c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

Move flake packages into its own file

This commit is contained in:
Sandro - 2022-12-04 07:46:56 +01:00
parent f5e671befb
commit dcaecc7229
Signed by: sandro
GPG Key ID: 3AF5A43A3EECC2E5
2 changed files with 306 additions and 301 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

302
flake.nix
View File

@ -177,10 +177,6 @@
let
inherit (nixos) lib;
# all the input flakes for `nix copy` to the build machine,
# allowing --override-input
inputPaths = lib.escapeShellArgs (builtins.attrValues inputs);
extractZwHosts = { hosts4, hosts6, ... }:
lib.recursiveUpdate (
builtins.foldl' (result: name:
@ -205,16 +201,6 @@
};
extraHostRegistry.hosts = import ./host-registry.nix;
hostRegistry = lib.recursiveUpdate zwHostRegistry extraHostRegistry;
getHostAddr = name:
let
hostConf = hostRegistry.hosts."${name}";
in
if hostConf ? ip4
then hostConf.ip4
else if hostConf ? ip6
then hostConf.ip6
else throw "Host ${name} has no ip4 or ip6 address";
in {
overlay = import ./overlay {
inherit nixos-unstable;
@ -228,293 +214,7 @@
self.overlay
]) nixos.legacyPackages;
packages = lib.attrsets.mapAttrs (system: pkgs:
let overlayPkgs = builtins.intersectAttrs (self.overlay {} {}) pkgs;
in overlayPkgs //
{
host-registry = pkgs.runCommand "host-registry" {
src = builtins.toFile "host-registry.nix" (
lib.generators.toPretty {} hostRegistry
);
} ''
ln -s $src $out
'';
list-upgradable = pkgs.writeScriptBin "list-upgradable" ''
#! ${pkgs.runtimeShell}
NORMAL="\033[0m"
RED="\033[0;31m"
YELLOW="\033[0;33m"
GREEN="\033[0;32m"
${pkgs.lib.concatMapStringsSep "\n" (name:
let
addr = getHostAddr name;
in nixos.lib.optionalString (addr != null) ''
echo -n -e "${name}: $RED"
RUNNING=$(ssh -o PreferredAuthentications=publickey -o StrictHostKeyChecking=accept-new root@"${addr}" "readlink /run/current-system")
if [ $? = 0 ] && [ -n "$RUNNING" ]; then
CURRENT=$(nix eval --raw ".#nixosConfigurations.${name}.config.system.build.toplevel" 2>/dev/null)
RUNNING_VER=$(basename $RUNNING|rev|cut -d - -f 1|rev)
RUNNING_DATE=$(echo $RUNNING_VER|cut -d . -f 3)
CURRENT_VER=$(basename $CURRENT|rev|cut -d - -f 1|rev)
CURRENT_DATE=$(echo $CURRENT_VER|cut -d . -f 3)
if [ "$RUNNING" = "$CURRENT" ]; then
echo -e "$GREEN"current"$NORMAL $RUNNING_VER"
elif [ $RUNNING_DATE -gt $CURRENT_DATE ]; then
echo -e "$GREEN"newer"$NORMAL $RUNNING_VER > $CURRENT_VER"
elif [ "$RUNNING_VER" = "$CURRENT_VER" ]; then
echo -e "$YELLOW"modified"$NORMAL $RUNNING_VER"
elif [ -n "$RUNNING_VER" ]; then
echo -e "$RED"outdated"$NORMAL $RUNNING_VER < $CURRENT_VER"
else
echo -e "$RED"error"$NORMAL $RUNNING_VER"
fi
fi
echo -n -e "$NORMAL"
'') (builtins.attrNames self.nixosConfigurations)}
'';
prebuild-all = pkgs.runCommand "prebuild-all" {
preferLocalBuild = true;
} ''
mkdir $out
${pkgs.lib.concatMapStrings (name: ''
ln -s ${self.nixosConfigurations."${name}".config.system.build.toplevel} name
'') (builtins.attrNames self.nixosConfigurations)}
'';
prebuild-all-remote = pkgs.writeScriptBin "prebuild-all" ''
#!${pkgs.runtimeShell} -e
nix copy --no-check-sigs --to ssh-ng://$1 ${inputPaths}
set -x
ssh $1 -- nix build -L --no-link ${
pkgs.lib.concatMapStringsSep " " (name:
"${self}#nixosConfigurations.${name}.config.system.build.toplevel"
) (builtins.attrNames self.nixosConfigurations)
}
'';
