From 3c28f1145f1474b64f72068760b45e3cc7b0822b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Fri, 16 Dec 2022 13:44:26 +0100 Subject: [PATCH 1/3] add images also to flake --- flake.lock | 44 ++++++++++++++++++++++++++++++++++++++++++++ flake.nix | 25 +++++++++++++++++++++++-- 2 files changed, 67 insertions(+), 2 deletions(-) create mode 100644 flake.lock diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..5ff73c6 --- /dev/null +++ b/flake.lock @@ -0,0 +1,44 @@ +{ + "nodes": { + "nixos-2211": { + "locked": { + "lastModified": 1659446231, + "narHash": "sha256-hekabNdTdgR/iLsgce5TGWmfIDZ86qjPhxDg/8TlzhE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "eabc38219184cc3e04a974fe31857d8e0eac098d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-21.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixos-unstable": { + "locked": { + "lastModified": 1671179347, + "narHash": "sha256-EaGqNC5HtvhXi+LVg2dW3EhKomVz4TijyylCTSwEel8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "f0c1df314b7b5fc64603bb07a50759267b285149", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixos-2211": "nixos-2211", + "nixos-unstable": "nixos-unstable" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix index 850f547..1957a51 100644 --- a/flake.nix +++ b/flake.nix @@ -1,7 +1,28 @@ { description = "NixOS images"; - outputs = { self }: { - nixosModules.kexec-installer = ./nix/kexec-installer/module.nix; + inputs.nixos-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small"; + inputs.nixos-2211.url = "github:NixOS/nixpkgs/release-21.11"; + + nixConfig.extra-substituters = [ + "https://cache.garnix.io" + ]; + nixConfig.extra-trusted-public-keys = [ + "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" + ]; + + outputs = { self, nixos-unstable, nixos-2211 }: { + packages.x86_64-linux = let + netboot = nixpkgs: (import (nixpkgs + "/nixos/release.nix") {}).netboot.x86_64-linux; + in { + netboot-unstable = netboot nixos-unstable; + netboot-2211 = netboot nixos-2211; + }; + nixosModules.kexec-installer = import ./nix/kexec-installer/module.nix; + checks.x86_64-linux = { + kexec-installer-unstable = nixos-unstable.legacyPackages.x86_64-linux.callPackage ./nix/kexec-installer/test.nix {}; + # FIXME: broken + #kexec-installer-2211 = nixos-2211.legacyPackages.x86_64-linux.callPackage ./nix/kexec-installer/test.nix {}; + }; }; } From c81bcbc1a87a7f3a083f1d0ffec2d2a4de297d47 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Fri, 16 Dec 2022 13:45:54 +0100 Subject: [PATCH 2/3] kexec-installer-test: fix eval on 22.11 --- nix/kexec-installer/module.nix | 4 ++-- nix/kexec-installer/test.nix | 10 +++++++--- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/nix/kexec-installer/module.nix b/nix/kexec-installer/module.nix index f502d6a..e89c2cb 100644 --- a/nix/kexec-installer/module.nix +++ b/nix/kexec-installer/module.nix @@ -16,7 +16,7 @@ in { # This is a variant of the upstream kexecScript that also allows embedding # a ssh key. - system.build.kexecRun = lib.mkForce (pkgs.writeScript "kexec-run" '' + system.build.kexecRun = pkgs.writeScript "kexec-run" '' #!/usr/bin/env bash set -ex shopt -s nullglob @@ -72,7 +72,7 @@ in { # We will kexec in background so we can cleanly finish the script before the hosts go down. # This makes integration with tools like terraform easier. nohup bash -c "sleep 6 && '$SCRIPT_DIR/kexec' -e" & - ''); + ''; system.build.kexecTarball = pkgs.runCommand "kexec-tarball" {} '' mkdir kexec $out diff --git a/nix/kexec-installer/test.nix b/nix/kexec-installer/test.nix index 2d46285..a61919a 100644 --- a/nix/kexec-installer/test.nix +++ b/nix/kexec-installer/test.nix @@ -93,9 +93,13 @@ in makeTest' { ipv6Prefixes = [ { ipv6PrefixConfig = { Prefix = "2001:db8::/64"; AddressAutoconfiguration = true; OnLink = true; }; } ]; - ipv6RoutePrefixes = [ - { ipv6RoutePrefixConfig = { Route = "::/0"; LifetimeSec = 3600; }; } - ]; + # does not work in 22.11 + #ipv6RoutePrefixes = [ { ipv6RoutePrefixConfig = { Route = "::/0"; LifetimeSec = 3600; }; }]; + extraConfig = '' + [IPv6RoutePrefix] + Route = ::/0 + LifetimeSec = 3600 + ''; networkConfig = { DHCPServer = true; Address = "10.0.0.1/24"; From a28cf85a1ac7ce220f709a7c952dc9695e7c495f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Fri, 16 Dec 2022 15:02:37 +0100 Subject: [PATCH 3/3] mark networking as experimental for 22.11 --- README.md | 6 +++--- flake.nix | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index f63274d..7acb3e5 100644 --- a/README.md +++ b/README.md @@ -35,9 +35,9 @@ The kexec installer comes with the following features: - Re-uses ssh host keys from the sshd to not break `.ssh/known_hosts` - Authorized ssh keys are read from `/root/.ssh/authorized_keys`, `/root/.ssh/authorized_keys2` and `/etc/ssh/authorized_keys.d/root` -- Static ip addresses and routes are restored after reboot. Interface that had - dynamic addresses before are configured with DHCP and to accept prefixes from - ipv6 router advertisment. +- (experimental, only tested for nixos-unstable) Static ip addresses and routes + are restored after reboot. Interface that had dynamic addresses before are + configured with DHCP and to accept prefixes from ipv6 router advertisment The actual kexec happens with a slight delay (6s). This allows for easier diff --git a/flake.nix b/flake.nix index 1957a51..72e1dec 100644 --- a/flake.nix +++ b/flake.nix @@ -21,7 +21,7 @@ nixosModules.kexec-installer = import ./nix/kexec-installer/module.nix; checks.x86_64-linux = { kexec-installer-unstable = nixos-unstable.legacyPackages.x86_64-linux.callPackage ./nix/kexec-installer/test.nix {}; - # FIXME: broken + # networkd fails to set ipv6 gateway in 2211 #kexec-installer-2211 = nixos-2211.legacyPackages.x86_64-linux.callPackage ./nix/kexec-installer/test.nix {}; }; };