emily/nixos-images
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Merge pull request #135 from nix-community/nixpkgs-upstream

Browse source 
switch back to nixpkgs upstream
This commit is contained in:
mergify[bot] 2023-11-02 09:54:17 +00:00 committed by GitHub
commit dd2e96b4a4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 46 additions and 34 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
build-images.sh
View file

@ -38,10 +38,8 @@ main() {
) | readarray -t assets ) | readarray -t assets
for asset in "${assets[@]}"; do for asset in "${assets[@]}"; do
pushd "$(dirname "$asset")" pushd "$(dirname "$asset")"
sha256sum "$(basename "$asset")" >>"$TMP/sha256sums"
popd popd
done done
assets+=("$TMP/sha256sums")
if ! gh release view "$tag"; then if ! gh release view "$tag"; then
gh release create --title "$tag (build $(date +"%Y-%m-%d"))" "$tag" gh release create --title "$tag (build $(date +"%Y-%m-%d"))" "$tag"

24
flake.lock
View file

@ -2,32 +2,32 @@
"nodes": { "nodes": {
"nixos-2305": { "nixos-2305": {
"locked": { "locked": {
"lastModified": 1691214239, "lastModified": 1698911509,
"narHash": "sha256-GcV1Ona0M8CpS0X6K9ZksWht9HUWXP+k4S0/zk02VmQ=", "narHash": "sha256-FFwqTbF+1laraWTL/t7LI+gN+DYfoj+iFYLof5wCea8=",
"owner": "Mic92", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "831724726ba052189092f52ae0774dd406d657bb", "rev": "ecd985f22e007e6ac3152d68590c06cbbaea8c0e",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "Mic92", "owner": "NixOS",
"ref": "netboot-fix-backport", "ref": "release-23.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixos-unstable": { "nixos-unstable": {
"locked": { "locked": {
"lastModified": 1691180400, "lastModified": 1698800439,
"narHash": "sha256-3XvIucYLBKM9xML1QH4fGSB9HFQ3me36ejJo9gTyuDE=", "narHash": "sha256-SrAwRi266j7U9XqCl0qPwsvcFiQ55iPXEK36ZX6QPjE=",
"owner": "Mic92", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "52a39dea62074a5d47001e86646f71dff78ffcad", "rev": "0ac7840a74c53b62f124e86fcde8cdd45f2bc131",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "Mic92", "owner": "NixOS",
"ref": "netboot-fix", "ref": "nixos-unstable-small",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }

6
flake.nix
View file

@ -1,10 +1,8 @@
{ {
description = "NixOS images"; description = "NixOS images";
# https://github.com/nix-community/nixos-images/pull/123 inputs.nixos-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small";
inputs.nixos-unstable.url = "github:Mic92/nixpkgs/netboot-fix"; inputs.nixos-2305.url = "github:NixOS/nixpkgs/release-23.05";
# https://github.com/NixOS/nixpkgs/pull/247279
inputs.nixos-2305.url = "github:Mic92/nixpkgs/netboot-fix-backport";
nixConfig.extra-substituters = [ nixConfig.extra-substituters = [
"https://cache.garnix.io" "https://cache.garnix.io"

2
nix/installer.nix
View file

@ -16,6 +16,7 @@
# Not really needed. Saves a few bytes and the only service we are running is sshd, which we want to be reachable. # Not really needed. Saves a few bytes and the only service we are running is sshd, which we want to be reachable.
networking.firewall.enable = false; networking.firewall.enable = false;
networking.useNetworkd = true;
systemd.network.enable = true; systemd.network.enable = true;
networking.dhcpcd.enable = false; networking.dhcpcd.enable = false;
@ -37,6 +38,7 @@
"${pkgs.iproute2}/bin/ip -c addr" "${pkgs.iproute2}/bin/ip -c addr"
"${pkgs.iproute2}/bin/ip -c -6 route" "${pkgs.iproute2}/bin/ip -c -6 route"
"${pkgs.iproute2}/bin/ip -c -4 route" "${pkgs.iproute2}/bin/ip -c -4 route"
"${pkgs.systemd}/bin/networkctl status"
]; ];
}; };
}; };

11
nix/kexec-installer/restore_routes.py
View file

@ -47,7 +47,7 @@ def generate_networkd_units(
) -> None: ) -> None:
directory.mkdir(exist_ok=True) directory.mkdir(exist_ok=True)
for interface in interfaces: for interface in interfaces:
name = f"{interface['ifname']}.network" name = f"00-{interface['ifname']}.network"
addresses = [ addresses = [
f"Address = {addr['local']}/{addr['prefixlen']}" f"Address = {addr['local']}/{addr['prefixlen']}"
for addr in interface.get("addr_info", []) for addr in interface.get("addr_info", [])
@ -76,8 +76,17 @@ def generate_networkd_units(
MACAddress = {interface["address"]} MACAddress = {interface["address"]}
[Network] [Network]
# both ipv4 and ipv6
DHCP = yes DHCP = yes
# link-local multicast name resolution
LLMNR = yes
# lets us discover the switch port we're connected to
LLDP = yes
# ipv6 router advertisements
IPv6AcceptRA = yes IPv6AcceptRA = yes
# allows us to ping "nixos.local"
MulticastDNS = yes
""" """
unit += "\n".join(addresses) unit += "\n".join(addresses)
unit += "\n" + "\n".join(route_sections) unit += "\n" + "\n".join(route_sections)