} //
builtins.foldl' (result: host: result // {
# TODO: check if the ethernet address is reachable and if not,
# execute wol on a machine in HQ.
"${host}-wake" = pkgs.writeScriptBin "${host}-wake" ''
#!${pkgs.runtimeShell}
exec ${pkgs.wol}/bin/wol ${hostRegistry.hosts."${host}".ether}
'';
}) {} (builtins.attrNames (nixos.lib.filterAttrs (_: { wol ? false, ... }: wol) hostRegistry.hosts)) //
builtins.foldl' (result: name:
let
host = getHostAddr name;
target = ''root@"${host}"'';
rebuildArg = "--flake ${self}#${name} --option extra-substituters https://nix-serve.hq.c3d2.de";
hostConfig = self.nixosConfigurations."${name}".config;
# let /var/lib/microvm/*/flake point to the flake-update branch so that
# `microvm -u $NAME` updates to what hydra built today.
selfRef = "git+https://gitea.c3d2.de/c3d2/nix-config?ref=flake-update";
in result // {
# Generate a small script for copying this flake to the
# remote machine and bulding and switching there.
# Can be run with `nix run c3d2#…-nixos-rebuild switch`
"${name}-nixos-rebuild" = pkgs.writeScriptBin "${name}-nixos-rebuild" ''
#!${pkgs.runtimeShell} -ex
[[ $(ssh ${target} cat /etc/hostname) == ${name} ]]
nix copy --no-check-sigs --to ssh-ng://${target} ${inputPaths}
ssh ${target} nixos-rebuild ${rebuildArg} "$@"
'';
"${name}-nixos-rebuild-hydra" = pkgs.writeScriptBin "${name}-nixos-rebuild" ''
#!${pkgs.runtimeShell} -e
echo Copying Flakes
nix copy --no-check-sigs --to ssh-ng://root@hydra.serv.zentralwerk.org ${inputPaths}
echo Building on Hydra
ssh root@hydra.serv.zentralwerk.org -- \
nix build -L -o /tmp/nixos-system-${name} \
${self}#nixosConfigurations.${name}.config.system.build.toplevel
echo Built. Obtaining link to data
TOPLEVEL=$(ssh root@hydra.serv.zentralwerk.org \
readlink /tmp/nixos-system-${name})
echo Checking target ${name}
ssh ${target} -- bash -e <<EOF
[[ \$(cat /etc/hostname) == ${name} ]]
echo Copying data from Hydra to ${name}
nix copy --from https://nix-serve.hq.c3d2.de \
$TOPLEVEL
echo Activation on ${name}: "$@"
nix-env -p /nix/var/nix/profiles/system --set $TOPLEVEL
$TOPLEVEL/bin/switch-to-configuration "$@"
EOF
'';
"${name}-nixos-rebuild-local" = pkgs.writeScriptBin "${name}-nixos-rebuild" ''
#!${pkgs.runtimeShell} -ex
[[ $1 == build || $(ssh ${target} cat /etc/hostname) == ${name} ]]
${pkgs.nixos-rebuild}/bin/nixos-rebuild ${rebuildArg} --target-host ${target} --use-remote-sudo "$@"
'';
"${name}-cleanup" = pkgs.writeScriptBin "${name}-cleanup" ''
#!${pkgs.runtimeShell} -ex
ssh ${target} "time nix-collect-garbage -d && time nix-store --optimise"
'';
"microvm-update-${name}" = pkgs.writeScriptBin "microvm-update-${name}" ''
#!${pkgs.runtimeShell} -e
${lib.optionalString (! builtins.elem (hostConfig.c3d2.deployment.server or null) [ "server9" "server10" ]) ''
echo "MicroVM must be configured to proper server" >&2
exit 1
''}
${hostConfig.system.build.copyToServer} ${inputPaths}
${hostConfig.system.build.runOnServer} bash -e <<END
mkdir -p /var/lib/microvms/${name}
cd /var/lib/microvms/${name}
chown root:kvm .
chmod 0775 .
