kiara/Fediversity
1
0
Fork 0
forked from fediversity/fediversity
Code Pull requests Activity

get nix run to build a vm bootable by qemu

Browse source 
```
cp /nix/store/.../nixos.img disk.raw
chmod 0644 disk.raw
qemu-system-x86_64 -enable-kvm -m 2048 -drive
if=virtio,file=./disk.raw,format=raw -bios "$(nix eval --impure --expr
'(import <nixpkgs> { }).OVMF.fd.outPath' | jq -r)/FV/OVMF.fd"
```

Signed-off-by: Kiara Grouwstra <kiara@procolix.eu>
This commit is contained in:
Kiara Grouwstra 2025-09-23 10:44:45 +02:00
parent 3af76d2286
commit b50bb442f7
Signed by: kiara
SSH key fingerprint: SHA256:COspvLoLJ5WC5rFb9ZDe5urVCkK4LJZOsjfF4duRJFU
13 changed files with 605 additions and 34 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
deployment/check/common/data-model.nix
View file

@ -123,10 +123,50 @@ let
imports = [ imports = [
./data-model-options.nix ./data-model-options.nix
../common/sharedOptions.nix ../common/sharedOptions.nix
../common/targetNode.nix # ../common/targetNode.nix
"${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix"
# ../../../infra/common/nixos/repart.nix
# disko needed in makeInstallerIso.nix
# "${sources.disko}/module.nix"
# ../../../infra/common/proxmox-qemu-vm.nix
]; ];
# boot.loader.systemd-boot.enable = true;
# boot.loader.efi.efiSysMountPoint = "/boot";
# boot.loader.systemd-boot.memtest86.enable = true;
# boot.loader.systemd-boot.netbootxyz.enable = true;
# boot.loader.systemd-boot.edk2-uefi-shell.enable = true;
# boot.loader.efi.canTouchEfiVariables = true;
# boot.loader.systemd-boot.extraEntries = {
# "banana.conf" = ''
# title banana
# '';
# };
# # proxmox.qemuConf.bios == "ovmf";
# boot.growPartition = true;
# boot.kernelParams = [ "console=ttyS0" ];
# boot.loader.timeout = 1;
# # users.users.root.initialPassword = "root";
# boot.loader.grub.enable = true;
# # boot.loader.grub.device = "/dev/vda";
# # boot.loader.grub.device = "/dev/sda";
# # boot.loader.grub.device = "/dev/sda1";
# # boot.loader.grub.device = "/dev/sda2";
# # boot.loader.grub.device = "/dev/sda3";
# # boot.loader.grub.device = "/dev/disk/by-partlabel/disk-main-root";
# # boot.loader.grub.device = "/dev/disk/by-partlabel/disk-main-nixos";
# # boot.loader.grub.device = "/dev/disk/by-partlabel/disk-main-esp";
# # boot.loader.grub.device = "/dev/disk/by-partlabel/root";
# boot.loader.grub.device = "/dev/disk/by-partlabel/esp";
# # boot.loader.grub.device = "/dev/disk/by-partlabel/nixos";
# # boot.loader.grub.device = "/dev/disk/by-uuid/aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
# # boot.loader.grub.device = "/dev/disk/by-uuid/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb";
# boot.loader.grub.efiSupport = lib.mkDefault true;
# boot.loader.grub.efiInstallAsRemovable = lib.mkDefault true;
system.stateVersion = "25.05";
users.users = environment.config.resources."operator-environment".login-shell.apply { users.users = environment.config.resources."operator-environment".login-shell.apply {
resources = lib.filterAttrs (_name: value: value ? login-shell) ( resources = lib.filterAttrs (_name: value: value ? login-shell) (
lib.concatMapAttrs ( lib.concatMapAttrs (