30
nix/kexec-installer/test.nix
View file

@ -33,10 +33,8 @@ makeTest' {
services.openssh.enable = true; services.openssh.enable = true;
networking = { networking.useNetworkd = true;
useNetworkd = true; networking.useDHCP = false;
useDHCP = false;
};
users.users.root.openssh.authorizedKeys.keyFiles = [ ./ssh-keys/id_ed25519.pub ]; users.users.root.openssh.authorizedKeys.keyFiles = [ ./ssh-keys/id_ed25519.pub ];
@ -52,7 +50,8 @@ makeTest' {
name = "eth0"; name = "eth0";
address = [ address = [
# Some static addresses that we want to see in the kexeced image # Some static addresses that we want to see in the kexeced image
"192.168.42.1/24" "42::1/64" "192.168.42.1/24"
"42::1/64"
]; ];
routes = [ routes = [
# Some static routes that we want to see in the kexeced image # Some static routes that we want to see in the kexeced image
@ -104,17 +103,17 @@ makeTest' {
def ssh(cmd: list[str], check: bool = True, stdout: Optional[int] = None) -> subprocess.CompletedProcess: def ssh(cmd: list[str], check: bool = True, stdout: Optional[int] = None) -> subprocess.CompletedProcess:
ssh_cmd = [ ssh_cmd = [
"${pkgs.openssh}/bin/ssh", "${pkgs.openssh}/bin/ssh",
"-o", "StrictHostKeyChecking=no", "-o", "StrictHostKeyChecking=no",
"-o", "ConnectTimeout=1", "-o", "ConnectTimeout=1",
"-i", "${./ssh-keys/id_ed25519}", "-i", "${./ssh-keys/id_ed25519}",
"-p", "2222", "-p", "2222",
"root@127.0.0.1", "root@127.0.0.1",
"--" "--"
] + cmd ] + cmd
print(" ".join(ssh_cmd)) print(" ".join(ssh_cmd))
return subprocess.run(ssh_cmd, return subprocess.run(ssh_cmd,
text=True, text=True,
check=check, check=check,
stdout=stdout) stdout=stdout)
@ -136,14 +135,19 @@ makeTest' {
node1.succeed('/root/kexec/run >&2') node1.succeed('/root/kexec/run >&2')
# wait for kexec to finish # wait for kexec to finish
while ssh(["true"], check=False).returncode == 0: while ssh(["true"], check=False).returncode == 0:
print("Waiting for kexec to finish...") print("Waiting for kexec to finish...")
time.sleep(1) time.sleep(1)
while ssh(["true"], check=False).returncode != 0: while ssh(["true"], check=False).returncode != 0:
print("Waiting for node2 to come up...") print("Waiting for node2 to come up...")
time.sleep(1) time.sleep(1)
while ssh(["systemctl is-active restore-network"], check=False).returncode != 0:
print("Waiting for network to be restored...")
time.sleep(1)
ssh(["systemctl", "status", "restore-network"])
print(ssh(["ip", "addr"])) print(ssh(["ip", "addr"]))
print(ssh(["ip", "route"])) print(ssh(["ip", "route"]))
print(ssh(["ip", "-6", "route"])) print(ssh(["ip", "-6", "route"]))
@ -160,7 +164,7 @@ makeTest' {
root_ed25519_after = ssh(["cat", "/root/.ssh/authorized_keys"], stdout=subprocess.PIPE).stdout.strip() root_ed25519_after = ssh(["cat", "/root/.ssh/authorized_keys"], stdout=subprocess.PIPE).stdout.strip()
assert root_ed25519_before in root_ed25519_after, f"'{root_ed25519_before}' not included in '{root_ed25519_after}'" assert root_ed25519_before in root_ed25519_after, f"'{root_ed25519_before}' not included in '{root_ed25519_after}'"
print(ssh(["cat", "/etc/systemd/network/eth0.network"])) print(ssh(["cat", "/etc/systemd/network/00-eth0.network"]))
ssh(["curl", "-v", "-I", f"http://10.0.2.2:{port}"]) ssh(["curl", "-v", "-I", f"http://10.0.2.2:{port}"])
ssh(["curl", "-v", "-I", f"http://[fec0::2]:{port}"]) ssh(["curl", "-v", "-I", f"http://[fec0::2]:{port}"])

1
nix/netboot-installer/installer.nix
View file

@ -0,0 +1 @@

4
nix/netboot-installer/module.nix
View file

@ -13,7 +13,7 @@
paths = with config.system.build; [ paths = with config.system.build; [
netbootRamdisk netbootRamdisk
kernel kernel
(pkgs.runCommand "kernel-params" {} '' (pkgs.runCommand "kernel-params" { } ''
mkdir -p $out mkdir -p $out
ln -s "${config.system.build.toplevel}/kernel-params" $out/kernel-params ln -s "${config.system.build.toplevel}/kernel-params" $out/kernel-params
ln -s "${config.system.build.toplevel}/init" $out/init ln -s "${config.system.build.toplevel}/init" $out/init
@ -27,7 +27,7 @@
DHCP = "yes"; DHCP = "yes";
LLMNR = "yes"; LLMNR = "yes";
EmitLLDP = "yes"; EmitLLDP = "yes";
IPv6AcceptRA = "no"; IPv6AcceptRA = "yes";
MulticastDNS = "yes"; MulticastDNS = "yes";
LinkLocalAddressing = "yes"; LinkLocalAddressing = "yes";
LLDP = "yes"; LLDP = "yes";