.nix ./users.nix + ./repart.nix ]; time.timeZone = "Europe/Amsterdam"; diff --git a/infra/common/nixos/repart.nix b/infra/common/nixos/repart.nix new file mode 100644 index 00000000..53510ac2 --- /dev/null +++ b/infra/common/nixos/repart.nix @@ -0,0 +1,102 @@ +{ config, pkgs, modulesPath, ... }: +{ + + imports = [ "${modulesPath}/image/repart.nix" ]; + + fileSystems."/".device = "/dev/disk/by-label/nixos"; + + # https://nixos.org/manual/nixos/stable/#sec-image-repart + # https://x86.lol/generic/2024/08/28/systemd-sysupdate.html + image.repart = { + name = "image"; + partitions = { + "esp" = { + # The contents to end up in the filesystem image. + contents = { + "/EFI/BOOT/BOOTX64.EFI".source = "${pkgs.systemd}/lib/systemd/boot/efi/systemd-bootx64.efi"; + # https://man.archlinux.org/man/loader.conf.5 + "/loader/entries/loader.conf".source = pkgs.writeText "loader.conf" '' + timeout 0 + editor yes + default * + logLevel=debug + ''; + "/loader/loader.conf".source = pkgs.writeText "loader.conf" '' + timeout 0 + editor yes + default * + logLevel=debug + ''; + # nixos-*.conf + # "/loader/entries/nixos.conf".source = pkgs.writeText "nixos.conf" '' + # title NixOS + # linux /EFI/nixos/kernel.efi + # initrd /EFI/nixos/initrd.efi + # options init=/nix/store/.../init root=LABEL=nixos + # ''; + }; + # https://www.man7.org/linux//man-pages/man5/repart.d.5.html + repartConfig = { + Priority = 1; + Type = "esp"; + MountPoint = "/boot"; + Format = "vfat"; + UUID = "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa"; + SizeMinBytes = "500M"; + SizeMaxBytes = "500M"; + }; + }; + "root" = { + storePaths = [ config.system.build.toplevel ]; + repartConfig = { + Priority = 2; + Type = "root"; + Label = "nixos"; + MountPoint = "/"; + Format = "ext4"; + UUID = "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb"; + # populates the fs twice + Minimize = "guess"; + # Minimize = "off"; + # SizeMinBytes = "1G"; + # SizeMaxBytes = "20G"; + }; + }; + }; + }; + + # disko.devices.disk.main = { + # device = "/dev/sda"; + # type = "disk"; + # content = { + # type = "gpt"; + # partitions = { + # MBR = { + # priority = 0; + # size = "1M"; + # type = "EF02"; + # }; + # ESP = { + # priority = 1; + # size = "500M"; + # type = "EF00"; + # content = { + # type = "filesystem"; + # format = "vfat"; + # mountpoint = "/boot"; + # }; + # }; + # root = { + # priority = 2; + # size = "100%"; + # content = { + # type = "filesystem"; + # format = "ext4"; + # mountpoint = "/"; + # }; + # }; + # }; + # }; + # }; + +} diff --git a/infra/common/proxmox-qemu-vm.nix b/infra/common/proxmox-qemu-vm.nix index 6b4970b3..4c85ffb0 100644 --- a/infra/common/proxmox-qemu-vm.nix +++ b/infra/common/proxmox-qemu-vm.nix @@ -23,20 +23,20 @@ }; disko.devices.disk.main = { - device = "/dev/sda"; + device = "/dev/vda"; type = "disk"; content = { type = "gpt"; partitions = { - MBR = { - priority = 0; - size = "1M"; - type = "EF02"; - }; + # mbr = { + # priority = 0; + # size = "1M"; + # type = "EF02"; + # }; - ESP = { + esp = { priority = 1; size = "500M"; type = "EF00"; diff --git a/infra/proxmox-provision.sh b/infra/proxmox-provision.sh index 8fa3cd56..28ced33d 100755 --- a/infra/proxmox-provision.sh +++ b/infra/proxmox-provision.sh @@ -7,7 +7,7 @@ set -euC ## FIXME: There seems to be a problem with file upload where the task is ## registered to `node051` no matter what node we are actually uploading to? For ## now, let us just use `node051` everywhere. -readonly node=node051 +node=node051 readonly tmpdir=/tmp/proxmox-provision-$RANDOM mkdir $tmpdir @@ -69,6 +69,7 @@ while [ $# -gt 0 ]; do --api-url|--api_url) readonly api_url="$1"; shift ;; --username) readonly username="$1"; shift ;; --password) readonly password="$1"; shift ;; + --node) readonly node="$1"; shift ;; --debug) debug=true ;; @@ -172,11 +173,24 @@ grab_vm_options () { printf 'Grabing VM options for VM %s...\n' "$vm_name" options=$( - nix --extra-experimental-features 'nix-command flakes' eval \ - --impure --raw --expr " - builtins.toJSON (builtins.getFlake (builtins.toString ./.)).vmOptions.$vm_name - " \ - --log-format raw --quiet + # nix --extra-experimental-features 'nix-command flakes' eval \ + # --impure --raw --expr " + # builtins.toJSON (builtins.getFlake (builtins.toString ./.)).vmOptions.