Compare commits

...

66 commits

Author SHA1 Message Date
1d4c4b7f6f
feat: add riscv64-linux image
Some checks failed
Build / images (nscloud-ubuntu-22.04-arm64-4x16, nixos-24.05) (push) Has been cancelled
Build / images (nscloud-ubuntu-22.04-arm64-4x16, nixos-unstable) (push) Has been cancelled
Build / images (ubuntu-latest, nixos-24.05) (push) Has been cancelled
Build / images (ubuntu-latest, nixos-unstable) (push) Has been cancelled
2024-10-23 21:46:19 +02:00
github-actions[bot]
a5fbf34b25 flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-stable':
    'github:NixOS/nixpkgs/c0b1da36f7c34a7146501f684e9ebdf15d2bebf8?narHash=sha256-WLxED18lodtQiayIPDE5zwAfkPJSjHJ35UhZ8h3cJUg%3D' (2024-10-14)
  → 'github:NixOS/nixpkgs/4eb33fe664af7b41a4c446f87d20c9a0a6321fa3?narHash=sha256-LDiPhQ3l%2BfBjRATNtnuDZsBS7hqoBtPkKBkhpoBHv3I%3D' (2024-10-17)
• Updated input 'nixos-unstable':
    'github:NixOS/nixpkgs/8f1d45587bd9af3dbf5146aa8a1347e20421597b?narHash=sha256-6sIuRVqVMHq9ZwcEVdpf2BuZeuLIUgvFznhIfsc75Jo%3D' (2024-10-16)
  → 'github:NixOS/nixpkgs/e3f55158e7587c5a5fdb0e86eb7ca4f455f0928f?narHash=sha256-3GNZr0V4b19RZ5mlyiY/4F8N2pzitvjDU6aHMWjAqLI%3D' (2024-10-20)
2024-10-21 01:29:42 +00:00
github-actions[bot]
3103f26e06 flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-stable':
    'github:NixOS/nixpkgs/a3f9ad65a0bf298ed5847629a57808b97e6e8077?narHash=sha256-u%2BrxA79a0lyhG%2Bu%2BoPBRtTDtzz8kvkc9a6SWSt9ekVc%3D' (2024-10-12)
  → 'github:NixOS/nixpkgs/c0b1da36f7c34a7146501f684e9ebdf15d2bebf8?narHash=sha256-WLxED18lodtQiayIPDE5zwAfkPJSjHJ35UhZ8h3cJUg%3D' (2024-10-14)
• Updated input 'nixos-unstable':
    'github:NixOS/nixpkgs/73057677e8557925e999ac54196423fa34418c24?narHash=sha256-CfPKX2yaHwTOpGqcul89N12zjRfZ8GOSxG24/Ao9BcQ%3D' (2024-10-13)
  → 'github:NixOS/nixpkgs/8f1d45587bd9af3dbf5146aa8a1347e20421597b?narHash=sha256-6sIuRVqVMHq9ZwcEVdpf2BuZeuLIUgvFznhIfsc75Jo%3D' (2024-10-16)
2024-10-17 01:03:56 +00:00
github-actions[bot]
2ae5d8c1d9 flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-stable':
    'github:NixOS/nixpkgs/1bfbbbe5bbf888d675397c66bfdb275d0b99361c?narHash=sha256-a0a0M1TmXMK34y3M0cugsmpJ4FJPT/xsblhpiiX1CXo%3D' (2024-10-07)
  → 'github:NixOS/nixpkgs/a3f9ad65a0bf298ed5847629a57808b97e6e8077?narHash=sha256-u%2BrxA79a0lyhG%2Bu%2BoPBRtTDtzz8kvkc9a6SWSt9ekVc%3D' (2024-10-12)
• Updated input 'nixos-unstable':
    'github:NixOS/nixpkgs/5633bcff0c6162b9e4b5f1264264611e950c8ec7?narHash=sha256-9UTxR8eukdg%2BXZeHgxW5hQA9fIKHsKCdOIUycTryeVw%3D' (2024-10-09)
  → 'github:NixOS/nixpkgs/73057677e8557925e999ac54196423fa34418c24?narHash=sha256-CfPKX2yaHwTOpGqcul89N12zjRfZ8GOSxG24/Ao9BcQ%3D' (2024-10-13)
2024-10-14 01:06:52 +00:00
Jörg Thalheim
74da633144
Merge pull request #296 from nix-community/disko-installer
add disko to all installer
2024-10-12 11:04:13 +02:00
Jörg Thalheim
dccb43ecc4 bump nixos-facter to 0.1.1 2024-10-12 10:51:15 +02:00
Jörg Thalheim
9892aba986 don't allow anonymous nixos modules
we always want _file
2024-10-12 10:50:42 +02:00
Jörg Thalheim
a20142faf9 add disko to all installer
Since disko is just some shell scripts it's comparable small and we can
easily embed this everywhere.
We can make use of this in our NixOS tutorials by providing nicer
images.
2024-10-12 10:50:17 +02:00
github-actions[bot]
d489f41dfa flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-stable':
    'github:NixOS/nixpkgs/ecbc1ca8ffd6aea8372ad16be9ebbb39889e55b6?narHash=sha256-PbDWAIjKJdlVg%2BqQRhzdSor04bAPApDqIv2DofTyynk%3D' (2024-10-06)
  → 'github:NixOS/nixpkgs/1bfbbbe5bbf888d675397c66bfdb275d0b99361c?narHash=sha256-a0a0M1TmXMK34y3M0cugsmpJ4FJPT/xsblhpiiX1CXo%3D' (2024-10-07)
• Updated input 'nixos-unstable':
    'github:NixOS/nixpkgs/ff0da78cfd41aa1784910ce1fea89119822013ce?narHash=sha256-E9JaDKGi21oUypH0P9881lbkhi6USNJ6XL2tFzU5uuE%3D' (2024-10-06)
  → 'github:NixOS/nixpkgs/5633bcff0c6162b9e4b5f1264264611e950c8ec7?narHash=sha256-9UTxR8eukdg%2BXZeHgxW5hQA9fIKHsKCdOIUycTryeVw%3D' (2024-10-09)
2024-10-10 01:04:07 +00:00
dependabot[bot]
88409f19c7 build(deps): bump cachix/install-nix-action from 29 to 30
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 29 to 30.
- [Release notes](https://github.com/cachix/install-nix-action/releases)
- [Commits](https://github.com/cachix/install-nix-action/compare/v29...v30)