1
deployment/check/common/deployerNode.nix
View file

@ -62,6 +62,7 @@ in
sources.nixpkgs sources.nixpkgs
sources.flake-inputs sources.flake-inputs
sources.git-hooks sources.git-hooks
sources.disko
pkgs.stdenv pkgs.stdenv
pkgs.stdenvNoCC pkgs.stdenvNoCC

2
deployment/check/common/targetNode.nix
View file

@ -16,7 +16,7 @@ in
imports = [ imports = [
(modulesPath + "/profiles/qemu-guest.nix") (modulesPath + "/profiles/qemu-guest.nix")
(modulesPath + "/../lib/testing/nixos-test-base.nix") # (modulesPath + "/../lib/testing/nixos-test-base.nix")
./sharedOptions.nix ./sharedOptions.nix
]; ];

11
deployment/check/data-model-bash-proxmox/constants.nix Normal file
View file

@ -0,0 +1,11 @@
{
targetMachines = [
"mypve"
];
pathToRoot = builtins.path {
path = ../../..;
name = "root";
};
pathFromRoot = "/deployment/check/data-model-bash-proxmox";
enableAcme = true;
}

48
deployment/check/data-model-bash-proxmox/default.nix Normal file
View file

@ -0,0 +1,48 @@
{
runNixOSTest,
inputs,
sources,
system,
}:
let
pkgs = import sources.nixpkgs-stable {
inherit system;
overlays = [ overlay ];
};
overlay = _: _: {
inherit
(import "${sources.proxmox-nixos}/pkgs" {
craneLib = pkgs.callPackage "${sources.crane}/lib" { };
# breaks from https://github.com/NixOS/nixpkgs/commit/06b354eb2dc535c57e9b4caaa16d79168f117a26,
# which updates libvncserver to 0.9.15, which was not yet patched at https://git.proxmox.com/?p=vncterm.git.
inherit pkgs;
# not so picky about version for our purposes
pkgs-unstable = pkgs;
})
proxmox-ve
pve-ha-manager
;
};
in
runNixOSTest {
node.specialArgs = {
inherit
sources
pkgs
;
};
imports = [
../../data-model.nix
../../function.nix
../common/nixosTest.nix
./nixosTest.nix
];
_module.args = { inherit inputs sources; };
inherit (import ./constants.nix)
targetMachines
pathToRoot
pathFromRoot
enableAcme
;
}

