Move flake packages into its own file
This commit is contained in:
parent
f5e671befb
commit
dcaecc7229
302
flake.nix
302
flake.nix
|
@ -177,10 +177,6 @@
|
|||
let
|
||||
inherit (nixos) lib;
|
||||
|
||||
# all the input flakes for `nix copy` to the build machine,
|
||||
# allowing --override-input
|
||||
inputPaths = lib.escapeShellArgs (builtins.attrValues inputs);
|
||||
|
||||
extractZwHosts = { hosts4, hosts6, ... }:
|
||||
lib.recursiveUpdate (
|
||||
builtins.foldl' (result: name:
|
||||
|
@ -205,16 +201,6 @@
|
|||
};
|
||||
extraHostRegistry.hosts = import ./host-registry.nix;
|
||||
hostRegistry = lib.recursiveUpdate zwHostRegistry extraHostRegistry;
|
||||
|
||||
getHostAddr = name:
|
||||
let
|
||||
hostConf = hostRegistry.hosts."${name}";
|
||||
in
|
||||
if hostConf ? ip4
|
||||
then hostConf.ip4
|
||||
else if hostConf ? ip6
|
||||
then hostConf.ip6
|
||||
else throw "Host ${name} has no ip4 or ip6 address";
|
||||
in {
|
||||
overlay = import ./overlay {
|
||||
inherit nixos-unstable;
|
||||
|
@ -228,293 +214,7 @@
|
|||
self.overlay
|
||||
]) nixos.legacyPackages;
|
||||
|
||||
packages = lib.attrsets.mapAttrs (system: pkgs:
|
||||
let overlayPkgs = builtins.intersectAttrs (self.overlay {} {}) pkgs;
|
||||
in overlayPkgs //
|
||||
{
|
||||
host-registry = pkgs.runCommand "host-registry" {
|
||||
src = builtins.toFile "host-registry.nix" (
|
||||
lib.generators.toPretty {} hostRegistry
|
||||
);
|
||||
} ''
|
||||
ln -s $src $out
|
||||
'';
|
||||
|
||||
list-upgradable = pkgs.writeScriptBin "list-upgradable" ''
|
||||
#! ${pkgs.runtimeShell}
|
||||
|
||||
NORMAL="\033[0m"
|
||||
RED="\033[0;31m"
|
||||
YELLOW="\033[0;33m"
|
||||
GREEN="\033[0;32m"
|
||||
|
||||
${pkgs.lib.concatMapStringsSep "\n" (name:
|
||||
let
|
||||
addr = getHostAddr name;
|
||||
in nixos.lib.optionalString (addr != null) ''
|
||||
echo -n -e "${name}: $RED"
|
||||
RUNNING=$(ssh -o PreferredAuthentications=publickey -o StrictHostKeyChecking=accept-new root@"${addr}" "readlink /run/current-system")
|
||||
if [ $? = 0 ] && [ -n "$RUNNING" ]; then
|
||||
CURRENT=$(nix eval --raw ".#nixosConfigurations.${name}.config.system.build.toplevel" 2>/dev/null)
|
||||
RUNNING_VER=$(basename $RUNNING|rev|cut -d - -f 1|rev)
|
||||
RUNNING_DATE=$(echo $RUNNING_VER|cut -d . -f 3)
|
||||
CURRENT_VER=$(basename $CURRENT|rev|cut -d - -f 1|rev)
|
||||
CURRENT_DATE=$(echo $CURRENT_VER|cut -d . -f 3)
|
||||
|
||||
if [ "$RUNNING" = "$CURRENT" ]; then
|
||||
echo -e "$GREEN"current"$NORMAL $RUNNING_VER"
|
||||
elif [ $RUNNING_DATE -gt $CURRENT_DATE ]; then
|
||||
echo -e "$GREEN"newer"$NORMAL $RUNNING_VER > $CURRENT_VER"
|
||||
elif [ "$RUNNING_VER" = "$CURRENT_VER" ]; then
|
||||
echo -e "$YELLOW"modified"$NORMAL $RUNNING_VER"
|
||||
elif [ -n "$RUNNING_VER" ]; then
|
||||
echo -e "$RED"outdated"$NORMAL $RUNNING_VER < $CURRENT_VER"
|
||||
else
|
||||
echo -e "$RED"error"$NORMAL $RUNNING_VER"
|
||||
fi
|
||||
fi
|
||||
echo -n -e "$NORMAL"
|
||||
'') (builtins.attrNames self.nixosConfigurations)}
|
||||
'';
|
||||
|
||||
prebuild-all = pkgs.runCommand "prebuild-all" {
|
||||
preferLocalBuild = true;
|
||||
} ''
|
||||
mkdir $out
|
||||
|
||||
${pkgs.lib.concatMapStrings (name: ''
|
||||
ln -s ${self.nixosConfigurations."${name}".config.system.build.toplevel} name
|
||||
'') (builtins.attrNames self.nixosConfigurations)}
|
||||
'';
|
||||
|
||||
prebuild-all-remote = pkgs.writeScriptBin "prebuild-all" ''
|
||||
#!${pkgs.runtimeShell} -e
|
||||
|
||||
nix copy --no-check-sigs --to ssh-ng://$1 ${inputPaths}
|
||||
|
||||
set -x
|
||||
ssh $1 -- nix build -L --no-link ${
|
||||
pkgs.lib.concatMapStringsSep " " (name:
|
||||
"${self}#nixosConfigurations.${name}.config.system.build.toplevel"
|
||||
) (builtins.attrNames self.nixosConfigurations)
|
||||
}
|
||||
'';