---
updated-dependencies:
- dependency-name: cachix/install-nix-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-10-07 10:30:16 +00:00
github-actions[bot]
f63f58eecb flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-stable':
    'github:NixOS/nixpkgs/1719f27dd95fd4206afb9cec9f415b539978827e?narHash=sha256-9/79hjQc9%2BxyH%2BQxeMcRsA6hDyw6Z9Eo1/oxjvwirLk%3D' (2024-09-30)
  → 'github:NixOS/nixpkgs/ecbc1ca8ffd6aea8372ad16be9ebbb39889e55b6?narHash=sha256-PbDWAIjKJdlVg%2BqQRhzdSor04bAPApDqIv2DofTyynk%3D' (2024-10-06)
• Updated input 'nixos-unstable':
    'github:NixOS/nixpkgs/35d02934a17a4fdc53a8857826ed35f3694e5f1c?narHash=sha256-%2Bt0jCdN1AFWLpi%2BXwHK4r/Jp%2BpJfo9ePHIy%2B4/BUCI4%3D' (2024-10-02)
  → 'github:NixOS/nixpkgs/ff0da78cfd41aa1784910ce1fea89119822013ce?narHash=sha256-E9JaDKGi21oUypH0P9881lbkhi6USNJ6XL2tFzU5uuE%3D' (2024-10-06)
2024-10-07 01:39:04 +00:00
github-actions[bot]
c6d733b5cb flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-stable':
    'github:NixOS/nixpkgs/fbca5e745367ae7632731639de5c21f29c8744ed?narHash=sha256-40J9tW7Y794J7Uw4GwcAKlMxlX2xISBl6IBigo83ih8%3D' (2024-09-28)
  → 'github:NixOS/nixpkgs/1719f27dd95fd4206afb9cec9f415b539978827e?narHash=sha256-9/79hjQc9%2BxyH%2BQxeMcRsA6hDyw6Z9Eo1/oxjvwirLk%3D' (2024-09-30)
• Updated input 'nixos-unstable':
    'github:NixOS/nixpkgs/b5c4f45cfcaa5a44632c7119922987e131249cd2?narHash=sha256-3BhOfmcg9Pxjm/kU%2BIVYe76CvHL6zArK9ktlCJeP06E%3D' (2024-09-29)
  → 'github:NixOS/nixpkgs/35d02934a17a4fdc53a8857826ed35f3694e5f1c?narHash=sha256-%2Bt0jCdN1AFWLpi%2BXwHK4r/Jp%2BpJfo9ePHIy%2B4/BUCI4%3D' (2024-10-02)
2024-10-03 01:03:38 +00:00
dependabot[bot]
ab9c837ddc build(deps): bump cachix/install-nix-action from V28 to 29
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from V28 to 29. This release includes the previously tagged commit.
- [Release notes](https://github.com/cachix/install-nix-action/releases)
- [Commits](https://github.com/cachix/install-nix-action/compare/V28...v29)

---
updated-dependencies:
- dependency-name: cachix/install-nix-action
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-09-30 10:03:47 +00:00
github-actions[bot]
13ea1c6669 flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-stable':
    'github:NixOS/nixpkgs/944b2aea7f0a2d7c79f72468106bc5510cbf5101?narHash=sha256-NmcVhGElxDbmEWzgXsyAjlRhUus/nEqPC5So7BOJLUM%3D' (2024-09-20)
  → 'github:NixOS/nixpkgs/fbca5e745367ae7632731639de5c21f29c8744ed?narHash=sha256-40J9tW7Y794J7Uw4GwcAKlMxlX2xISBl6IBigo83ih8%3D' (2024-09-28)
• Updated input 'nixos-unstable':
    'github:NixOS/nixpkgs/179b6bce21525a3a9e725c08e6ed58d56da74825?narHash=sha256-bj9ch2QIF8jqBlPOVRnJygy1K7yWtvh8Lf7I/rsqG3A%3D' (2024-09-22)
  → 'github:NixOS/nixpkgs/b5c4f45cfcaa5a44632c7119922987e131249cd2?narHash=sha256-3BhOfmcg9Pxjm/kU%2BIVYe76CvHL6zArK9ktlCJeP06E%3D' (2024-09-29)
2024-09-30 01:06:01 +00:00
Jörg Thalheim
acd37edb64 nixos-facter: switch back to main 2024-09-26 17:10:53 +00:00
Jörg Thalheim
3e7978bab1
Merge pull request #287 from nix-community/nixos-facter
package nixos-facter for stable as well
2024-09-26 18:13:33 +02:00
Jörg Thalheim
eb2ad6029e drop nixlibs from test 2024-09-26 17:58:34 +02:00
Jörg Thalheim
74909c85db package nixos-facter for stable as well 2024-09-26 17:28:28 +02:00
Jörg Thalheim
65d9487002
Merge pull request #285 from nix-community/nixos-facter
fix python3 overrides
2024-09-24 22:39:06 +02:00
mergify[bot]
13b54e8e22
Merge branch 'main' into nixos-facter 2024-09-24 20:35:34 +00:00
Jörg Thalheim
f4b3c682cf kexec: switch to xz compressor for initrd 2024-09-24 22:34:07 +02:00
Jörg Thalheim
d8293de5be fix python3 overrides 2024-09-24 22:27:56 +02:00
Jörg Thalheim
debda57e91
Merge pull request #284 from nix-community/nixos-facter
kexec: Save more space by using python3 minimal
2024-09-24 21:59:25 +02:00
Jörg Thalheim
881fad4fe0 save more space by using python3 minimal 2024-09-24 21:55:47 +02:00
Jörg Thalheim
8650b1df8f actually including nixos-facter + nixos test 2024-09-24 16:12:56 +00:00
github-actions[bot]
1420644027 flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-stable':
    'github:NixOS/nixpkgs/086b448a5d54fd117f4dc2dee55c9f0ff461bdc1?narHash=sha256-2yV8nmYE1p9lfmLHhOCbYwQC/W8WYfGQABoGzJOb1JQ%3D' (2024-09-16)
  → 'github:NixOS/nixpkgs/944b2aea7f0a2d7c79f72468106bc5510cbf5101?narHash=sha256-NmcVhGElxDbmEWzgXsyAjlRhUus/nEqPC5So7BOJLUM%3D' (2024-09-20)
• Updated input 'nixos-unstable':
    'github:NixOS/nixpkgs/e88358265511d3a73b30dc6e4c15579844b35280?narHash=sha256-k/Ojv%2BMUDKUbj8JPd1MulJrf5BVz3jIUfrreMHbeTBE%3D' (2024-09-20)
  → 'github:NixOS/nixpkgs/179b6bce21525a3a9e725c08e6ed58d56da74825?narHash=sha256-bj9ch2QIF8jqBlPOVRnJygy1K7yWtvh8Lf7I/rsqG3A%3D' (2024-09-22)
2024-09-23 01:30:34 +00:00
Jörg Thalheim
776ee2484d
Merge pull request #281 from nix-community/zfs-latest
installer: add our own latestZfsCompatibleLinuxPackages
2024-09-22 17:59:21 +02:00
Jörg Thalheim
4de5aac8e9 improve selecting latest zfs kernel 2024-09-22 17:57:34 +02:00
Jörg Thalheim
4e105478ce installer: add our own latestZfsCompatibleLinuxPackages 2024-09-20 18:51:33 +02:00
Jörg Thalheim
830790e801 drop repl-flake feature 2024-09-20 10:41:39 +00:00
github-actions[bot]
8660853a74 flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-stable':
    'github:NixOS/nixpkgs/8f7492cce28977fbf8bd12c72af08b1f6c7c3e49?narHash=sha256-RuVXUwcYwaUeks6h3OLrEmg14z9aFXdWppTWPMTwdQw%3D' (2024-09-14)
  → 'github:NixOS/nixpkgs/086b448a5d54fd117f4dc2dee55c9f0ff461bdc1?narHash=sha256-2yV8nmYE1p9lfmLHhOCbYwQC/W8WYfGQABoGzJOb1JQ%3D' (2024-09-16)
• Updated input 'nixos-unstable':
    'github:NixOS/nixpkgs/513193ba87b70f4d4e4d892f43fac30af286861b?narHash=sha256-mDxHh5vQyBTjNKkp%2Bl1/WL6cEDOjxyEQxv2c%2Bdnw8Fg%3D' (2024-09-17)
  → 'github:NixOS/nixpkgs/75ac2a58e988a346960938ab16cea903a3cb053a?narHash=sha256-SiiWCVg/W8i6jvpgQj3NNd3YtV%2Bjfnn/t3Za7hfn1iE%3D' (2024-09-18)
2024-09-20 10:41:39 +00:00
Jörg Thalheim
6ccd248715
Merge pull request #280 from nix-community/mergify/zowoq/config-update
ci(Mergify): configuration update
2024-09-20 09:30:36 +02:00
zowoq
1d01357c59 ci(Mergify): configuration update
Signed-off-by: null <null>
2024-09-20 13:04:54 +10:00
Jörg Thalheim
9e7834cc3c
Merge pull request #278 from nix-community/nixos-facter
add nixos-facter to installer
2024-09-18 17:53:23 +02:00
Jörg Thalheim
dd5f75eec3 add boot tests for iso 2024-09-18 17:39:45 +02:00
Jörg Thalheim
28d4a57b3a add boot tests for iso image 2024-09-18 17:39:45 +02:00
Jörg Thalheim
8e077ae20b kexec-installer: use pkgs.testers to define test 2024-09-18 17:39:45 +02:00
Jörg Thalheim
41eb99f3cc remove obsolete garnix.yaml 2024-09-18 17:39:45 +02:00
Jörg Thalheim
0bd625f4eb add nixos-facter to installer 2024-09-18 17:39:45 +02:00
Jörg Thalheim
770a010bb7 fix ext4 support 2024-09-16 12:10:30 +00:00
dependabot[bot]
fcebbac471 build(deps): bump cachix/install-nix-action from V27 to 28
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from V27 to 28. This release includes the previously tagged commit.
- [Release notes](https://github.com/cachix/install-nix-action/releases)
- [Commits](https://github.com/cachix/install-nix-action/compare/V27...V28)