245
deployment/check/data-model-bash-proxmox/nixosTest.nix Normal file
View file

@ -0,0 +1,245 @@
{
lib,
pkgs,
sources,
...
}:
let
inherit (pkgs) system;
deployment-config = {
inherit (import ./constants.nix) pathToRoot;
nodeName = "pve";
targetSystem = system;
sshOpts = [ ];
proxmox-user = "root@pam";
proxmox-password = "mytestpw";
node-name = "pve";
vm-names = [ "test14" ];
};
# FIXME generate the image `nixos-generate` was to make, but now do it for a desired `-c configuration.nix` rather than whatever generic thing now
deployment =
(import ../common/data-model.nix {
inherit system;
config = deployment-config;
# opt not to pass `inputs`, as we could only pass serializable arguments through to its self-call
})."bash-proxmox-deployment".bash-proxmox-host;
# tracking non-tarball downloads seems unsupported still in npins:
# https://github.com/andir/npins/issues/163
minimalIso = pkgs.fetchurl {
url = "https://releases.nixos.org/nixos/24.05/nixos-24.05.7139.bcba2fbf6963/nixos-minimal-24.05.7139.bcba2fbf6963-x86_64-linux.iso";
hash = "sha256-plre/mIHdIgU4xWU+9xErP+L4i460ZbcKq8iy2n4HT8=";
};
in
{
_class = "nixosTest";
imports = [
../common/data-model-options.nix
];
name = "deployment-model";
sourceFileset = lib.fileset.unions [
../../run/tf-proxmox/run.sh
];
nodes.pve =
{ sources, ... }:
{
imports = [
"${sources.proxmox-nixos}/modules/proxmox-ve"
];
users.users.root = {
password = "mytestpw";
hashedPasswordFile = lib.mkForce null;
};
services.proxmox-ve = {
enable = true;
ipAddress = "192.168.1.1";
vms = {
myvm1 = {
vmid = 100;
memory = 1024;
cores = 1;
sockets = 1;
kvm = true;
scsi = [ { file = "local:16"; } ];
cdrom = "local:iso/minimal.iso";
};
};
};
virtualisation = {
additionalPaths = [ minimalIso ];
diskSize = 2*1024;
memorySize = 2048;
};
};
nodes.deployer =
{ ... }:
{
nix.nixPath = [
(lib.concatStringsSep ":" (lib.mapAttrsToList (k: v: k + "=" + v) sources))
];
environment.systemPackages = [
deployment.run
];
# needed only when building from deployer
system.extraDependenciesFromModule =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
hello
];
};
system.extraDependencies =
# (lib.lists.map lib.traceVal)
# (
# (lib.lists.concatMap (
# pkg:
# (
# if
# pkg ? inputDerivation
# # error: output '/nix/store/dki9d3vldafg9ydrfm7x0g0rr0qljk98-sudo-1.9.16p2' is not allowed to refer to the following paths:
# # /nix/store/2xdmps65ryklmbf025bm4pxv16gb8ajv-sudo-1.9.16p2.tar.gz
# # /nix/store/58br4vk3q5akf4g8lx0pqzfhn47k3j8d-bash-5.2p37
# # /nix/store/8v6k283dpbc0qkdq81nb6mrxrgcb10i1-gcc-wrapper-14-20241116
# # /nix/store/9r1nl9ksiyszy4qzzg6y2gcdkca0xmhy-stdenv-linux
# # /nix/store/a4rmp6in7igbl1wbz9pli5nq0wiclq0y-groff-1.23.0
# # /nix/store/dki9d3vldafg9ydrfm7x0g0rr0qljk98-sudo-1.9.16p2
# # /nix/store/f5y58qz2fzpzgkhp0nizixi10x04ppyy-linux-pam-1.6.1
# # /nix/store/shkw4qm9qcw5sc5n1k5jznc83ny02r39-default-builder.sh
# # /nix/store/vj1c3wf9c11a0qs6p3ymfvrnsdgsdcbq-source-stdenv.sh
# # /nix/store/yh6qg1nsi5h2xblcr67030pz58fsaxx3-coreutils-9.6
# && !(lib.strings.hasInfix "sudo" (lib.traceVal (builtins.toString pkg)))
# then
# lib.trace "yes" [
# # lib.traceVal pkg.inputDerivation # not of type `path in the Nix store'
# (
# (
# x: builtins.trace "${builtins.toString pkg}: ${builtins.toString (lib.isPath x.inputDerivation)}" x
# )
# pkg
# ).inputDerivation
# ]
# else
# lib.trace "no" [ ]
# )
# ) machine.environment.systemPackages)
# ++ (let
# base =
# (import "${pkgs.nixos-generators}/share/nixos-generator/nixos-generate.nix" {
# inherit system;
# inherit (sources) nixpkgs;
# formatConfig = "${pkgs.nixos-generators}/share/nixos-generator/formats/proxmox.nix";
