kexec-installer: build variants

This commit is contained in:
Jörg Thalheim 2023-05-07 21:06:12 +02:00
parent 51155d8415
commit 470d1918ab
3 changed files with 120 additions and 97 deletions

View file

@ -22,7 +22,7 @@ build_netboot_image() {
build_kexec_installer() { build_kexec_installer() {
declare -r tag=$1 arch=$2 tmp=$3 variant=$4 declare -r tag=$1 arch=$2 tmp=$3 variant=$4
out=$(nix build --print-out-paths --option accept-flake-config true -L ".#packages.${arch}.kexec-installer-${tag//.}${variant}") out=$(nix build --print-out-paths --option accept-flake-config true -L ".#packages.${arch}.kexec-installer-${tag//.}${variant}")
echo "$out/nixos-kexec-installer-$arch.tar.gz" echo "$out/nixos-kexec-installer${variant}-$arch.tar.gz"
} }
main() { main() {

View file

@ -24,11 +24,23 @@
kexec-installer-nixos-unstable = kexec-installer nixos-unstable []; kexec-installer-nixos-unstable = kexec-installer nixos-unstable [];
kexec-installer-nixos-2211 = kexec-installer nixos-2211 []; kexec-installer-nixos-2211 = kexec-installer nixos-2211 [];
kexec-installer-nixos-unstable-noninteractive = kexec-installer nixos-unstable [ self.nixosModules.noninteractive ]; kexec-installer-nixos-unstable-noninteractive = kexec-installer nixos-unstable [
kexec-installer-nixos-2211-noninteractive = kexec-installer nixos-2211 [ self.nixosModules.noninteractive ]; { system.kexec-installer.name = "kexec-installer-noninteractive"; }
self.nixosModules.noninteractive
];
kexec-installer-nixos-2211-noninteractive = kexec-installer nixos-2211 [
{ system.kexec-installer.name = "kexec-installer-noninteractive"; }
self.nixosModules.noninteractive
];
kexec-installer-nixos-unstable-virtual-noninteractive = kexec-installer nixos-unstable [ self.nixosModules.noninteractive self.nixosModules.virtual ]; kexec-installer-nixos-unstable-virtual-noninteractive = kexec-installer nixos-unstable [
kexec-installer-nixos-2211-virtual-noninteractive = kexec-installer nixos-2211 [ self.nixosModules.noninteractive self.nixosModules.virtual ]; { system.kexec-installer.name = "kexec-installer-virtual-noninteractive"; }
self.nixosModules.noninteractive self.nixosModules.virtual
];
kexec-installer-nixos-2211-virtual-noninteractive = kexec-installer nixos-2211 [
{ system.kexec-installer.name = "kexec-installer-virtual-noninteractive"; }
self.nixosModules.noninteractive self.nixosModules.virtual
];
}); });
nixosModules = { nixosModules = {
kexec-installer = ./nix/kexec-installer/module.nix; kexec-installer = ./nix/kexec-installer/module.nix;