---
updated-dependencies:
- dependency-name: cachix/install-nix-action
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-09-16 10:22:15 +00:00
dependabot[bot]
e1478b5b78 build(deps): bump DeterminateSystems/update-flake-lock from 23 to 24
Bumps [DeterminateSystems/update-flake-lock](https://github.com/determinatesystems/update-flake-lock) from 23 to 24.
- [Release notes](https://github.com/determinatesystems/update-flake-lock/releases)
- [Commits](https://github.com/determinatesystems/update-flake-lock/compare/v23...v24)

---
updated-dependencies:
- dependency-name: DeterminateSystems/update-flake-lock
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-09-16 10:20:57 +00:00
zowoq
912b7dd7fb flake: unpin stable 2024-09-16 08:55:00 +00:00
Jörg Thalheim
51c98a9f32
Merge pull request #273 from usama8800/dev
Add requirement in README for secure boot off
2024-09-07 18:36:08 +02:00
Usama Ahsan
64c8ec1671
Update README.md 2024-09-07 10:27:29 +05:00
github-actions[bot]
1326aa0570 flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-unstable':
    'github:NixOS/nixpkgs/66a352a3f27a2eb2f27e42a13c6fe245d3be2b98?narHash=sha256-xXINAjCR8eTmp3AxZTk/PIH9nNoFNN0OM7MUw6eB7oQ%3D' (2024-09-02)
  → 'github:NixOS/nixpkgs/9b40840066f93767bb528810ea7dc9caacd8997f?narHash=sha256-YWbVeDERbIHAEQCtDtUunHYUNH31ReIdJIP8juXfdpM%3D' (2024-09-04)
2024-09-05 01:00:06 +00:00
Jörg Thalheim
e8b6d35f6e
Merge pull request #272 from nix-community/dhcp
Better dhcp support
2024-09-03 11:49:40 +02:00
Jörg Thalheim
b81c6e0ace default to root for autologin in nixos kexec image 2024-09-03 11:35:40 +02:00
Jörg Thalheim
23f987d2af add workaround for nvidia 2024-09-03 11:03:51 +02:00
Jörg Thalheim
b1e43cae8b add script to gets network restore locally 2024-09-03 09:56:08 +02:00
Jörg Thalheim
46cd291c60 avoid toplevel python script in nix-store
this will trigger a os.listdir() on the nix-store
2024-09-03 09:53:47 +02:00
Jörg Thalheim
db9119b88a try to restore previous ip lease 2024-09-03 09:53:47 +02:00
Jörg Thalheim
c89ec7f957 restore-routes: just join list once with newlines 2024-09-03 09:53:47 +02:00
Jörg Thalheim
73910674dc restore-routes: introduce more type-safety and split up networkd unit generation 2024-09-03 09:53:47 +02:00
Jörg Thalheim
d39dd6fb61 fix zfs on stable 2024-09-03 06:21:28 +00:00
github-actions[bot]
b733f0680a flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-stable':
    'github:NixOS/nixpkgs/4a92571f9207810b559c9eac203d1f4d79830073?narHash=sha256-%2BCHVZnTnIYRLYsARInHYoWkujzcRkLY/gXm3s5bE52o%3D' (2024-08-13)
  → 'github:NixOS/nixpkgs/c3d4ac725177c030b1e289015989da2ad9d56af0?narHash=sha256-sqLwJcHYeWLOeP/XoLwAtYjr01TISlkOfz%2BNG82pbdg%3D' (2024-08-15)
2024-08-19 00:55:34 +00:00
Jörg Thalheim
3e26bd9675 kexec-installer/test: remove deprecated routeconfig 2024-08-16 11:20:59 +00:00
Jörg Thalheim
8e24c42f09 installer: enable bcachefs support 2024-08-16 10:59:48 +00:00
Jörg Thalheim
46004f0663 bump nixos-unstable 2024-08-16 10:59:48 +00:00
Jörg Thalheim
077b2d2621 switch to zfsUnstable 2024-08-16 10:59:48 +00:00
github-actions[bot]
ae3cc85763 flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-stable':
    'github:NixOS/nixpkgs/a781ff33ae258bbcfd4ed6e673860c3e923bf2cc?narHash=sha256-oTK91aOlA/4IsjNAZGMEBz7Sq1zBS0Ltu4/nIQdYDOg%3D' (2024-08-10)
  → 'github:NixOS/nixpkgs/4a92571f9207810b559c9eac203d1f4d79830073?narHash=sha256-%2BCHVZnTnIYRLYsARInHYoWkujzcRkLY/gXm3s5bE52o%3D' (2024-08-13)
2024-08-15 00:53:12 +00:00
github-actions[bot]
9b5fc2fcca flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-stable':
    'github:NixOS/nixpkgs/883180e6550c1723395a3a342f830bfc5c371f6b?narHash=sha256-7ojM1KSk3mzutD7SkrdSflHXEujPvW1u7QuqWoTLXQU%3D' (2024-08-05)
  → 'github:NixOS/nixpkgs/a781ff33ae258bbcfd4ed6e673860c3e923bf2cc?narHash=sha256-oTK91aOlA/4IsjNAZGMEBz7Sq1zBS0Ltu4/nIQdYDOg%3D' (2024-08-10)
2024-08-12 00:55:48 +00:00
github-actions[bot]
617f2cb562 flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-stable':
    'github:NixOS/nixpkgs/a633d89c6dc9a2a8aae11813a62d7c58b2c0cc51?narHash=sha256-IRiJA0NVAoyaZeKZluwfb2DoTpBAj%2BFLI0KfybBeDU0%3D' (2024-08-03)
  → 'github:NixOS/nixpkgs/883180e6550c1723395a3a342f830bfc5c371f6b?narHash=sha256-7ojM1KSk3mzutD7SkrdSflHXEujPvW1u7QuqWoTLXQU%3D' (2024-08-05)
2024-08-08 01:09:57 +00:00
github-actions[bot]
89f487508f flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-stable':
    'github:NixOS/nixpkgs/cf05eeada35e122770c5c14add958790fcfcbef5?narHash=sha256-B2xRiC3NEJy/82ugtareBkRqEkPGpMyjaLxaR8LBxNs%3D' (2024-07-30)
  → 'github:NixOS/nixpkgs/a633d89c6dc9a2a8aae11813a62d7c58b2c0cc51?narHash=sha256-IRiJA0NVAoyaZeKZluwfb2DoTpBAj%2BFLI0KfybBeDU0%3D' (2024-08-03)
2024-08-05 01:00:15 +00:00
Jörg Thalheim
6dd73e10d7 noninteractive: simplify the nixos user creation 2024-08-02 08:38:17 +00:00
Jörg Thalheim
78065dbf9f fix sysusers in noninteractive case 2024-08-02 08:31:04 +00:00
21 changed files with 485 additions and 147 deletions