# configuration = "${pkgs.nixos-generators}/share/nixos-generator/configuration.nix";
# }).config;
# in [
# base.system.build.toplevel.inputDerivation
# base.system.build.etc.inputDerivation
# base.system.build.etcBasedir.inputDerivation
# base.system.build.etcMetadataImage.inputDerivation
# base.system.build.extraUtils.inputDerivation
# base.system.path.inputDerivation
# base.system.build.setEnvironment.inputDerivation
# base.system.build.vm.inputDerivation
# base.system.build.bootStage1.inputDerivation
# base.system.build.bootStage2.inputDerivation
# ])
# ++
[
# )
# (
# (x: builtins.trace "machine.system.build.vm.inputDerivation: ${builtins.toString (lib.isPath x)}" x)
# machine.system.build.toplevel.inputDerivation
# machine.system.build.etc.inputDerivation
# machine.system.build.etcBasedir.inputDerivation
# machine.system.build.etcMetadataImage.inputDerivation
# machine.system.build.extraUtils.inputDerivation
# machine.system.path.inputDerivation
# machine.system.build.setEnvironment.inputDerivation
# machine.system.build.vm.inputDerivation
# machine.system.build.bootStage1.inputDerivation
# machine.system.build.bootStage2.inputDerivation
pkgs.gnu-config
# pkgs.gnu-config.inputDerivation
pkgs.byacc
# pkgs.byacc.inputDerivation
pkgs.stdenv
pkgs.stdenvNoCC
sources.nixpkgs
pkgs.vte
# (
# ## We build a whole NixOS system that contains the module
# ## `system.extraDependenciesFromModule`, only to grab its
# ## configuration and the store paths needed to build it and
# ## dump them in `system.extraDependencies`.
# # see: https://git.fediversity.eu/Fediversity/Fediversity/pulls/338/files
# pkgs.closureInfo {
# rootPaths = map (drv: drv.drvPath) (
# [
# machine.system.build.toplevel.inputDerivation
# machine.system.build.etc.inputDerivation
# machine.system.build.etcBasedir.inputDerivation
# machine.system.build.etcMetadataImage.inputDerivation
# machine.system.build.extraUtils.inputDerivation
# machine.system.path.inputDerivation
# machine.system.build.setEnvironment.inputDerivation
# machine.system.build.vm.inputDerivation
# machine.system.build.bootStage1.inputDerivation
# machine.system.build.bootStage2.inputDerivation
# ]
# ++ lib.concatMap (x: if x ? source.inputDerivation then [ x.source.inputDerivation ] else [ ]) (
# lib.attrValues machine.environment.etc
# )
# ++ machine.environment.systemPackages
# );
# }
# )
]
# ++ lib.concatLists (
# lib.mapAttrsToList (
# _k: v:
# if v ? source.inputDerivation then
# [
# # v.source.inputDerivation
# (
# (
# x:
# builtins.trace "${builtins.toString (lib.attrNames v)}: ${builtins.toString (lib.isPath x.source.inputDerivation)}" x
# )
# v
# ).source.inputDerivation
# ]
# else
# [ ]
# ) machine.environment.etc
# )
# )
;
};
extraTestScript = ''
pve.wait_for_unit("pveproxy.service")
assert "running" in pve.succeed("pveproxy status")
pve.succeed("mkdir -p /run/pve")
assert "Proxmox" in pve.succeed("curl -s -i -k https://localhost:8006")
# pve.succeed("pvesh get /nodes && exit 1")
# pve.succeed("pvesh set /access/password --userid root@pam --password mypwdlol --confirmation-password mytestpw 1>&2")
# pve.succeed("curl -s -i -k -d '{\"userid\":\"root@pam\",\"password\":\"mypwdhaha\",\"confirmation-password\":\"mypwdlol\"}' -X PUT https://localhost:8006/api2/json/access/password 1>&2")
# on mistake: 401 No ticket
# pve.succeed("haha")
with subtest("Run the deployment"):
# target.fail("hello 1>&2")
deployer.succeed("""
${lib.getExe deployment.run}
""")
# target.wait_for_unit("multi-user.target")
# target.succeed("su - operator -c hello 1>&2")
'';
}