View file

@ -10,104 +10,115 @@ in {
imports = [ imports = [
(modulesPath + "/installer/netboot/netboot-minimal.nix") (modulesPath + "/installer/netboot/netboot-minimal.nix")
]; ];
options = {
# We are stateless, so just default to latest. system.kexec-installer.name = lib.mkOption {
system.stateVersion = config.system.nixos.version; type = lib.types.str;
default = "nixos-kexec-installer";
# This is a variant of the upstream kexecScript that also allows embedding description = ''
# a ssh key. The variant of the kexec installer to use.
system.build.kexecRun = pkgs.runCommand "kexec-run" {} '' '';
install -D -m 0755 ${./kexec-run.sh} $out
sed -i \
-e 's|@init@|${config.system.build.toplevel}/init|' \
-e 's|@kernelParams@|${lib.escapeShellArgs config.boot.kernelParams}|' \
$out
${pkgs.shellcheck}/bin/shellcheck $out
'';
system.build.kexecTarball = pkgs.runCommand "kexec-tarball" {} ''
mkdir kexec $out
cp "${config.system.build.netbootRamdisk}/initrd" kexec/initrd
cp "${config.system.build.kernel}/${config.system.boot.loader.kernelFile}" kexec/bzImage
cp "${config.system.build.kexecRun}" kexec/run
cp "${pkgs.pkgsStatic.kexec-tools}/bin/kexec" kexec/kexec
cp "${iprouteStatic}/bin/ip" kexec/ip
tar -czvf $out/nixos-kexec-installer-${pkgs.stdenv.hostPlatform.system}.tar.gz kexec
'';
# IPMI SOL console redirection stuff
boot.kernelParams =
[ "console=tty0" ] ++
(lib.optional (pkgs.stdenv.hostPlatform.isAarch32 || pkgs.stdenv.hostPlatform.isAarch64) "console=ttyAMA0,115200") ++
(lib.optional (pkgs.stdenv.hostPlatform.isRiscV) "console=ttySIF0,115200") ++
[ "console=ttyS0,115200" ];
documentation.enable = false;
# Not really needed. Saves a few bytes and the only service we are running is sshd, which we want to be reachable.
networking.firewall.enable = false;
systemd.network.enable = true;
networking.dhcpcd.enable = false;
# for detection if we are on kexec
environment.etc.is_kexec.text = "true";
# for zapping of disko
environment.systemPackages = [
pkgs.jq
];
systemd.services.restore-network = {
before = [ "network-pre.target" ];
wants = [ "network-pre.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = [
"${restore-network} /root/network/addrs.json /root/network/routes-v4.json /root/network/routes-v6.json /etc/systemd/network"
];
}; };
};
unitConfig.ConditionPathExists = [ config = {
"/root/network/addrs.json" # We are stateless, so just default to latest.
"/root/network/routes-v4.json" system.stateVersion = config.system.nixos.version;
"/root/network/routes-v6.json"
# This is a variant of the upstream kexecScript that also allows embedding
# a ssh key.
system.build.kexecRun = pkgs.runCommand "kexec-run" {} ''
install -D -m 0755 ${./kexec-run.sh} $out
sed -i \
-e 's|@init@|${config.system.build.toplevel}/init|' \
-e 's|@kernelParams@|${lib.escapeShellArgs config.boot.kernelParams}|' \
$out
${pkgs.shellcheck}/bin/shellcheck $out
'';
system.build.kexecTarball = pkgs.runCommand "kexec-tarball" {} ''
mkdir kexec $out
cp "${config.system.build.netbootRamdisk}/initrd" kexec/initrd
cp "${config.system.build.kernel}/${config.system.boot.loader.kernelFile}" kexec/bzImage
cp "${config.system.build.kexecRun}" kexec/run
cp "${pkgs.pkgsStatic.kexec-tools}/bin/kexec" kexec/kexec
cp "${iprouteStatic}/bin/ip" kexec/ip
tar -czvf $out/${config.system.kexec-installer.name}-${pkgs.stdenv.hostPlatform.system}.tar.gz kexec
'';
# IPMI SOL console redirection stuff
boot.kernelParams =
[ "console=tty0" ] ++
(lib.optional (pkgs.stdenv.hostPlatform.isAarch32 || pkgs.stdenv.hostPlatform.isAarch64) "console=ttyAMA0,115200") ++
(lib.optional (pkgs.stdenv.hostPlatform.isRiscV) "console=ttySIF0,115200") ++
[ "console=ttyS0,115200" ];
documentation.enable = false;
# Not really needed. Saves a few bytes and the only service we are running is sshd, which we want to be reachable.
networking.firewall.enable = false;
systemd.network.enable = true;
networking.dhcpcd.enable = false;
# for detection if we are on kexec
environment.etc.is_kexec.text = "true";
# for zapping of disko
environment.systemPackages = [
pkgs.jq
]; ];
};
systemd.services.log-network-status = { systemd.services.restore-network = {
wantedBy = [ "multi-user.target" ]; before = [ "network-pre.target" ];
# No point in restarting this. We just need this after boot wants = [ "network-pre.target" ];
restartIfChanged = false; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
StandardOutput = "journal+console"; RemainAfterExit = true;
ExecStart = [ ExecStart = [
# Allow failures, so it still prints what interfaces we have even if we "${restore-network} /root/network/addrs.json /root/network/routes-v4.json /root/network/routes-v6.json /etc/systemd/network"
# not get online ];
"-${pkgs.systemd}/lib/systemd/systemd-networkd-wait-online" };
"${pkgs.iproute2}/bin/ip -c addr"
"${pkgs.iproute2}/bin/ip -c -6 route" unitConfig.ConditionPathExists = [
"${pkgs.iproute2}/bin/ip -c -4 route" "/root/network/addrs.json"
"/root/network/routes-v4.json"
"/root/network/routes-v6.json"
]; ];
}; };
};
# Restore ssh host and user keys if they are available. systemd.services.log-network-status = {
# This avoids warnings of unknown ssh keys. wantedBy = [ "multi-user.target" ];
boot.initrd.postMountCommands = '' # No point in restarting this. We just need this after boot
mkdir -m 700 -p /mnt-root/root/.ssh restartIfChanged = false;
mkdir -m 755 -p /mnt-root/etc/ssh
mkdir -m 755 -p /mnt-root/root/network serviceConfig = {
if [[ -f ssh/authorized_keys ]]; then Type = "oneshot";
install -m 400 ssh/authorized_keys /mnt-root/root/.ssh StandardOutput = "journal+console";
fi ExecStart = [
install -m 400 ssh/ssh_host_* /mnt-root/etc/ssh # Allow failures, so it still prints what interfaces we have even if we
cp *.json /mnt-root/root/network/ # not get online
''; "-${pkgs.systemd}/lib/systemd/systemd-networkd-wait-online"
"${pkgs.iproute2}/bin/ip -c addr"
"${pkgs.iproute2}/bin/ip -c -6 route"
"${pkgs.iproute2}/bin/ip -c -4 route"
];
};
};
# Restore ssh host and user keys if they are available.
# This avoids warnings of unknown ssh keys.
boot.initrd.postMountCommands = ''
mkdir -m 700 -p /mnt-root/root/.ssh
mkdir -m 755 -p /mnt-root/etc/ssh
mkdir -m 755 -p /mnt-root/root/network
if [[ -f ssh/authorized_keys ]]; then
install -m 400 ssh/authorized_keys /mnt-root/root/.ssh
fi
install -m 400 ssh/ssh_host_* /mnt-root/etc/ssh
cp *.json /mnt-root/root/network/
'';
};
} }