View file

@ -19,7 +19,7 @@ jobs:
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: cachix/install-nix-action@V27 - uses: cachix/install-nix-action@v30
with: with:
nix_path: nixpkgs=https://github.com/NixOS/nixpkgs/archive/nixpkgs-unstable.tar.gz nix_path: nixpkgs=https://github.com/NixOS/nixpkgs/archive/nixpkgs-unstable.tar.gz
- name: Build image - name: Build image

View file

@ -11,9 +11,9 @@ jobs:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Install Nix - name: Install Nix
uses: cachix/install-nix-action@V27 uses: cachix/install-nix-action@v30
- name: Update flake.lock - name: Update flake.lock
uses: DeterminateSystems/update-flake-lock@v23 uses: DeterminateSystems/update-flake-lock@v24
with: with:
pr-labels: | pr-labels: |
merge-queue merge-queue

View file

@ -1,7 +1,7 @@
queue_rules: queue_rules:
- name: default - name: default
merge_conditions: merge_conditions:
- check-success=buildbot/nix-eval - check-success=buildbot/nix-build
defaults: defaults:
actions: actions:
queue: queue:

View file

@ -11,10 +11,10 @@ Kexec is a mechanism in Linux to load a new kernel from a running Linux to
replace the current kernel. This is useful for booting the Nixos installer from replace the current kernel. This is useful for booting the Nixos installer from
existing Linux distributions, such as server provider that do not offer a NixOS existing Linux distributions, such as server provider that do not offer a NixOS
option. After running kexec, the NixOS installer exists only in memory. At the option. After running kexec, the NixOS installer exists only in memory. At the
time of writing, this requires at least 1GB of physical RAM (swap does not time of writing, this requires secure boot off in BIOS settings and at least 1GB
count) in the system. If not enough RAM is available, the initrd cannot be of physical RAM (swap does not count) in the system. If not enough RAM is available,
loaded. Because the NixOS runs only in RAM, users can reformat all the system's the initrd cannot be loaded. Because the NixOS runs only in RAM, users can reformat
discs to prepare for a new NixOS installation. all the system's discs to prepare for a new NixOS installation.
It can be booted as follows by running these commands as root: It can be booted as follows by running these commands as root:

View file

@ -2,11 +2,11 @@
"nodes": { "nodes": {
"nixos-stable": { "nixos-stable": {
"locked": { "locked": {
"lastModified": 1721409541, "lastModified": 1729181673,
"narHash": "sha256-b6PLr0Ty7JPDBtJtjnYzlBf02bbH9alWMAgispMkTwk=", "narHash": "sha256-LDiPhQ3l+fBjRATNtnuDZsBS7hqoBtPkKBkhpoBHv3I=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "0c53b6b8c2a3e46c68e04417e247bba660689c9d", "rev": "4eb33fe664af7b41a4c446f87d20c9a0a6321fa3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -18,11 +18,11 @@
}, },
"nixos-unstable": { "nixos-unstable": {
"locked": { "locked": {
"lastModified": 1721571961, "lastModified": 1729450260,
"narHash": "sha256-jfF4gpRUpTBY2OxDB0FRySsgNGOiuDckEtu7YDQom3Y=", "narHash": "sha256-3GNZr0V4b19RZ5mlyiY/4F8N2pzitvjDU6aHMWjAqLI=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "4cc8b29327bed3d52b40041f810f49734298af46", "rev": "e3f55158e7587c5a5fdb0e86eb7ca4f455f0928f",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -9,38 +9,41 @@
outputs = { self, nixos-unstable, nixos-stable }: outputs = { self, nixos-unstable, nixos-stable }:
let let
supportedSystems = [ "aarch64-linux" "x86_64-linux" ]; supportedSystems = [ "riscv64-linux" ];
forAllSystems = nixos-unstable.lib.genAttrs supportedSystems; forAllSystems = nixos-unstable.lib.genAttrs supportedSystems;
in in
{ {
hydraJobs = { inherit (self) checks; };
packages = forAllSystems (system: packages = forAllSystems (system:
let let
netboot = nixpkgs: (import (nixpkgs + "/nixos/release.nix") { }).netboot.${system}; netboot = nixpkgs: (import (nixpkgs + "/nixos/release.nix") { }).netboot.${system};
kexec-installer = nixpkgs: modules: (nixpkgs.legacyPackages.${system}.nixos (modules ++ [ self.nixosModules.kexec-installer ])).config.system.build.kexecTarball; kexec-installer = nixpkgs: module: (nixpkgs.legacyPackages.${system}.nixos [ module self.nixosModules.kexec-installer ]).config.system.build.kexecTarball;
netboot-installer = nixpkgs: (nixpkgs.legacyPackages.${system}.nixos [ self.nixosModules.netboot-installer ]).config.system.build.netboot; netboot-installer = nixpkgs: (nixpkgs.legacyPackages.${system}.nixos [ self.nixosModules.netboot-installer ]).config.system.build.netboot;
image-installer = nixpkgs: (nixpkgs.legacyPackages.${system}.nixos [ self.nixosModules.image-installer ]).config.system.build.isoImage; image-installer = nixpkgs: (nixpkgs.legacyPackages.${system}.nixos [ self.nixosModules.image-installer ]).config.system.build.isoImage;
in in
{ {
netboot-nixos-unstable = netboot nixos-unstable; netboot-nixos-unstable = netboot nixos-unstable;
netboot-nixos-stable = netboot nixos-stable; netboot-nixos-stable = netboot nixos-stable;
kexec-installer-nixos-unstable = kexec-installer nixos-unstable [ ]; kexec-installer-nixos-unstable = kexec-installer nixos-unstable {};
kexec-installer-nixos-stable = kexec-installer nixos-stable [ ]; kexec-installer-nixos-stable = kexec-installer nixos-stable {};
image-installer-nixos-unstable = image-installer nixos-unstable; image-installer-nixos-unstable = image-installer nixos-unstable;
image-installer-nixos-stable = image-installer nixos-stable; image-installer-nixos-stable = image-installer nixos-stable;
kexec-installer-nixos-unstable-noninteractive = kexec-installer nixos-unstable [ kexec-installer-nixos-unstable-noninteractive = kexec-installer nixos-unstable {
{ _file = __curPos.file;
system.kexec-installer.name = "nixos-kexec-installer-noninteractive"; system.kexec-installer.name = "nixos-kexec-installer-noninteractive";
} imports = [
self.nixosModules.noninteractive self.nixosModules.noninteractive
]; ];
kexec-installer-nixos-stable-noninteractive = kexec-installer nixos-stable [ };
{ kexec-installer-nixos-stable-noninteractive = kexec-installer nixos-stable {
system.kexec-installer.name = "nixos-kexec-installer-noninteractive"; _file = __curPos.file;
} system.kexec-installer.name = "nixos-kexec-installer-noninteractive";
self.nixosModules.noninteractive imports = [
]; self.nixosModules.noninteractive
];
};
netboot-installer-nixos-unstable = netboot-installer nixos-unstable; netboot-installer-nixos-unstable = netboot-installer nixos-unstable;
netboot-installer-nixos-stable = netboot-installer nixos-stable; netboot-installer-nixos-stable = netboot-installer nixos-stable;
@ -58,24 +61,25 @@
packages = forAllSystems (system: nixos-unstable.lib.mapAttrs' (n: nixos-unstable.lib.nameValuePair "package-${n}") self.packages.${system}); packages = forAllSystems (system: nixos-unstable.lib.mapAttrs' (n: nixos-unstable.lib.nameValuePair "package-${n}") self.packages.${system});
checks = checks =
let let
pkgs = nixos-unstable.legacyPackages.x86_64-linux; pkgsUnstable = nixos-unstable.legacyPackages.riscv64-linux;
pkgsStable = nixos-stable.legacyPackages.riscv64-linux;
bootTests = pkgs: channel: suffix: pkgs.lib.mapAttrs' (name: pkgs.lib.nameValuePair "${name}${suffix}") (pkgs.callPackages ./nix/image-installer/tests.nix {
nixpkgs = channel;
nixosModules = self.nixosModules;
});
in in
{ {
kexec-installer-unstable = pkgs.callPackage ./nix/kexec-installer/test.nix { kexec-installer-unstable = pkgsUnstable.callPackage ./nix/kexec-installer/test.nix {
kexecTarball = self.packages.x86_64-linux.kexec-installer-nixos-unstable-noninteractive; kexecTarball = self.packages.riscv64-linux.kexec-installer-nixos-unstable-noninteractive;
}; };
shellcheck = pkgs.runCommand "shellcheck"
{ kexec-installer-stable = nixos-stable.legacyPackages.riscv64-linux.callPackage ./nix/kexec-installer/test.nix {
nativeBuildInputs = [ pkgs.shellcheck ]; kexecTarball = self.packages.riscv64-linux.kexec-installer-nixos-stable-noninteractive;
} ''
shellcheck ${(pkgs.nixos [self.nixosModules.kexec-installer]).config.system.build.kexecRun}
touch $out
'';
kexec-installer-stable = nixos-stable.legacyPackages.x86_64-linux.callPackage ./nix/kexec-installer/test.nix {
kexecTarball = self.packages.x86_64-linux.kexec-installer-nixos-stable-noninteractive;
}; };
}; } // (bootTests pkgsUnstable nixos-unstable "-nixos-unstable")
// (bootTests pkgsStable nixos-stable "-nixos-stable");
in in
nixos-unstable.lib.recursiveUpdate packages { x86_64-linux = checks; }; nixos-unstable.lib.recursiveUpdate packages { riscv64-linux = checks; };
}; };
} }