rm -f old
[ -e current ] && cp --no-dereference current old
nix build -L \
-o current \
${self}#nixosConfigurations.${name}.config.microvm.declaredRunner
echo '${selfRef}' > flake
[ -e old ] && nix store diff-closures ./old ./current
ln -sfT \$PWD/current /nix/var/nix/gcroots/microvm/${name}
ln -sfT \$PWD/booted /nix/var/nix/gcroots/microvm/booted-${name}
ln -sfT \$PWD/old /nix/var/nix/gcroots/microvm/old-${name}
systemctl restart microvm@${name}.service
END
'';
"microvm-update-${name}-local" = pkgs.writeScriptBin "microvm-update-${name}" ''
#!${pkgs.runtimeShell} -e
${lib.optionalString (! builtins.elem (hostConfig.c3d2.deployment.server or null) [ "server9" "server10" ]) ''
echo "MicroVM must be configured to proper server" >&2
exit 1
''}
${hostConfig.system.build.copyToServer} ${hostConfig.microvm.declaredRunner}
${hostConfig.system.build.runOnServer} bash -e <<END
mkdir -p /var/lib/microvms/${name}
cd /var/lib/microvms/${name}
chown root:kvm .
chmod 0775 .
rm -f old
[ -e current ] && cp --no-dereference current old
ln -sfT ${hostConfig.microvm.declaredRunner} current
echo '${selfRef}' > flake
[ -e old ] && nix store diff-closures ./old ./current
ln -sfT \$PWD/current /nix/var/nix/gcroots/microvm/${name}
ln -sfT \$PWD/booted /nix/var/nix/gcroots/microvm/booted-${name}
ln -sfT \$PWD/old /nix/var/nix/gcroots/microvm/old-${name}
systemctl restart microvm@${name}.service
END
'';
"nomad-${name}" = pkgs.writeScriptBin "nomad-${name}" ''
#!${pkgs.runtimeShell} -e
${lib.optionalString (hostConfig.c3d2.deployment.server or null == "nomad") ''
echo "MicroVM must be configured for nomad" >&2
exit 1
''}
echo Copying Flakes
nix copy --no-check-sigs --to ssh-ng://root@hydra.serv.zentralwerk.org ${secrets} ${self}
echo Building on Hydra
ssh root@hydra.serv.zentralwerk.org -- \
nix build -L -o /tmp/microvm-${name}.job \
${self}#nixosConfigurations.${name}.config.system.build.nomadJob
echo -n Built. Obtaining path...
JOB=$(ssh root@hydra.serv.zentralwerk.org -- \
readlink /tmp/microvm-${name}.job)
echo \ $JOB
for h in server9 server10 ; do
echo Sharing with $h
ssh root@$h.cluster.zentralwerk.org -- \
bash -e <<EOF &
nix copy --from https://nix-serve.hq.c3d2.de $JOB
mkdir -p /glusterfs/fast/microvms/${name}
chown microvm:kvm /glusterfs/fast/microvms/${name}
chmod 0775 /glusterfs/fast/microvms/${name}
mkdir -p /nix/var/nix/gcroots/microvm
rm -f /nix/var/nix/gcroots/microvm/${name}
ln -sfT $JOB /nix/var/nix/gcroots/microvm/${name}
EOF
done
wait
echo Now starting the job
ssh root@hydra.serv.zentralwerk.org -- \
nomad run -detach $JOB
'';
}) {} (builtins.attrNames self.nixosConfigurations) //
builtins.foldl' (result: host:
let
inherit (self.nixosConfigurations.${host}) config;
in
result // {
# boot any machine in a microvm
"${host}-vm" = (self.nixosConfigurations.${host}
.extendModules {
modules = [ {
microvm = {
mem = nixos.lib.mkForce 2048;
hypervisor = nixos.lib.mkForce "qemu";
socket = nixos.lib.mkForce null;
shares = nixos.lib.mkForce [ {
tag = "ro-store";
source = "/nix/store";
mountPoint = "/nix/.ro-store";
} ];
interfaces = nixos.lib.mkForce [ {
type = "user";
id = "eth0";
mac = "02:23:de:ad:be:ef";
} ];
};
boot.isContainer = lib.mkForce false;
users.users.root.password = "";
fileSystems."/".fsType = lib.mkForce "tmpfs";
services.getty.helpLine = ''
Log in as "root" with an empty password.
Use "reboot" to shut qemu down.