$vm_name + # " \ + # --log-format raw --quiet + echo ' + { + "description":"", + "sockets":1, + "cores":1, + "memory":2048, + "diskSize":32, + "name":"test14", + "vmId":7014, + "hostPublicKey":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHTbxDzq3xFeLvrXs6tyTE08o3CekYZmqFeGmkcHmf21", + "unsafeHostPrivateKey":"-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACB028Q86t8RXi7617OrckxNPKNwnpGGZqhXhppHB5n9tQAAAIhfhYlCX4WJ\nQgAAAAtzc2gtZWQyNTUxOQAAACB028Q86t8RXi7617OrckxNPKNwnpGGZqhXhppHB5n9tQ\nAAAEAualLRodpovSzGAhza2OVvg5Yp8xv3A7xUNNbKsMTKSHTbxDzq3xFeLvrXs6tyTE08\no3CekYZmqFeGmkcHmf21AAAAAAECAwQF\n-----END OPENSSH PRIVATE KEY-----\n" + } + ' ) vm_id=$(echo "$options" | jq -r .vmId) @@ -221,17 +235,44 @@ build_iso () { fi nix --extra-experimental-features 'nix-command flakes' build \ + # --impure --expr " + # let flake = builtins.getFlake (builtins.toString ./.); in + # import ./infra/makeInstallerIso.nix { + # nixosConfiguration = flake.nixosConfigurations.$vm_name; + # # FIXME pass nixpkgs from npins + # $nix_host_keys + # } + # " \ + # --log-format raw --quiet \ + # --out-link "$tmpdir/installer-$vm_name" + + # nix --extra-experimental-features 'nix-command' build \ + # --impure --expr " + # import ./infra/makeInstallerIso.nix { + # # nixosConfiguration = $configuration; + # nixosConfiguration = import $configuration; + # $nix_host_keys + # } + # " \ + # --log-format raw --quiet \ + # --out-link "$tmpdir/installer-$vm_name" + + # TODO after install: $nix_host_keys + # cp $tmpdir/${vm_name}_host_key /mnt/etc/ssh/ssh_host_ed25519_key + # chmod 600 /mnt/etc/ssh/ssh_host_ed25519_key + # cp $tmpdir/${vm_name}_host_key.pub /mnt/etc/ssh/ssh_host_ed25519_key.pub + # chmod 644 /mnt/etc/ssh/ssh_host_ed25519_key.pub + + # nix --extra-experimental-features 'nix-command' build \ --impure --expr " - let flake = builtins.getFlake (builtins.toString ./.); in - import ./infra/makeInstallerIso.nix { - nixosConfiguration = flake.nixosConfigurations.$vm_name; - # FIXME pass nixpkgs from npins - $nix_host_keys - } + (import $configuration).config.system.build.image " \ --log-format raw --quiet \ --out-link "$tmpdir/installer-$vm_name" + # ls "$tmpdir/installer-$vm_name" + # ls "$tmpdir/installer-$vm_name/image.raw" + # shellcheck disable=SC2181 if [ $? -ne 0 ]; then die 'Something went wrong when building ISO for VM %s. @@ -239,7 +280,8 @@ Check the Nix logs and fix things. Possibly there just is no NixOS configuration "$vm_name" fi - ln -sf "$(ls "$tmpdir/installer-$vm_name"/iso/nixos-*.iso)" "$tmpdir/installer-$vm_name.iso" + # ln -sf "$(ls "$tmpdir/installer-$vm_name"/iso/nixos-*.iso)" "$tmpdir/installer-$vm_name.iso" + ln -sf "$(ls "$tmpdir/installer-$vm_name"/image.raw)" "$tmpdir/installer-$vm_name.raw" printf 'done building ISO for VM %s.\n' "$vm_name" release_lock build @@ -253,8 +295,8 @@ upload_iso () { printf 'Uploading ISO for VM %s...\n' "$vm_name" proxmox_sync POST "$api_url/nodes/$node/storage/local/upload" \ - "filename@$tmpdir/installer-$vm_name.iso" \ - content==iso + "filename@$tmpdir/installer-$vm_name.raw" \ + content==raw printf 'done uploading ISO for VM %s.\n' "$vm_name" release_lock upload @@ -266,7 +308,7 @@ upload_iso () { remove_iso () { printf 'Removing ISO for VM %s...\n' "$vm_name" - proxmox_sync DELETE "$api_url/nodes/$node/storage/local/content/local:iso/installer-$vm_name.iso" + proxmox_sync DELETE "$api_url/nodes/$node/storage/local/content/local:iso/installer-$vm_name.raw" printf 'done removing ISO for VM %s.\n' "$vm_name" } @@ -284,7 +326,7 @@ create_vm () { pool==Fediversity \ description=="$description" \ \ - ide2=="local:iso/installer-$vm_name.iso,media=cdrom" \ + ide2=="local:iso/installer-$vm_name.raw,media=cdrom" \ ostype==l26 \ \ bios==ovmf \ @@ -360,8 +402,13 @@ provision_vm () ( remove_iso ) -for vm_name in $vm_names; do - provision_vm "$vm_name" & +# FIXME make vm_names a thing from $vm_name to $configuration? +# for vm_name in $vm_names; do +# provision_vm "$vm_name" & +# done +for chunk in $vm_names; do + IFS=: read -r vm_name configuration <<< "$chunk" + provision_vm "$vm_name" "$configuration" & done nb_errors=0 diff --git a/infra/proxmox-remove.sh b/infra/proxmox-remove.sh index 1ab46938..361f0e3d 100755 --- a/infra/proxmox-remove.sh +++ b/infra/proxmox-remove.sh @@ -7,7 +7,7 @@ set -euC ## FIXME: There seems to be a problem with file upload where the task is ## registered to `node051` no matter what node we are actually uploading to? For ## now, let us just use `node051` everywhere. -readonly node=node051 +node=node051 readonly tmpdir=/tmp/proxmox-remove-$RANDOM mkdir $tmpdir @@ -59,6 +59,7 @@ while [ $# -gt 0 ]; do --api-url|--api_url) readonly api_url="$1"; shift ;; --username) readonly username=$1; shift ;; --password) readonly password=$1; shift ;; + --node) readonly node="$1"; shift ;; -h|-\?|--help) help; exit 0 ;;