View file

@ -1,5 +0,0 @@
builds:
include:
- '*.x86_64-linux.*'
- '*.aarch64-linux.*'
- nixosConfigurations.*

View file

@ -40,8 +40,9 @@ in
imports = [ imports = [
(modulesPath + "/installer/cd-dvd/installation-cd-base.nix") (modulesPath + "/installer/cd-dvd/installation-cd-base.nix")
../installer.nix ../installer.nix
./wifi.nix ../noveau-workaround.nix
./hidden-ssh-announcement.nix ./hidden-ssh-announcement.nix
./wifi.nix
]; ];
systemd.tmpfiles.rules = [ "d /var/shared 0777 root root - -" ]; systemd.tmpfiles.rules = [ "d /var/shared 0777 root root - -" ];
services.openssh.settings.PermitRootLogin = "yes"; services.openssh.settings.PermitRootLogin = "yes";

View file

@ -0,0 +1,105 @@
{
pkgs,
lib,
nixpkgs,
nixos,
nixosModules,
}:
let
testConfig = (
nixos [
(
{ modulesPath, ... }:
{
imports = [
nixosModules.image-installer
"${modulesPath}/testing/test-instrumentation.nix"
];
}
)
]
);
iso = testConfig.config.system.build.isoImage;
mkStartCommand =
{
memory ? 2048,
cdrom ? null,
usb ? null,
uefi ? false,
extraFlags ? [ ],
}:
let
qemu-common = import (nixpkgs + "/nixos/lib/qemu-common.nix") { inherit lib pkgs; };
qemu = qemu-common.qemuBinary pkgs.qemu_test;
flags =
[
"-m"
(toString memory)
"-netdev"
"user,id=net0"
"-device"
"virtio-net-pci,netdev=net0"
]
++ lib.optionals (cdrom != null) [
"-cdrom"
cdrom
]
++ lib.optionals (usb != null) [
"-device"
"usb-ehci"
"-drive"
"id=usbdisk,file=${usb},if=none,readonly"
"-device"
"usb-storage,drive=usbdisk"
]
++ lib.optionals uefi [
"-drive"
"if=pflash,format=raw,unit=0,readonly=on,file=${pkgs.OVMF.firmware}"
"-drive"
"if=pflash,format=raw,unit=1,readonly=on,file=${pkgs.OVMF.variables}"
]
++ extraFlags;
flagsStr = lib.concatStringsSep " " flags;
in
"${qemu} ${flagsStr}";
makeBootTest =
name: config:
let
startCommand = mkStartCommand config;
in
pkgs.testers.runNixOSTest {
name = "boot-${name}";
nodes = { };
testScript = ''
machine = create_machine("${startCommand}")
machine.start()
machine.wait_for_unit("multi-user.target")
machine.succeed("nix store verify --no-trust -r --option experimental-features nix-command /run/current-system")
machine.shutdown()
'';
};
in
{
uefi-cdrom = makeBootTest "uefi-cdrom" {
uefi = true;
cdrom = "${iso}/iso/nixos-installer-${pkgs.hostPlatform.system}.iso";
};
uefi-usb = makeBootTest "uefi-usb" {
uefi = true;
usb = "${iso}/iso/nixos-installer-${pkgs.hostPlatform.system}.iso";
};
bios-cdrom = makeBootTest "bios-cdrom" {
cdrom = "${iso}/iso/nixos-installer-${pkgs.hostPlatform.system}.iso";
};
bios-usb = makeBootTest "bios-usb" {
usb = "${iso}/iso/nixos-installer-${pkgs.hostPlatform.system}.iso";
};
}