10
deployment/nixos.nix
View file

@ -12,8 +12,8 @@ let
modules = [ configuration ]; modules = [ configuration ];
}; };
in in
{ {
inherit (eval) pkgs config options; inherit (eval) pkgs config options;
system = eval.config.system.build.toplevel; system = eval.config.system.build.toplevel;
inherit (eval.config.system.build) vm vmWithBootLoader; inherit (eval.config.system.build) vm vmWithBootLoader;
} }

75
flake.nix
View file

@ -52,6 +52,81 @@
trim-trailing-whitespace.enable = true; trim-trailing-whitespace.enable = true;
shellcheck.enable = true; shellcheck.enable = true;
}; };
# https://192.168.51.81:8006/#v1:0:=node%2Fnode051:4:::::8::=apitokens
# apps.default = {
# type = "app";
# program = pkgs.writers.writeBashBin "provision-proxmox.sh"
# {
# makeWrapperArgs = [
# "--prefix"
# "PATH"
# ":"
# "${lib.makeBinPath [
# pkgs.jq
# pkgs.httpie
# ]}"
# ];
# }
# ''
# sh ./infra/proxmox-remove.sh --api-url "https://192.168.51.81:8006/api2/json" --username "kiara@ProcoliX" --password "" 7014 # test14
# sh ./infra/proxmox-provision.sh --api-url "https://192.168.51.81:8006/api2/json" --username "kiara@ProcoliX" --password "" test14
# '';
# };
# api_token = "terraform@pve!provider=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
# kiara@ProcoliX!dsdfsfdsfd=30df234b-02f3-4ed9-b778-00d28ad3499c
# # iso: No bootable option or device was found
# apps.default = let
# inherit (pkgs) system;
# deployment =
# (import ./deployment/check/common/data-model.nix {
# inherit system;
# config = {
# targetSystem = system;
# nodeName = "192.168.51.81"; # root@fediversity-proxmox
# pathToRoot = builtins.path {
# path = ./.;
# name = "root";
# };
# sshOpts = [];
# proxmox-user = "kiara@ProcoliX";
# proxmox-password = "";
# node-name = "node051";
# vm-names = [ "test14" ];
# };
# })."bash-proxmox-deployment".bash-proxmox-host;
# in {
# type = "app";
# program = deployment.run;
# };
apps.default = let
inherit (pkgs) system;
deployment =
(import ./deployment/check/common/data-model.nix {
inherit system;
config = {
targetSystem = system;
nodeName = "192.168.51.81"; # root@fediversity-proxmox
pathToRoot = builtins.path {
path = ./.;
name = "root";
};
sshOpts = [];
proxmox-user = "kiara@ProcoliX";
proxmox-password = "";
node-name = "node051";
};
# opt not to pass `inputs`, as we could only pass serializable arguments through to its self-call
})."tf-proxmox-deployment".tf-proxmox-host;
in {
type = "app";
program = deployment.run;
};
}; };
} }
); );

1
infra/common/nixos/default.nix
View file

@ -10,6 +10,7 @@ in
imports = [ imports = [
./networking.nix ./networking.nix
./users.nix ./users.nix
./repart.nix
]; ];
time.timeZone = "Europe/Amsterdam"; time.timeZone = "Europe/Amsterdam";

