commit
0c631c8212
5 changed files with 79 additions and 10 deletions
|
@ -35,9 +35,9 @@ The kexec installer comes with the following features:
|
||||||
|
|
||||||
- Re-uses ssh host keys from the sshd to not break `.ssh/known_hosts`
|
- Re-uses ssh host keys from the sshd to not break `.ssh/known_hosts`
|
||||||
- Authorized ssh keys are read from `/root/.ssh/authorized_keys`, `/root/.ssh/authorized_keys2` and `/etc/ssh/authorized_keys.d/root`
|
- Authorized ssh keys are read from `/root/.ssh/authorized_keys`, `/root/.ssh/authorized_keys2` and `/etc/ssh/authorized_keys.d/root`
|
||||||
- Static ip addresses and routes are restored after reboot. Interface that had
|
- (experimental, only tested for nixos-unstable) Static ip addresses and routes
|
||||||
dynamic addresses before are configured with DHCP and to accept prefixes from
|
are restored after reboot. Interface that had dynamic addresses before are
|
||||||
ipv6 router advertisment.
|
configured with DHCP and to accept prefixes from ipv6 router advertisment
|
||||||
|
|
||||||
|
|
||||||
The actual kexec happens with a slight delay (6s). This allows for easier
|
The actual kexec happens with a slight delay (6s). This allows for easier
|
||||||
|
|
44
flake.lock
Normal file
44
flake.lock
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
{
|
||||||
|
"nodes": {
|
||||||
|
"nixos-2211": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1659446231,
|
||||||
|
"narHash": "sha256-hekabNdTdgR/iLsgce5TGWmfIDZ86qjPhxDg/8TlzhE=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "eabc38219184cc3e04a974fe31857d8e0eac098d",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "release-21.11",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixos-unstable": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1671179347,
|
||||||
|
"narHash": "sha256-EaGqNC5HtvhXi+LVg2dW3EhKomVz4TijyylCTSwEel8=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "f0c1df314b7b5fc64603bb07a50759267b285149",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "nixos-unstable-small",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"root": {
|
||||||
|
"inputs": {
|
||||||
|
"nixos-2211": "nixos-2211",
|
||||||
|
"nixos-unstable": "nixos-unstable"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"root": "root",
|
||||||
|
"version": 7
|
||||||
|
}
|
25
flake.nix
25
flake.nix
|
@ -1,7 +1,28 @@
|
||||||
{
|
{
|
||||||
description = "NixOS images";
|
description = "NixOS images";
|
||||||
|
|
||||||
outputs = { self }: {
|
inputs.nixos-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small";
|
||||||
nixosModules.kexec-installer = ./nix/kexec-installer/module.nix;
|
inputs.nixos-2211.url = "github:NixOS/nixpkgs/release-21.11";
|
||||||
|
|
||||||
|
nixConfig.extra-substituters = [
|
||||||
|
"https://cache.garnix.io"
|
||||||
|
];
|
||||||
|
nixConfig.extra-trusted-public-keys = [
|
||||||
|
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
|
||||||
|
];
|
||||||
|
|
||||||
|
outputs = { self, nixos-unstable, nixos-2211 }: {
|
||||||
|
packages.x86_64-linux = let
|
||||||
|
netboot = nixpkgs: (import (nixpkgs + "/nixos/release.nix") {}).netboot.x86_64-linux;
|
||||||
|
in {
|
||||||
|
netboot-unstable = netboot nixos-unstable;
|
||||||
|
netboot-2211 = netboot nixos-2211;
|
||||||
|
};
|
||||||
|
nixosModules.kexec-installer = import ./nix/kexec-installer/module.nix;
|
||||||
|
checks.x86_64-linux = {
|
||||||
|
kexec-installer-unstable = nixos-unstable.legacyPackages.x86_64-linux.callPackage ./nix/kexec-installer/test.nix {};
|
||||||
|
# networkd fails to set ipv6 gateway in 2211
|
||||||
|
#kexec-installer-2211 = nixos-2211.legacyPackages.x86_64-linux.callPackage ./nix/kexec-installer/test.nix {};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,7 +16,7 @@ in {
|
||||||
|
|
||||||
# This is a variant of the upstream kexecScript that also allows embedding
|
# This is a variant of the upstream kexecScript that also allows embedding
|
||||||
# a ssh key.
|
# a ssh key.
|
||||||
system.build.kexecRun = lib.mkForce (pkgs.writeScript "kexec-run" ''
|
system.build.kexecRun = pkgs.writeScript "kexec-run" ''
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
set -ex
|
set -ex
|
||||||
shopt -s nullglob
|
shopt -s nullglob
|
||||||
|
@ -72,7 +72,7 @@ in {
|
||||||
# We will kexec in background so we can cleanly finish the script before the hosts go down.
|
# We will kexec in background so we can cleanly finish the script before the hosts go down.
|
||||||
# This makes integration with tools like terraform easier.
|
# This makes integration with tools like terraform easier.
|
||||||
nohup bash -c "sleep 6 && '$SCRIPT_DIR/kexec' -e" &
|
nohup bash -c "sleep 6 && '$SCRIPT_DIR/kexec' -e" &
|
||||||
'');
|
'';
|
||||||
|
|
||||||
system.build.kexecTarball = pkgs.runCommand "kexec-tarball" {} ''
|
system.build.kexecTarball = pkgs.runCommand "kexec-tarball" {} ''
|
||||||
mkdir kexec $out
|
mkdir kexec $out
|
||||||
|
|
|
@ -93,9 +93,13 @@ in makeTest' {
|
||||||
ipv6Prefixes = [
|
ipv6Prefixes = [
|
||||||
{ ipv6PrefixConfig = { Prefix = "2001:db8::/64"; AddressAutoconfiguration = true; OnLink = true; }; }
|
{ ipv6PrefixConfig = { Prefix = "2001:db8::/64"; AddressAutoconfiguration = true; OnLink = true; }; }
|
||||||
];
|
];
|
||||||
ipv6RoutePrefixes = [
|
# does not work in 22.11
|
||||||
{ ipv6RoutePrefixConfig = { Route = "::/0"; LifetimeSec = 3600; }; }
|
#ipv6RoutePrefixes = [ { ipv6RoutePrefixConfig = { Route = "::/0"; LifetimeSec = 3600; }; }];
|
||||||
];
|
extraConfig = ''
|
||||||
|
[IPv6RoutePrefix]
|
||||||
|
Route = ::/0
|
||||||
|
LifetimeSec = 3600
|
||||||
|
'';
|
||||||
networkConfig = {
|
networkConfig = {
|
||||||
DHCPServer = true;
|
DHCPServer = true;
|
||||||
Address = "10.0.0.1/24";
|
Address = "10.0.0.1/24";
|
||||||
|
|
Loading…
Reference in a new issue