View file

@ -5,17 +5,21 @@
... ...
}: }:
{ {
imports = [
# ./latest-zfs-kernel.nix
./nix-settings.nix
];
# more descriptive hostname than just "nixos" # more descriptive hostname than just "nixos"
networking.hostName = lib.mkDefault "nixos-installer"; networking.hostName = lib.mkDefault "nixos-installer";
# We are stateless, so just default to latest. # We are stateless, so just default to latest.
system.stateVersion = config.system.nixos.version; system.stateVersion = config.system.nixos.version;
# Enable bcachefs support
boot.supportedFilesystems.bcachefs = lib.mkDefault true;
# use latest kernel we can support to get more hardware support # use latest kernel we can support to get more hardware support
boot.kernelPackages = # boot.zfs.package = pkgs.zfsUnstable;
lib.mkDefault
(pkgs.zfs.override { removeLinuxDRM = pkgs.hostPlatform.isAarch64; }).latestCompatibleLinuxPackages;
boot.zfs.removeLinuxDRM = lib.mkDefault pkgs.hostPlatform.isAarch64;
documentation.enable = false; documentation.enable = false;
documentation.man.man-db.enable = false; documentation.man.man-db.enable = false;
@ -29,10 +33,11 @@
pkgs.jq pkgs.jq
# for copying extra files of nixos-anywhere # for copying extra files of nixos-anywhere
pkgs.rsync pkgs.rsync
]; # alternative to nixos-generate-config
# TODO: use nixpkgs again after next nixos release
(pkgs.callPackage ./nixos-facter.nix {})
imports = [ pkgs.disko
./nix-settings.nix
]; ];
# Don't add nixpkgs to the image to save space, for our intended use case we don't need it # Don't add nixpkgs to the image to save space, for our intended use case we don't need it

View file

@ -0,0 +1,26 @@
#!/usr/bin/env -S nix shell --inputs-from .# nixos-unstable#bash nixos-unstable#iproute2 nixos-unstable#findutils nixos-unstable#coreutils nixos-unstable#python3 nixos-unstable#jq --command bash
set -eu
SCRIPT_DIR=$(dirname "$(readlink -f "$0")")
# This script can be used to see what network configuration would be restored by the restore_routes.py script for the current system.
tmp=$(mktemp -d)
trap "rm -rf $tmp" EXIT
ip --json address >"$tmp/addrs.json"
ip -6 --json route >"$tmp/routes-v6.json"
ip -4 --json route >"$tmp/routes-v4.json"
python3 "$SCRIPT_DIR/restore_routes.py" "$tmp/addrs.json" "$tmp/routes-v4.json" "$tmp/routes-v6.json" "$tmp"
ls -la "$tmp"
find "$tmp" -type f -name "*.json" -print0 | while IFS= read -r -d '' file; do
echo -e "\033[0;31m$(basename "$file")\033[0m"
jq . "$file"
echo ""
done
find "$tmp" -type f -name "*.network" -print0 | while IFS= read -r -d '' file; do
echo -e "\033[0;31m$(basename "$file")\033[0m"
cat "$file"
echo ""
done

View file

@ -1,7 +1,14 @@
{ config, lib, modulesPath, pkgs, ... }: { config, lib, modulesPath, pkgs, ... }:
let let
restore-network = pkgs.writers.writePython3 "restore-network" { flakeIgnore = [ "E501" ]; } writePython3 = pkgs.writers.makePythonWriter
./restore_routes.py; pkgs.python3Minimal pkgs.python3Packages pkgs.buildPackages.python3Packages;
# writePython3Bin takes the same arguments as writePython3 but outputs a directory (like writeScriptBin)
writePython3Bin = name: writePython3 "/bin/${name}";
restore-network = writePython3Bin "restore-network" {
flakeIgnore = [ "E501" ];
} ./restore_routes.py;
# does not link with iptables enabled # does not link with iptables enabled
iprouteStatic = pkgs.pkgsStatic.iproute2.override { iptables = null; }; iprouteStatic = pkgs.pkgsStatic.iproute2.override { iptables = null; };
@ -14,6 +21,7 @@ in
../serial.nix ../serial.nix
../restore-remote-access.nix ../restore-remote-access.nix
]; ];
options = { options = {
system.kexec-installer.name = lib.mkOption { system.kexec-installer.name = lib.mkOption {
type = lib.types.str; type = lib.types.str;
@ -25,6 +33,7 @@ in
}; };
config = { config = {
boot.initrd.compressor = "xz";
# This is a variant of the upstream kexecScript that also allows embedding # This is a variant of the upstream kexecScript that also allows embedding
# a ssh key. # a ssh key.
system.build.kexecRun = pkgs.runCommand "kexec-run" { } '' system.build.kexecRun = pkgs.runCommand "kexec-run" { } ''
@ -64,7 +73,7 @@ in
Type = "oneshot"; Type = "oneshot";
RemainAfterExit = true; RemainAfterExit = true;
ExecStart = [ ExecStart = [
"${restore-network} /root/network/addrs.json /root/network/routes-v4.json /root/network/routes-v6.json /etc/systemd/network" "${restore-network}/bin/restore-network /root/network/addrs.json /root/network/routes-v4.json /root/network/routes-v6.json /etc/systemd/network"
]; ];
}; };