102
infra/common/nixos/repart.nix Normal file
View file

@ -0,0 +1,102 @@
{ config, pkgs, modulesPath, ... }:
{
imports = [ "${modulesPath}/image/repart.nix" ];
fileSystems."/".device = "/dev/disk/by-label/nixos";
# https://nixos.org/manual/nixos/stable/#sec-image-repart
# https://x86.lol/generic/2024/08/28/systemd-sysupdate.html
image.repart = {
name = "image";
partitions = {
"esp" = {
# The contents to end up in the filesystem image.
contents = {
"/EFI/BOOT/BOOTX64.EFI".source = "${pkgs.systemd}/lib/systemd/boot/efi/systemd-bootx64.efi";
# https://man.archlinux.org/man/loader.conf.5
"/loader/entries/loader.conf".source = pkgs.writeText "loader.conf" ''
timeout 0
editor yes
default *
logLevel=debug
'';
"/loader/loader.conf".source = pkgs.writeText "loader.conf" ''
timeout 0
editor yes
default *
logLevel=debug
'';
# nixos-*.conf
# "/loader/entries/nixos.conf".source = pkgs.writeText "nixos.conf" ''
# title NixOS
# linux /EFI/nixos/kernel.efi
# initrd /EFI/nixos/initrd.efi
# options init=/nix/store/.../init root=LABEL=nixos
# '';
};
# https://www.man7.org/linux//man-pages/man5/repart.d.5.html
repartConfig = {
Priority = 1;
Type = "esp";
MountPoint = "/boot";
Format = "vfat";
UUID = "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
SizeMinBytes = "500M";
SizeMaxBytes = "500M";
};
};
"root" = {
storePaths = [ config.system.build.toplevel ];
repartConfig = {
Priority = 2;
Type = "root";
Label = "nixos";
MountPoint = "/";
Format = "ext4";
UUID = "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb";
# populates the fs twice
Minimize = "guess";
# Minimize = "off";
# SizeMinBytes = "1G";
# SizeMaxBytes = "20G";
};
};
};
};
# disko.devices.disk.main = {
# device = "/dev/sda";
# type = "disk";
# content = {
# type = "gpt";
# partitions = {
# MBR = {
# priority = 0;
# size = "1M";
# type = "EF02";
# };
# ESP = {
# priority = 1;
# size = "500M";
# type = "EF00";
# content = {
# type = "filesystem";
# format = "vfat";
# mountpoint = "/boot";
# };
# };
# root = {
# priority = 2;
# size = "100%";
# content = {
# type = "filesystem";
# format = "ext4";
# mountpoint = "/";
# };
# };
# };
# };
# };
}

14
infra/common/proxmox-qemu-vm.nix
View file

@ -23,20 +23,20 @@
}; };
disko.devices.disk.main = { disko.devices.disk.main = {
device = "/dev/sda"; device = "/dev/vda";
type = "disk"; type = "disk";
content = { content = {
type = "gpt"; type = "gpt";
partitions = { partitions = {
MBR = { # mbr = {
priority = 0; # priority = 0;
size = "1M"; # size = "1M";
type = "EF02"; # type = "EF02";
}; # };
ESP = { esp = {
priority = 1; priority = 1;
size = "500M"; size = "500M";
type = "EF00"; type = "EF00";

