From 3e2e064af0e62a41f2e50e495f4acbc1172dd5c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Fri, 7 Jun 2024 10:25:52 +0200 Subject: [PATCH] upgrade to nixos 24.05 --- build-images.sh | 21 +++++++++++---------- flake.lock | 12 ++++++------ flake.nix | 18 +++++++++--------- nix/installer.nix | 5 ----- nix/restore-remote-access.nix | 19 +------------------ 5 files changed, 27 insertions(+), 48 deletions(-) diff --git a/build-images.sh b/build-images.sh index 60f4b76..d110ff0 100755 --- a/build-images.sh +++ b/build-images.sh @@ -5,8 +5,8 @@ set -xeuo pipefail shopt -s lastpipe build_netboot_image() { - declare -r tag=$1 arch=$2 tmp=$3 - img=$(nix build --print-out-paths --option accept-flake-config true -L ".#packages.${arch}.netboot-${tag//./}") + declare -r tag=$1 channel=$2 arch=$3 tmp=$4 + img=$(nix build --print-out-paths --option accept-flake-config true -L ".#packages.${arch}.netboot-${channel//./}") kernel=$(echo "$img"/*Image) kernelName=$(basename "$kernel") ln -s "$kernel" "$tmp/$kernelName-$arch" @@ -22,14 +22,14 @@ build_netboot_image() { } build_kexec_installer() { - declare -r tag=$1 arch=$2 tmp=$3 variant=$4 - out=$(nix build --print-out-paths --option accept-flake-config true -L ".#packages.${arch}.kexec-installer-${tag//./}${variant}") + declare -r channel=$1 arch=$2 tmp=$3 variant=$4 + out=$(nix build --print-out-paths --option accept-flake-config true -L ".#packages.${arch}.kexec-installer-${channel}${variant}") echo "$out/nixos-kexec-installer${variant}-$arch.tar.gz" } build_image_installer() { - declare -r tag=$1 arch=$2 tmp=$3 - out=$(nix build --print-out-paths --option accept-flake-config true -L ".#packages.${arch}.image-installer-${tag//./}") + declare -r channel=$1 arch=$2 tmp=$3 + out=$(nix build --print-out-paths --option accept-flake-config true -L ".#packages.${arch}.image-installer-${channel//./}") echo "$out/iso/nixos-installer-${arch}.iso" } @@ -38,10 +38,11 @@ main() { tmp="$(mktemp -d)" trap 'rm -rf -- "$tmp"' EXIT ( - build_kexec_installer "$tag" "$arch" "$tmp" "" - build_kexec_installer "$tag" "$arch" "$tmp" "-noninteractive" - build_netboot_image "$tag" "$arch" "$tmp" - build_image_installer "$tag" "$arch" "$tmp" + channel=$(if [[ "$tag" == nixos-unstable ]]; then echo "unstable"; else echo "stable"; fi) + build_kexec_installer "$channel" "$arch" "$tmp" "" + build_kexec_installer "$channel" "$arch" "$tmp" "-noninteractive" + build_netboot_image "$tag" "$channel" "$arch" "$tmp" + build_image_installer "$channel" "$arch" "$tmp" ) | readarray -t assets for asset in "${assets[@]}"; do pushd "$(dirname "$asset")" diff --git a/flake.lock b/flake.lock index 8c86279..4e53b5e 100644 --- a/flake.lock +++ b/flake.lock @@ -1,17 +1,17 @@ { "nodes": { - "nixos-2311": { + "nixos-stable": { "locked": { - "lastModified": 1717017538, - "narHash": "sha256-S5kltvDDfNQM3xx9XcvzKEOyN2qk8Sa+aSOLqZ+1Ujc=", + "lastModified": 1717555607, + "narHash": "sha256-WZ1s48OODmRJ3DHC+I/DtM3tDRuRJlNqMvxvAPTD7ec=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "64e468fd2652105710d86cd2ae3e65a5a6d58dec", + "rev": "0b8e7a1ae5a94da2e1ee3f3030a32020f6254105", "type": "github" }, "original": { "owner": "NixOS", - "ref": "release-23.11", + "ref": "nixos-24.05", "repo": "nixpkgs", "type": "github" } @@ -34,7 +34,7 @@ }, "root": { "inputs": { - "nixos-2311": "nixos-2311", + "nixos-stable": "nixos-stable", "nixos-unstable": "nixos-unstable" } } diff --git a/flake.nix b/flake.nix index d304612..2e7585e 100644 --- a/flake.nix +++ b/flake.nix @@ -2,12 +2,12 @@ description = "NixOS images"; inputs.nixos-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small"; - inputs.nixos-2311.url = "github:NixOS/nixpkgs/release-23.11"; + inputs.nixos-stable.url = "github:NixOS/nixpkgs/nixos-24.05"; nixConfig.extra-substituters = [ "https://numtide.cachix.org" ]; nixConfig.extra-trusted-public-keys = [ "numtide.cachix.org-1:2ps1kLBUWjxIneOy1Ik6cQjb41X0iXVXeHigGmycPPE=" ]; - outputs = { self, nixos-unstable, nixos-2311 }: + outputs = { self, nixos-unstable, nixos-stable }: let supportedSystems = [ "aarch64-linux" "x86_64-linux" ]; forAllSystems = nixos-unstable.lib.genAttrs supportedSystems; @@ -22,12 +22,12 @@ in { netboot-nixos-unstable = netboot nixos-unstable; - netboot-nixos-2311 = netboot nixos-2311; + netboot-nixos-stable = netboot nixos-stable; kexec-installer-nixos-unstable = kexec-installer nixos-unstable [ ]; - kexec-installer-nixos-2311 = kexec-installer nixos-2311 [ ]; + kexec-installer-nixos-stable = kexec-installer nixos-stable [ ]; image-installer-nixos-unstable = image-installer nixos-unstable; - image-installer-nixos-2311 = image-installer nixos-2311; + image-installer-nixos-stable = image-installer nixos-stable; kexec-installer-nixos-unstable-noninteractive = kexec-installer nixos-unstable [ { @@ -35,7 +35,7 @@ } self.nixosModules.noninteractive ]; - kexec-installer-nixos-2311-noninteractive = kexec-installer nixos-2311 [ + kexec-installer-nixos-stable-noninteractive = kexec-installer nixos-stable [ { system.kexec-installer.name = "nixos-kexec-installer-noninteractive"; } @@ -43,7 +43,7 @@ ]; netboot-installer-nixos-unstable = netboot-installer nixos-unstable; - netboot-installer-nixos-2311 = netboot-installer nixos-2311; + netboot-installer-nixos-stable = netboot-installer nixos-stable; }); nixosModules = { kexec-installer = ./nix/kexec-installer/module.nix; @@ -71,8 +71,8 @@ shellcheck ${(pkgs.nixos [self.nixosModules.kexec-installer]).config.system.build.kexecRun} touch $out ''; - kexec-installer-2311 = nixos-2311.legacyPackages.x86_64-linux.callPackage ./nix/kexec-installer/test.nix { - kexecTarball = self.packages.x86_64-linux.kexec-installer-nixos-2311-noninteractive; + kexec-installer-stable = nixos-stable.legacyPackages.x86_64-linux.callPackage ./nix/kexec-installer/test.nix { + kexecTarball = self.packages.x86_64-linux.kexec-installer-nixos-stable-noninteractive; }; }; in diff --git a/nix/installer.nix b/nix/installer.nix index dda3ffd..56a2ab1 100644 --- a/nix/installer.nix +++ b/nix/installer.nix @@ -5,10 +5,6 @@ modulesPath, ... }: -let - # can be dropped after 23.11 is removed - hasPerlless = builtins.pathExists "${modulesPath}/profiles/perlless.nix"; -in { # more descriptive hostname than just "nixos" networking.hostName = lib.mkDefault "nixos-installer"; @@ -36,7 +32,6 @@ in imports = [ ./nix-settings.nix # reduce closure size by removing perl - ] ++ lib.optionals hasPerlless [ "${modulesPath}/profiles/perlless.nix" # FIXME: we still are left with nixos-generate-config due to nixos-install-tools { system.forbiddenDependenciesRegexes = lib.mkForce []; } diff --git a/nix/restore-remote-access.nix b/nix/restore-remote-access.nix index 2f24272..c5fc80a 100644 --- a/nix/restore-remote-access.nix +++ b/nix/restore-remote-access.nix @@ -1,10 +1,6 @@ -{ lib, ... }: -let - is2405 = lib.versionAtLeast lib.version "24.05pre"; -in { # We have a bug in 23.11 in combination with netboot. - boot.initrd.systemd.enable = is2405; + boot.initrd.systemd.enable = true; boot.initrd.systemd.services.restore-state-from-initrd = { unitConfig = { DefaultDependencies = false; @@ -30,17 +26,4 @@ in fi ''; }; - boot.initrd.postMountCommands = lib.mkIf (!is2405) '' - mkdir -m 700 -p /mnt-root/root/.ssh - mkdir -m 755 -p /mnt-root/etc/ssh - mkdir -m 755 -p /mnt-root/root/network - if [[ -f ssh/authorized_keys ]]; then - install -m 400 ssh/authorized_keys /mnt-root/root/.ssh - fi - install -m 400 ssh/ssh_host_* /mnt-root/etc/ssh - cp *.json /mnt-root/root/network/ - if [[ -f machine-id ]]; then - cp machine-id /mnt-root/etc/machine-id - fi - ''; }