View file

@ -1,34 +1,80 @@
import json import json
import sys import sys
from pathlib import Path from pathlib import Path
from typing import Any from typing import Any, Iterator
from dataclasses import dataclass
def filter_interfaces(network: list[dict[str, Any]]) -> list[dict[str, Any]]: @dataclass
output = [] class Address:
address: str
family: str
prefixlen: int
preferred_life_time: int = 0
valid_life_time: int = 0
@dataclass
class Interface:
name: str
ifname: str | None
mac_address: str
dynamic_addresses: list[Address]
static_addresses: list[Address]
static_routes: list[dict[str, Any]]
def filter_interfaces(network: list[dict[str, Any]]) -> list[Interface]:
interfaces = []
for net in network: for net in network:
if net.get("link_type") == "loopback": if net.get("link_type") == "loopback":
continue continue
if not net.get("address"): if not (mac_address := net.get("address")):
# We need a mac address to match devices reliable # We need a mac address to match devices reliable
continue continue
addr_info = [] static_addresses = []
has_dynamic_address = False dynamic_addresses = []
for addr in net.get("addr_info", []): for info in net.get("addr_info", []):
# no link-local ipv4/ipv6 # no link-local ipv4/ipv6
if addr.get("scope") == "link": if info.get("scope") == "link":
continue continue
# do not explicitly configure addresses from dhcp or router advertisement if (preferred_life_time := info.get("preferred_life_time")) is None:
if addr.get("dynamic", False): continue
has_dynamic_address = True if (valid_life_time := info.get("valid_life_time")) is None:
continue
if (prefixlen := info.get("prefixlen")) is None:
continue
if (family := info.get("family")) not in ["inet", "inet6"]:
continue
if (local := info.get("local")) is None:
continue
if (dynamic := info.get("dynamic", False)) is None:
continue continue
else:
addr_info.append(addr)
if addr_info != [] or has_dynamic_address:
net["addr_info"] = addr_info
output.append(net)
return output address = Address(
address=local,
family=family,
prefixlen=prefixlen,
preferred_life_time=preferred_life_time,
valid_life_time=valid_life_time,
)
if dynamic:
dynamic_addresses.append(address)
else:
static_addresses.append(address)
interfaces.append(
Interface(
name=net.get("ifname", mac_address.replace(":", "-")),
ifname=net.get("ifname"),
mac_address=mac_address,
dynamic_addresses=dynamic_addresses,
static_addresses=static_addresses,
static_routes=[],
)
)
return interfaces
def filter_routes(routes: list[dict[str, Any]]) -> list[dict[str, Any]]: def filter_routes(routes: list[dict[str, Any]]) -> list[dict[str, Any]]:
@ -42,44 +88,54 @@ def filter_routes(routes: list[dict[str, Any]]) -> list[dict[str, Any]]:
return filtered return filtered
def find_most_recent_v4_lease(addresses: list[Address]) -> Address | None:
most_recent_address = None
most_recent_lifetime = -1
for addr in addresses:
if addr.family == "inet6":
continue
lifetime = max(addr.preferred_life_time, addr.valid_life_time)
if lifetime > most_recent_lifetime:
most_recent_lifetime = lifetime
most_recent_address = addr
return most_recent_address
def generate_routes(
interface: Interface, routes: list[dict[str, Any]]
) -> Iterator[str]:
for route in routes:
if interface.ifname is None or route.get("dev") != interface.ifname:
continue
# we may ignore on-link default routes here, but I don't see how
# they would be useful for internet connectivity anyway
yield "[Route]"
if route.get("dst") != "default":
# can be skipped for default routes
yield f"Destination = {route['dst']}"
gateway = route.get("gateway")
# route v4 via v6
route_via = route.get("via")
if route_via and route_via.get("family") == "inet6":
gateway = route_via.get("host")
if route.get("dst") == "default":
yield "Destination = 0.0.0.0/0"
if gateway:
yield f"Gateway = {gateway}"
def generate_networkd_units( def generate_networkd_units(
interfaces: list[dict[str, Any]], routes: list[dict[str, Any]], directory: Path interfaces: list[Interface], routes: list[dict[str, Any]], directory: Path
) -> None: ) -> None:
directory.mkdir(exist_ok=True) directory.mkdir(exist_ok=True)
for interface in interfaces: for interface in interfaces:
name = f"00-{interface['ifname']}.network"
addresses = [
f"Address = {addr['local']}/{addr['prefixlen']}"
for addr in interface.get("addr_info", [])
]
route_sections = []
for route in routes:
if route.get("dev", "nodev") != interface.get("ifname", "noif"):
continue
route_section = "[Route]\n"
if route.get("dst") != "default":
# can be skipped for default routes
route_section += f"Destination = {route['dst']}\n"
gateway = route.get("gateway")
# route v4 via v6
route_via = route.get("via")
if route_via and route_via.get("family") == "inet6":
gateway = route_via.get("host")
if route.get("dst") == "default":
route_section += "Destination = 0.0.0.0/0\n"
if gateway:
route_section += f"Gateway = {gateway}\n"
# we may ignore on-link default routes here, but I don't see how
# they would be useful for internet connectivity anyway
route_sections.append(route_section)
# FIXME in some networks we might not want to trust dhcp or router advertisements # FIXME in some networks we might not want to trust dhcp or router advertisements
unit = f""" unit_sections = [
f"""
[Match] [Match]
MACAddress = {interface["address"]} MACAddress = {interface.mac_address}
[Network] [Network]
# both ipv4 and ipv6 # both ipv4 and ipv6
@ -89,12 +145,24 @@ LLDP = yes
# ipv6 router advertisements # ipv6 router advertisements
IPv6AcceptRA = yes IPv6AcceptRA = yes
# allows us to ping "nixos.local" # allows us to ping "nixos.local"
MulticastDNS = yes MulticastDNS = yes"""
]
unit_sections.extend(
f"Address = {addr.address}/{addr.prefixlen}"
for addr in interface.static_addresses
)
unit_sections.extend(generate_routes(interface, routes))
most_recent_v4_lease = find_most_recent_v4_lease(interface.dynamic_addresses)
if most_recent_v4_lease:
unit_sections.append("[DHCPv4]")
unit_sections.append(f"RequestAddress = {most_recent_v4_lease.address}")
""" # trailing newline at the end
unit += "\n".join(addresses) unit_sections.append("")
unit += "\n" + "\n".join(route_sections)
(directory / name).write_text(unit) (directory / f"00-{interface.name}.network").write_text(
"\n".join(unit_sections)
)
def main() -> None: def main() -> None:

View file

@ -1,25 +1,18 @@
{ pkgs { pkgs
, lib , lib
, kexecTarball , kexecTarball
, nixos-facter ? null
}: }:
let pkgs.testers.runNixOSTest {
makeTest = import (pkgs.path + "/nixos/tests/make-test-python.nix");
makeTest' = args: makeTest args {
inherit pkgs;
inherit (pkgs) system;
};
in
makeTest' {
name = "kexec-installer"; name = "kexec-installer";
meta = with pkgs.lib.maintainers; { meta = with pkgs.lib.maintainers; {
maintainers = [ mic92 ]; maintainers = [ mic92 ];
}; };
nodes = { nodes = {
node1 = { modulesPath, ... }: { node1 = { modulesPath, pkgs, ... }: {
virtualisation.vlans = [ ]; virtualisation.vlans = [ ];
environment.noXlibs = false; # avoid recompilation
imports = [ imports = [
(modulesPath + "/profiles/minimal.nix") (modulesPath + "/profiles/minimal.nix")
]; ];
@ -54,7 +47,13 @@ makeTest' {
"192.168.42.1/24" "192.168.42.1/24"
"42::1/64" "42::1/64"
]; ];
routes = [ routes = if pkgs.lib.versionAtLeast lib.version "24.11" then [
{ Destination = "192.168.43.0/24"; }
{ Destination = "192.168.44.0/24"; Gateway = "192.168.43.1"; }
{ Destination = "192.168.45.0/24"; Gateway = "43::1"; }
{ Destination = "43::0/64"; }
{ Destination = "44::1/64"; Gateway = "43::1"; }
] else [
# Some static routes that we want to see in the kexeced image # Some static routes that we want to see in the kexeced image
{ routeConfig = { Destination = "192.168.43.0/24"; }; } { routeConfig = { Destination = "192.168.43.0/24"; }; }
{ routeConfig = { Destination = "192.168.44.0/24"; Gateway = "192.168.43.1"; }; } { routeConfig = { Destination = "192.168.44.0/24"; Gateway = "192.168.43.1"; }; }
@ -66,10 +65,14 @@ makeTest' {
}; };
}; };
}; };
} // lib.optionalAttrs (lib.versionOlder lib.version "24.11pre") {
# avoid second overlay
environment.noXlibs = false;
}; };
}; };
testScript = /*python*/ '' testScript = /*python*/ ''
import json
import time import time
import subprocess import subprocess
import socket import socket
@ -164,6 +167,11 @@ makeTest' {
host = ssh(["hostname"], stdout=subprocess.PIPE).stdout.strip() host = ssh(["hostname"], stdout=subprocess.PIPE).stdout.strip()
assert host == "nixos-installer", f"hostname is {host}, not nixos-installer" assert host == "nixos-installer", f"hostname is {host}, not nixos-installer"
has_nixos_facter=${if nixos-facter != null then "True" else "False"}
if has_nixos_facter == True:
data = json.loads(ssh(["nixos-facter"], stdout=subprocess.PIPE).stdout)
assert data["virtualisation"] == "kvm", f"virtualisation is {data['virtualisation']}, not kvm"
host_ed25519_after = ssh(["cat", "/etc/ssh/ssh_host_ed25519_key.pub"], stdout=subprocess.PIPE).stdout.strip() host_ed25519_after = ssh(["cat", "/etc/ssh/ssh_host_ed25519_key.pub"], stdout=subprocess.PIPE).stdout.strip()
assert host_ed25519_before == host_ed25519_after, f"'{host_ed25519_before}' != '{host_ed25519_after}'" assert host_ed25519_before == host_ed25519_after, f"'{host_ed25519_before}' != '{host_ed25519_after}'"