'';
} ] ++ lib.optionals (! config ? microvm) [
microvm.nixosModules.microvm
];
})
.config.microvm.declaredRunner;
"${host}-tftproot" =
if config.system.build ? tftproot
then config.system.build.tftproot
else lib.trace "No tftproot for ${host}" null;
}
) {} (builtins.attrNames self.nixosConfigurations)
) self.legacyPackages;
packages = import ./packages.nix { inherit hostRegistry inputs lib microvm secrets self; };
nixosConfigurations = let
nixosSystem' =

305
packages.nix Normal file
View File

@ -0,0 +1,305 @@
{ hostRegistry, inputs, lib, microvm, secrets, self }:
let
getHostAddr = name:
let
hostConf = hostRegistry.hosts."${name}";
in
if hostConf ? ip4
then hostConf.ip4
else if hostConf ? ip6
then hostConf.ip6
else throw "Host ${name} has no ip4 or ip6 address";
# all the input flakes for `nix copy` to the build machine,
# allowing --override-input
inputPaths = lib.escapeShellArgs (builtins.attrValues inputs);
in
lib.attrsets.mapAttrs (system: pkgs:
let overlayPkgs = builtins.intersectAttrs (self.overlay {} {}) pkgs;
in overlayPkgs //
{
host-registry = pkgs.runCommand "host-registry" {
src = builtins.toFile "host-registry.nix" (
lib.generators.toPretty {} hostRegistry
);
} ''
ln -s $src $out
'';
list-upgradable = pkgs.writeScriptBin "list-upgradable" ''
#! ${pkgs.runtimeShell}
NORMAL="\033[0m"
RED="\033[0;31m"
YELLOW="\033[0;33m"
GREEN="\033[0;32m"
${pkgs.lib.concatMapStringsSep "\n" (name:
let
addr = getHostAddr name;
in lib.optionalString (addr != null) ''
echo -n -e "${name}: $RED"
RUNNING=$(ssh -o PreferredAuthentications=publickey -o StrictHostKeyChecking=accept-new root@"${addr}" "readlink /run/current-system")
if [ $? = 0 ] && [ -n "$RUNNING" ]; then
CURRENT=$(nix eval --raw ".#nixosConfigurations.${name}.config.system.build.toplevel" 2>/dev/null)
RUNNING_VER=$(basename $RUNNING|rev|cut -d - -f 1|rev)
RUNNING_DATE=$(echo $RUNNING_VER|cut -d . -f 3)
CURRENT_VER=$(basename $CURRENT|rev|cut -d - -f 1|rev)
CURRENT_DATE=$(echo $CURRENT_VER|cut -d . -f 3)
if [ "$RUNNING" = "$CURRENT" ]; then
echo -e "$GREEN"current"$NORMAL $RUNNING_VER"
elif [ $RUNNING_DATE -gt $CURRENT_DATE ]; then
echo -e "$GREEN"newer"$NORMAL $RUNNING_VER > $CURRENT_VER"
elif [ "$RUNNING_VER" = "$CURRENT_VER" ]; then
echo -e "$YELLOW"modified"$NORMAL $RUNNING_VER"
elif [ -n "$RUNNING_VER" ]; then
echo -e "$RED"outdated"$NORMAL $RUNNING_VER < $CURRENT_VER"
else
echo -e "$RED"error"$NORMAL $RUNNING_VER"
fi
fi
echo -n -e "$NORMAL"
'') (builtins.attrNames self.nixosConfigurations)}
'';
prebuild-all = pkgs.runCommand "prebuild-all" {
preferLocalBuild = true;
} ''
mkdir $out
${pkgs.lib.concatMapStrings (name: ''
ln -s ${self.nixosConfigurations."${name}".config.system.build.toplevel} name
'') (builtins.attrNames self.nixosConfigurations)}
'';
prebuild-all-remote = pkgs.writeScriptBin "prebuild-all" ''
#!${pkgs.runtimeShell} -e
nix copy --no-check-sigs --to ssh-ng://$1 ${inputPaths}
set -x
ssh $1 -- nix build -L --no-link ${
pkgs.lib.concatMapStringsSep " " (name:
"${self}#nixosConfigurations.${name}.config.system.build.toplevel"
) (builtins.attrNames self.nixosConfigurations)
}
'';