|
||||
|
||||
} //
|
||||
|
||||
builtins.foldl' (result: host: result // {
|
||||
# TODO: check if the ethernet address is reachable and if not,
|
||||
# execute wol on a machine in HQ.
|
||||
"${host}-wake" = pkgs.writeScriptBin "${host}-wake" ''
|
||||
#!${pkgs.runtimeShell}
|
||||
exec ${pkgs.wol}/bin/wol ${hostRegistry.hosts."${host}".ether}
|
||||
'';
|
||||
}) {} (builtins.attrNames (nixos.lib.filterAttrs (_: { wol ? false, ... }: wol) hostRegistry.hosts)) //
|
||||
|
||||
builtins.foldl' (result: name:
|
||||
let
|
||||
host = getHostAddr name;
|
||||
target = ''root@"${host}"'';
|
||||
rebuildArg = "--flake ${self}#${name} --option extra-substituters https://nix-serve.hq.c3d2.de";
|
||||
hostConfig = self.nixosConfigurations."${name}".config;
|
||||
# let /var/lib/microvm/*/flake point to the flake-update branch so that
|
||||
# `microvm -u $NAME` updates to what hydra built today.
|
||||
selfRef = "git+https://gitea.c3d2.de/c3d2/nix-config?ref=flake-update";
|
||||
in result // {
|
||||
# Generate a small script for copying this flake to the
|
||||
# remote machine and bulding and switching there.
|
||||
# Can be run with `nix run c3d2#…-nixos-rebuild switch`
|
||||
"${name}-nixos-rebuild" = pkgs.writeScriptBin "${name}-nixos-rebuild" ''
|
||||
#!${pkgs.runtimeShell} -ex
|
||||
[[ $(ssh ${target} cat /etc/hostname) == ${name} ]]
|
||||
nix copy --no-check-sigs --to ssh-ng://${target} ${inputPaths}
|
||||
ssh ${target} nixos-rebuild ${rebuildArg} "$@"
|
||||
'';
|
||||
|
||||
"${name}-nixos-rebuild-hydra" = pkgs.writeScriptBin "${name}-nixos-rebuild" ''
|
||||
#!${pkgs.runtimeShell} -e
|
||||
echo Copying Flakes
|
||||
nix copy --no-check-sigs --to ssh-ng://root@hydra.serv.zentralwerk.org ${inputPaths}
|
||||
echo Building on Hydra
|
||||
ssh root@hydra.serv.zentralwerk.org -- \
|
||||
nix build -L -o /tmp/nixos-system-${name} \
|
||||
${self}#nixosConfigurations.${name}.config.system.build.toplevel
|
||||
echo Built. Obtaining link to data
|
||||
TOPLEVEL=$(ssh root@hydra.serv.zentralwerk.org \
|
||||
readlink /tmp/nixos-system-${name})
|
||||
echo Checking target ${name}
|
||||
ssh ${target} -- bash -e <<EOF
|
||||
[[ \$(cat /etc/hostname) == ${name} ]]
|
||||
echo Copying data from Hydra to ${name}
|
||||
nix copy --from https://nix-serve.hq.c3d2.de \
|
||||
$TOPLEVEL
|
||||
echo Activation on ${name}: "$@"
|
||||
nix-env -p /nix/var/nix/profiles/system --set $TOPLEVEL
|
||||
$TOPLEVEL/bin/switch-to-configuration "$@"
|
||||
EOF
|
||||
'';
|
||||
|
||||
"${name}-nixos-rebuild-local" = pkgs.writeScriptBin "${name}-nixos-rebuild" ''
|
||||
#!${pkgs.runtimeShell} -ex
|
||||
[[ $1 == build || $(ssh ${target} cat /etc/hostname) == ${name} ]]
|
||||
${pkgs.nixos-rebuild}/bin/nixos-rebuild ${rebuildArg} --target-host ${target} --use-remote-sudo "$@"
|
||||
'';
|
||||
|
||||
"${name}-cleanup" = pkgs.writeScriptBin "${name}-cleanup" ''
|
||||
#!${pkgs.runtimeShell} -ex
|
||||
ssh ${target} "time nix-collect-garbage -d && time nix-store --optimise"