26
nix/latest-zfs-kernel.nix Normal file
View file

@ -0,0 +1,26 @@
{
lib,
pkgs,
config,
...
}:
let
isUnstable = config.boot.zfs.package == pkgs.zfsUnstable;
zfsCompatibleKernelPackages = lib.filterAttrs (
name: kernelPackages:
(builtins.match "linux_[0-9]+_[0-9]+" name) != null
&& (builtins.tryEval kernelPackages).success
&& (
(!isUnstable && !kernelPackages.zfs.meta.broken)
|| (isUnstable && !kernelPackages.zfs_unstable.meta.broken)
)
) pkgs.linuxKernel.packages;
latestKernelPackage = lib.last (
lib.sort (a: b: (lib.versionOlder a.kernel.version b.kernel.version)) (builtins.attrValues zfsCompatibleKernelPackages)
);
in
{
# Note this might jump back and worth as kernel get added or removed.
boot.kernelPackages = latestKernelPackage;
}

View file

@ -5,11 +5,7 @@
nix.settings.connect-timeout = 5; nix.settings.connect-timeout = 5;
# Enable flakes # Enable flakes
nix.settings.experimental-features = [ nix.settings.experimental-features = [ "nix-command" "flakes" ];
"nix-command"
"flakes"
"repl-flake"
];
# The default at 10 is rarely enough. # The default at 10 is rarely enough.
nix.settings.log-lines = lib.mkDefault 25; nix.settings.log-lines = lib.mkDefault 25;

71
nix/nixos-facter.nix Normal file
View file

@ -0,0 +1,71 @@
{
lib,
buildGoModule,
fetchFromGitHub,
hwinfo,
libusb1,
gcc,
pkg-config,
util-linux,
pciutils,
stdenv,
}:
let
# We are waiting on some changes to be merged upstream: https://github.com/openSUSE/hwinfo/pulls
hwinfoOverride = hwinfo.overrideAttrs {
src = fetchFromGitHub {
owner = "numtide";
repo = "hwinfo";
rev = "a559f34934098d54096ed2078e750a8245ae4044";
hash = "sha256-3abkWPr98qXXQ17r1Z43gh2M5hl/DHjW2hfeWl+GSAs=";
};
};
in
buildGoModule rec {
pname = "nixos-facter";
version = "0.1.1";
src = fetchFromGitHub {
owner = "numtide";
repo = "nixos-facter";
rev = "v${version}";
hash = "sha256-vlPmvCrgX64dcf//BPtQszBt7dkq35JpgQg+/LW0AqM=";
};
vendorHash = "sha256-5leiTNp3FJmgFd0SKhu18hxYZ2G9SuQPhZJjki2SDVs=";
CGO_ENABLED = 1;
buildInputs = [
libusb1
hwinfoOverride
];
nativeBuildInputs = [
gcc
pkg-config
];
runtimeInputs = [
libusb1
util-linux
pciutils
];
ldflags = [
"-s"
"-w"
"-X git.numtide.com/numtide/nixos-facter/build.Name=nixos-facter"
"-X git.numtide.com/numtide/nixos-facter/build.Version=v${version}"
"-X github.com/numtide/nixos-facter/pkg/build.System=${stdenv.hostPlatform.system}"
];
meta = {
description = "Declarative hardware configuration for NixOS";
homepage = "https://github.com/numtide/nixos-facter";
license = lib.licenses.gpl3Plus;
maintainers = [ lib.maintainers.brianmcgee ];
mainProgram = "nixos-facter";
platforms = lib.platforms.linux;
};
}

View file

@ -10,8 +10,10 @@
]; ];
imports = [ imports = [
./zfs-minimal.nix # ./zfs-minimal.nix
./no-bootloaders.nix ./no-bootloaders.nix
./python-minimal.nix
./noveau-workaround.nix
# reduce closure size by removing perl # reduce closure size by removing perl
"${modulesPath}/profiles/perlless.nix" "${modulesPath}/profiles/perlless.nix"
# FIXME: we still are left with nixos-generate-config due to nixos-install-tools # FIXME: we still are left with nixos-generate-config due to nixos-install-tools
@ -28,10 +30,29 @@
programs.nano.enable = false; programs.nano.enable = false;
# prevents strace # prevents strace
environment.defaultPackages = lib.mkForce [ pkgs.rsync pkgs.parted pkgs.gptfdisk ]; environment.defaultPackages = lib.mkForce [
pkgs.rsync
pkgs.parted
pkgs.gptfdisk
pkgs.e2fsprogs
];
# normal users are not allowed with sys-users
# see https://github.com/NixOS/nixpkgs/pull/328926
users.users.nixos = {
isSystemUser = true;
isNormalUser = lib.mkForce false;
shell = "/run/current-system/sw/bin/bash";
group = "nixos";
};
users.groups.nixos = {};
# we prefer root as this is also what we use in nixos-anywhere
services.getty.autologinUser = lib.mkForce "root";
# we are missing this from base.nix # we are missing this from base.nix
boot.supportedFilesystems = [ boot.supportedFilesystems = [
"ext4"
"btrfs" "btrfs"
# probably not needed but does not seem to increase closure size # probably not needed but does not seem to increase closure size
"cifs" "cifs"

View file

@ -0,0 +1,4 @@
{
# fixes blank screen on boot for some cards
boot.kernelParams = [ "nouveau.modeset=0" ];
}

10
nix/python-minimal.nix Normal file
View file

@ -0,0 +1,10 @@
{
nixpkgs.overlays = [
(final: prev: {
bcachefs-tools = prev.bcachefs-tools.override { python3 = final.python3Minimal; };
cifs-utils = prev.cifs-utils.override { python3 = final.python3Minimal; };
nfs-utils = prev.nfs-utils.override { python3 = final.python3Minimal; };
talloc = prev.talloc.override { python3 = final.python3Minimal; };
})
];
}

View file

@ -1,9 +1,11 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
# incorperate a space-optimized version of zfs # incorperate a space-optimized version of zfs
let let
zfs = pkgs.zfs.override { zfs = pkgs.zfsUnstable.override {
# this overrides saves 10MB # this overrides saves 10MB
samba = pkgs.coreutils; samba = pkgs.coreutils;
python3 = pkgs.python3Minimal;
}; };
in in
{ {
@ -13,20 +15,7 @@ in
environment.defaultPackages = lib.mkForce [ zfs ]; # this merges with outer noninteractive module. environment.defaultPackages = lib.mkForce [ zfs ]; # this merges with outer noninteractive module.
boot.kernelModules = [ "zfs" ]; boot.kernelModules = [ "zfs" ];
boot.extraModulePackages = [ boot.extraModulePackages = [ config.boot.kernelPackages.zfs_unstable ];
(config.boot.kernelPackages.zfs.override {
inherit (config.boot.zfs) removeLinuxDRM;
})
];
boot.kernelPatches = lib.optional (config.boot.zfs.removeLinuxDRM && pkgs.stdenv.hostPlatform.system == "aarch64-linux") {
name = "export-neon-symbols-as-gpl";
patch = pkgs.fetchpatch {
url = "https://github.com/torvalds/linux/commit/aaeca98456431a8d9382ecf48ac4843e252c07b3.patch";
hash = "sha256-L2g4G1tlWPIi/QRckMuHDcdWBcKpObSWSRTvbHRIwIk=";
revert = true;
};
};
networking.hostId = lib.mkDefault "8425e349"; networking.hostId = lib.mkDefault "8425e349";
} }