85
infra/proxmox-provision.sh
View file

@ -7,7 +7,7 @@ set -euC
## FIXME: There seems to be a problem with file upload where the task is ## FIXME: There seems to be a problem with file upload where the task is
## registered to `node051` no matter what node we are actually uploading to? For ## registered to `node051` no matter what node we are actually uploading to? For
## now, let us just use `node051` everywhere. ## now, let us just use `node051` everywhere.
readonly node=node051 node=node051
readonly tmpdir=/tmp/proxmox-provision-$RANDOM readonly tmpdir=/tmp/proxmox-provision-$RANDOM
mkdir $tmpdir mkdir $tmpdir
@ -69,6 +69,7 @@ while [ $# -gt 0 ]; do
--api-url|--api_url) readonly api_url="$1"; shift ;; --api-url|--api_url) readonly api_url="$1"; shift ;;
--username) readonly username="$1"; shift ;; --username) readonly username="$1"; shift ;;
--password) readonly password="$1"; shift ;; --password) readonly password="$1"; shift ;;
--node) readonly node="$1"; shift ;;
--debug) debug=true ;; --debug) debug=true ;;
@ -172,11 +173,24 @@ grab_vm_options () {
printf 'Grabing VM options for VM %s...\n' "$vm_name" printf 'Grabing VM options for VM %s...\n' "$vm_name"
options=$( options=$(
nix --extra-experimental-features 'nix-command flakes' eval \ # nix --extra-experimental-features 'nix-command flakes' eval \
--impure --raw --expr " # --impure --raw --expr "
builtins.toJSON (builtins.getFlake (builtins.toString ./.)).vmOptions.$vm_name # builtins.toJSON (builtins.getFlake (builtins.toString ./.)).vmOptions.$vm_name
" \ # " \
--log-format raw --quiet # --log-format raw --quiet
echo '
{
"description":"",
"sockets":1,
"cores":1,
"memory":2048,
"diskSize":32,
"name":"test14",
"vmId":7014,
"hostPublicKey":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHTbxDzq3xFeLvrXs6tyTE08o3CekYZmqFeGmkcHmf21",
"unsafeHostPrivateKey":"-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACB028Q86t8RXi7617OrckxNPKNwnpGGZqhXhppHB5n9tQAAAIhfhYlCX4WJ\nQgAAAAtzc2gtZWQyNTUxOQAAACB028Q86t8RXi7617OrckxNPKNwnpGGZqhXhppHB5n9tQ\nAAAEAualLRodpovSzGAhza2OVvg5Yp8xv3A7xUNNbKsMTKSHTbxDzq3xFeLvrXs6tyTE08\no3CekYZmqFeGmkcHmf21AAAAAAECAwQF\n-----END OPENSSH PRIVATE KEY-----\n"
}
'
) )
vm_id=$(echo "$options" | jq -r .vmId) vm_id=$(echo "$options" | jq -r .vmId)
@ -221,17 +235,44 @@ build_iso () {
fi fi
nix --extra-experimental-features 'nix-command flakes' build \ nix --extra-experimental-features 'nix-command flakes' build \
# --impure --expr "
# let flake = builtins.getFlake (builtins.toString ./.); in
# import ./infra/makeInstallerIso.nix {
# nixosConfiguration = flake.nixosConfigurations.$vm_name;
# # FIXME pass nixpkgs from npins
# $nix_host_keys
# }
# " \
# --log-format raw --quiet \
# --out-link "$tmpdir/installer-$vm_name"
# nix --extra-experimental-features 'nix-command' build \
# --impure --expr "
# import ./infra/makeInstallerIso.nix {
# # nixosConfiguration = $configuration;
# nixosConfiguration = import $configuration;
# $nix_host_keys
# }
# " \
# --log-format raw --quiet \
# --out-link "$tmpdir/installer-$vm_name"
# TODO after install: $nix_host_keys
# cp $tmpdir/${vm_name}_host_key /mnt/etc/ssh/ssh_host_ed25519_key
# chmod 600 /mnt/etc/ssh/ssh_host_ed25519_key
# cp $tmpdir/${vm_name}_host_key.pub /mnt/etc/ssh/ssh_host_ed25519_key.pub
# chmod 644 /mnt/etc/ssh/ssh_host_ed25519_key.pub
# nix --extra-experimental-features 'nix-command' build \
--impure --expr " --impure --expr "
let flake = builtins.getFlake (builtins.toString ./.); in (import $configuration).config.system.build.image
import ./infra/makeInstallerIso.nix {
nixosConfiguration = flake.nixosConfigurations.$vm_name;
# FIXME pass nixpkgs from npins
$nix_host_keys
}
" \ " \