} //
builtins.foldl' (result: host: result // {
# TODO: check if the ethernet address is reachable and if not,
# execute wol on a machine in HQ.
"${host}-wake" = pkgs.writeScriptBin "${host}-wake" ''
#!${pkgs.runtimeShell}
exec ${pkgs.wol}/bin/wol ${hostRegistry.hosts."${host}".ether}
'';
}) {} (builtins.attrNames (lib.filterAttrs (_: { wol ? false, ... }: wol) hostRegistry.hosts)) //
builtins.foldl' (result: name:
let
host = getHostAddr name;
target = ''root@"${host}"'';
rebuildArg = "--flake ${self}#${name} --option extra-substituters https://nix-serve.hq.c3d2.de";
hostConfig = self.nixosConfigurations."${name}".config;
# let /var/lib/microvm/*/flake point to the flake-update branch so that
# `microvm -u $NAME` updates to what hydra built today.
selfRef = "git+https://gitea.c3d2.de/c3d2/nix-config?ref=flake-update";
in result // {
# Generate a small script for copying this flake to the
# remote machine and bulding and switching there.
# Can be run with `nix run c3d2#…-nixos-rebuild switch`
"${name}-nixos-rebuild" = pkgs.writeScriptBin "${name}-nixos-rebuild" ''
#!${pkgs.runtimeShell} -ex
[[ $(ssh ${target} cat /etc/hostname) == ${name} ]]
nix copy --no-check-sigs --to ssh-ng://${target} ${inputPaths}
ssh ${target} nixos-rebuild ${rebuildArg} "$@"
'';
"${name}-nixos-rebuild-hydra" = pkgs.writeScriptBin "${name}-nixos-rebuild" ''
#!${pkgs.runtimeShell} -e
echo Copying Flakes
nix copy --no-check-sigs --to ssh-ng://root@hydra.serv.zentralwerk.org ${inputPaths}
echo Building on Hydra
ssh root@hydra.serv.zentralwerk.org -- \
nix build -L -o /tmp/nixos-system-${name} \
${self}#nixosConfigurations.${name}.config.system.build.toplevel
echo Built. Obtaining link to data
TOPLEVEL=$(ssh root@hydra.serv.zentralwerk.org \
readlink /tmp/nixos-system-${name})
echo Checking target ${name}
ssh ${target} -- bash -e <<EOF
[[ \$(cat /etc/hostname) == ${name} ]]
echo Copying data from Hydra to ${name}
nix copy --from https://nix-serve.hq.c3d2.de \
$TOPLEVEL
echo Activation on ${name}: "$@"
nix-env -p /nix/var/nix/profiles/system --set $TOPLEVEL
$TOPLEVEL/bin/switch-to-configuration "$@"
EOF
'';
"${name}-nixos-rebuild-local" = pkgs.writeScriptBin "${name}-nixos-rebuild" ''
#!${pkgs.runtimeShell} -ex
[[ $1 == build || $(ssh ${target} cat /etc/hostname) == ${name} ]]
${pkgs.nixos-rebuild}/bin/nixos-rebuild ${rebuildArg} --target-host ${target} --use-remote-sudo "$@"
'';
"${name}-cleanup" = pkgs.writeScriptBin "${name}-cleanup" ''
#!${pkgs.runtimeShell} -ex
ssh ${target} "time nix-collect-garbage -d && time nix-store --optimise"
'';
"microvm-update-${name}" = pkgs.writeScriptBin "microvm-update-${name}" ''
#!${pkgs.runtimeShell} -e
${lib.optionalString (! builtins.elem (hostConfig.c3d2.deployment.server or null) [ "server9" "server10" ]) ''
echo "MicroVM must be configured to proper server" >&2
exit 1
''}
${hostConfig.system.build.copyToServer} ${inputPaths}
${hostConfig.system.build.runOnServer} bash -e <<END
mkdir -p /var/lib/microvms/${name}
cd /var/lib/microvms/${name}
chown root:kvm .
chmod 0775 .