|
||||
'';
|
||||
|
||||
"microvm-update-${name}" = pkgs.writeScriptBin "microvm-update-${name}" ''
|
||||
#!${pkgs.runtimeShell} -e
|
||||
|
||||
${lib.optionalString (! builtins.elem (hostConfig.c3d2.deployment.server or null) [ "server9" "server10" ]) ''
|
||||
echo "MicroVM must be configured to proper server" >&2
|
||||
exit 1
|
||||
''}
|
||||
|
||||
${hostConfig.system.build.copyToServer} ${inputPaths}
|
||||
|
||||
${hostConfig.system.build.runOnServer} bash -e <<END
|
||||
mkdir -p /var/lib/microvms/${name}
|
||||
cd /var/lib/microvms/${name}
|
||||
chown root:kvm .
|
||||
chmod 0775 .
|
||||
|
||||
rm -f old
|
||||
[ -e current ] && cp --no-dereference current old
|
||||
|
||||
nix build -L \
|
||||
-o current \
|
||||
${self}#nixosConfigurations.${name}.config.microvm.declaredRunner
|
||||
echo '${selfRef}' > flake
|
||||
|
||||
[ -e old ] && nix store diff-closures ./old ./current
|
||||
ln -sfT \$PWD/current /nix/var/nix/gcroots/microvm/${name}
|
||||
ln -sfT \$PWD/booted /nix/var/nix/gcroots/microvm/booted-${name}
|
||||
ln -sfT \$PWD/old /nix/var/nix/gcroots/microvm/old-${name}
|
||||
|
||||
systemctl restart microvm@${name}.service
|
||||
END
|
||||
'';
|
||||
|
||||
"microvm-update-${name}-local" = pkgs.writeScriptBin "microvm-update-${name}" ''
|
||||
#!${pkgs.runtimeShell} -e
|
||||
|
||||
${lib.optionalString (! builtins.elem (hostConfig.c3d2.deployment.server or null) [ "server9" "server10" ]) ''
|
||||
echo "MicroVM must be configured to proper server" >&2
|
||||
exit 1
|
||||
''}
|
||||
|
||||
${hostConfig.system.build.copyToServer} ${hostConfig.microvm.declaredRunner}
|
||||
|
||||
${hostConfig.system.build.runOnServer} bash -e <<END
|
||||
mkdir -p /var/lib/microvms/${name}
|
||||
cd /var/lib/microvms/${name}
|
||||
chown root:kvm .
|
||||
chmod 0775 .
|
||||
|
||||
rm -f old
|
||||
[ -e current ] && cp --no-dereference current old
|
||||
|
||||
ln -sfT ${hostConfig.microvm.declaredRunner} current
|
||||
echo '${selfRef}' > flake
|
||||
|
||||
[ -e old ] && nix store diff-closures ./old ./current
|
||||
ln -sfT \$PWD/current /nix/var/nix/gcroots/microvm/${name}
|
||||
ln -sfT \$PWD/booted /nix/var/nix/gcroots/microvm/booted-${name}
|
||||
ln -sfT \$PWD/old /nix/var/nix/gcroots/microvm/old-${name}
|
||||
|
||||
systemctl restart microvm@${name}.service
|
||||
END
|
||||
'';
|
||||
|
||||
"nomad-${name}" = pkgs.writeScriptBin "nomad-${name}" ''
|
||||
#!${pkgs.runtimeShell} -e
|
||||
|
||||
${lib.optionalString (hostConfig.c3d2.deployment.server or null == "nomad") ''
|
||||
echo "MicroVM must be configured for nomad" >&2
|
||||
exit 1
|
||||
''}
|
||||
|
||||
echo Copying Flakes
|
||||
nix copy --no-check-sigs --to ssh-ng://root@hydra.serv.zentralwerk.org ${secrets} ${self}
|
||||
|
||||
echo Building on Hydra
|
||||
ssh root@hydra.serv.zentralwerk.org -- \
|
||||
nix build -L -o /tmp/microvm-${name}.job \
|
||||
${self}#nixosConfigurations.${name}.config.system.build.nomadJob
|
||||
|
||||
echo -n Built. Obtaining path...