--log-format raw --quiet \ --log-format raw --quiet \
--out-link "$tmpdir/installer-$vm_name" --out-link "$tmpdir/installer-$vm_name"
# ls "$tmpdir/installer-$vm_name"
# ls "$tmpdir/installer-$vm_name/image.raw"
# shellcheck disable=SC2181 # shellcheck disable=SC2181
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
die 'Something went wrong when building ISO for VM %s. die 'Something went wrong when building ISO for VM %s.
@ -239,7 +280,8 @@ Check the Nix logs and fix things. Possibly there just is no NixOS configuration
"$vm_name" "$vm_name"
fi fi
ln -sf "$(ls "$tmpdir/installer-$vm_name"/iso/nixos-*.iso)" "$tmpdir/installer-$vm_name.iso" # ln -sf "$(ls "$tmpdir/installer-$vm_name"/iso/nixos-*.iso)" "$tmpdir/installer-$vm_name.iso"
ln -sf "$(ls "$tmpdir/installer-$vm_name"/image.raw)" "$tmpdir/installer-$vm_name.raw"
printf 'done building ISO for VM %s.\n' "$vm_name" printf 'done building ISO for VM %s.\n' "$vm_name"
release_lock build release_lock build
@ -253,8 +295,8 @@ upload_iso () {
printf 'Uploading ISO for VM %s...\n' "$vm_name" printf 'Uploading ISO for VM %s...\n' "$vm_name"
proxmox_sync POST "$api_url/nodes/$node/storage/local/upload" \ proxmox_sync POST "$api_url/nodes/$node/storage/local/upload" \
"filename@$tmpdir/installer-$vm_name.iso" \ "filename@$tmpdir/installer-$vm_name.raw" \
content==iso content==raw
printf 'done uploading ISO for VM %s.\n' "$vm_name" printf 'done uploading ISO for VM %s.\n' "$vm_name"
release_lock upload release_lock upload
@ -266,7 +308,7 @@ upload_iso () {
remove_iso () { remove_iso () {
printf 'Removing ISO for VM %s...\n' "$vm_name" printf 'Removing ISO for VM %s...\n' "$vm_name"
proxmox_sync DELETE "$api_url/nodes/$node/storage/local/content/local:iso/installer-$vm_name.iso" proxmox_sync DELETE "$api_url/nodes/$node/storage/local/content/local:iso/installer-$vm_name.raw"
printf 'done removing ISO for VM %s.\n' "$vm_name" printf 'done removing ISO for VM %s.\n' "$vm_name"
} }
@ -284,7 +326,7 @@ create_vm () {
pool==Fediversity \ pool==Fediversity \
description=="$description" \ description=="$description" \
\ \
ide2=="local:iso/installer-$vm_name.iso,media=cdrom" \ ide2=="local:iso/installer-$vm_name.raw,media=cdrom" \
ostype==l26 \ ostype==l26 \
\ \
bios==ovmf \ bios==ovmf \
@ -360,8 +402,13 @@ provision_vm () (
remove_iso remove_iso
) )
for vm_name in $vm_names; do # FIXME make vm_names a thing from $vm_name to $configuration?
provision_vm "$vm_name" & # for vm_name in $vm_names; do
# provision_vm "$vm_name" &
# done
for chunk in $vm_names; do
IFS=: read -r vm_name configuration <<< "$chunk"
provision_vm "$vm_name" "$configuration" &
done done
nb_errors=0 nb_errors=0

3
infra/proxmox-remove.sh
View file

@ -7,7 +7,7 @@ set -euC
## FIXME: There seems to be a problem with file upload where the task is ## FIXME: There seems to be a problem with file upload where the task is
## registered to `node051` no matter what node we are actually uploading to? For ## registered to `node051` no matter what node we are actually uploading to? For
## now, let us just use `node051` everywhere. ## now, let us just use `node051` everywhere.
readonly node=node051 node=node051
readonly tmpdir=/tmp/proxmox-remove-$RANDOM readonly tmpdir=/tmp/proxmox-remove-$RANDOM
mkdir $tmpdir mkdir $tmpdir
@ -59,6 +59,7 @@ while [ $# -gt 0 ]; do
--api-url|--api_url) readonly api_url="$1"; shift ;; --api-url|--api_url) readonly api_url="$1"; shift ;;
--username) readonly username=$1; shift ;; --username) readonly username=$1; shift ;;
--password) readonly password=$1; shift ;; --password) readonly password=$1; shift ;;
--node) readonly node="$1"; shift ;;
-h|-\?|--help) help; exit 0 ;; -h|-\?|--help) help; exit 0 ;;