rm -f old
[ -e current ] && cp --no-dereference current old
nix build -L \
-o current \
${self}#nixosConfigurations.${name}.config.microvm.declaredRunner
echo '${selfRef}' > flake
[ -e old ] && nix store diff-closures ./old ./current
ln -sfT \$PWD/current /nix/var/nix/gcroots/microvm/${name}
ln -sfT \$PWD/booted /nix/var/nix/gcroots/microvm/booted-${name}
ln -sfT \$PWD/old /nix/var/nix/gcroots/microvm/old-${name}
systemctl restart microvm@${name}.service
END
'';
"microvm-update-${name}-local" = pkgs.writeScriptBin "microvm-update-${name}" ''
#!${pkgs.runtimeShell} -e
${lib.optionalString (! builtins.elem (hostConfig.c3d2.deployment.server or null) [ "server9" "server10" ]) ''
echo "MicroVM must be configured to proper server" >&2
exit 1
''}
${hostConfig.system.build.copyToServer} ${hostConfig.microvm.declaredRunner}
${hostConfig.system.build.runOnServer} bash -e <<END
mkdir -p /var/lib/microvms/${name}
cd /var/lib/microvms/${name}
chown root:kvm .
chmod 0775 .
rm -f old
[ -e current ] && cp --no-dereference current old
ln -sfT ${hostConfig.microvm.declaredRunner} current
echo '${selfRef}' > flake
[ -e old ] && nix store diff-closures ./old ./current
ln -sfT \$PWD/current /nix/var/nix/gcroots/microvm/${name}
ln -sfT \$PWD/booted /nix/var/nix/gcroots/microvm/booted-${name}
ln -sfT \$PWD/old /nix/var/nix/gcroots/microvm/old-${name}
systemctl restart microvm@${name}.service
END
'';
"nomad-${name}" = pkgs.writeScriptBin "nomad-${name}" ''
#!${pkgs.runtimeShell} -e
${lib.optionalString (hostConfig.c3d2.deployment.server or null == "nomad") ''
echo "MicroVM must be configured for nomad" >&2
exit 1
''}
echo Copying Flakes
nix copy --no-check-sigs --to ssh-ng://root@hydra.serv.zentralwerk.org ${secrets} ${self}
echo Building on Hydra
ssh root@hydra.serv.zentralwerk.org -- \
nix build -L -o /tmp/microvm-${name}.job \
${self}#nixosConfigurations.${name}.config.system.build.nomadJob
echo -n Built. Obtaining path...
JOB=$(ssh root@hydra.serv.zentralwerk.org -- \
readlink /tmp/microvm-${name}.job)
echo \ $JOB
for h in server9 server10 ; do
echo Sharing with $h
ssh root@$h.cluster.zentralwerk.org -- \
bash -e <<EOF &
nix copy --from https://nix-serve.hq.c3d2.de $JOB
mkdir -p /glusterfs/fast/microvms/${name}
chown microvm:kvm /glusterfs/fast/microvms/${name}
chmod 0775 /glusterfs/fast/microvms/${name}
mkdir -p /nix/var/nix/gcroots/microvm
rm -f /nix/var/nix/gcroots/microvm/${name}
ln -sfT $JOB /nix/var/nix/gcroots/microvm/${name}
EOF
done
wait
echo Now starting the job
ssh root@hydra.serv.zentralwerk.org -- \
nomad run -detach $JOB
'';
}) {} (builtins.attrNames self.nixosConfigurations) //
builtins.foldl' (result: host:
let
inherit (self.nixosConfigurations.${host}) config;
in
result // {
# boot any machine in a microvm
"${host}-vm" = (self.nixosConfigurations.${host}
.extendModules {
modules = [ {
microvm = {
mem = lib.mkForce 2048;
hypervisor = lib.mkForce "qemu";
socket = lib.mkForce null;
shares = lib.mkForce [ {
tag = "ro-store";
source = "/nix/store";
mountPoint = "/nix/.ro-store";
} ];
interfaces = lib.mkForce [ {
type = "user";
id = "eth0";
mac = "02:23:de:ad:be:ef";
} ];
};
boot.isContainer = lib.mkForce false;
users.users.root.password = "";
fileSystems."/".fsType = lib.mkForce "tmpfs";
services.getty.helpLine = ''
Log in as "root" with an empty password.
Use "reboot" to shut qemu down.
'';
} ] ++ lib.optionals (! config ? microvm) [
microvm.nixosModules.microvm
];
})
.config.microvm.declaredRunner;
"${host}-tftproot" =
if config.system.build ? tftproot
then config.system.build.tftproot
else lib.trace "No tftproot for ${host}" null;
}
) {} (builtins.attrNames self.nixosConfigurations)
) self.legacyPackages