|
||||
JOB=$(ssh root@hydra.serv.zentralwerk.org -- \
|
||||
readlink /tmp/microvm-${name}.job)
|
||||
echo \ $JOB
|
||||
|
||||
for h in server9 server10 ; do
|
||||
echo Sharing with $h
|
||||
ssh root@$h.cluster.zentralwerk.org -- \
|
||||
bash -e <<EOF &
|
||||
nix copy --from https://nix-serve.hq.c3d2.de $JOB
|
||||
mkdir -p /glusterfs/fast/microvms/${name}
|
||||
chown microvm:kvm /glusterfs/fast/microvms/${name}
|
||||
chmod 0775 /glusterfs/fast/microvms/${name}
|
||||
mkdir -p /nix/var/nix/gcroots/microvm
|
||||
rm -f /nix/var/nix/gcroots/microvm/${name}
|
||||
ln -sfT $JOB /nix/var/nix/gcroots/microvm/${name}
|
||||
EOF
|
||||
done
|
||||
wait
|
||||
|
||||
echo Now starting the job
|
||||
ssh root@hydra.serv.zentralwerk.org -- \
|
||||
nomad run -detach $JOB
|
||||
'';
|
||||
}) {} (builtins.attrNames self.nixosConfigurations) //
|
||||
|
||||
builtins.foldl' (result: host:
|
||||
let
|
||||
inherit (self.nixosConfigurations.${host}) config;
|
||||
in
|
||||
result // {
|
||||
# boot any machine in a microvm
|
||||
"${host}-vm" = (self.nixosConfigurations.${host}
|
||||
.extendModules {
|
||||
modules = [ {
|
||||
microvm = {
|
||||
mem = nixos.lib.mkForce 2048;
|
||||
hypervisor = nixos.lib.mkForce "qemu";
|
||||
socket = nixos.lib.mkForce null;
|
||||
shares = nixos.lib.mkForce [ {
|
||||
tag = "ro-store";
|
||||
source = "/nix/store";
|
||||
mountPoint = "/nix/.ro-store";
|
||||
} ];
|
||||
interfaces = nixos.lib.mkForce [ {
|
||||
type = "user";
|
||||
id = "eth0";
|
||||
mac = "02:23:de:ad:be:ef";
|
||||
} ];
|
||||
};
|
||||
boot.isContainer = lib.mkForce false;
|
||||
users.users.root.password = "";
|
||||
fileSystems."/".fsType = lib.mkForce "tmpfs";
|
||||
services.getty.helpLine = ''
|
||||
Log in as "root" with an empty password.
|
||||
Use "reboot" to shut qemu down.
|
||||
'';
|
||||
} ] ++ lib.optionals (! config ? microvm) [
|
||||
microvm.nixosModules.microvm
|
||||
];
|
||||
})
|
||||
.config.microvm.declaredRunner;
|
||||
|
||||
"${host}-tftproot" =
|
||||
if config.system.build ? tftproot
|
||||
then config.system.build.tftproot
|
||||
else lib.trace "No tftproot for ${host}" null;
|
||||
}
|
||||
) {} (builtins.attrNames self.nixosConfigurations)
|
||||
) self.legacyPackages;
|
||||
packages = import ./packages.nix { inherit hostRegistry inputs lib microvm secrets self; };
|
||||
|
||||
nixosConfigurations = let
|
||||
nixosSystem' =
|
||||
|
|
|
@ -0,0 +1,305 @@
|
|||
{ hostRegistry, inputs, lib, microvm, secrets, self }:
|
||||
|
||||
let
|
||||
getHostAddr = name:
|
||||
let
|
||||
hostConf = hostRegistry.hosts."${name}";
|
||||
in
|
||||
if hostConf ? ip4
|
||||
then hostConf.ip4
|
||||
else if hostConf ? ip6
|
||||
then hostConf.ip6
|
||||
else throw "Host ${name} has no ip4 or ip6 address";
|
||||
|
||||
|
||||
# all the input flakes for `nix copy` to the build machine,
|
||||
# allowing --override-input
|
||||
inputPaths = lib.escapeShellArgs (builtins.attrValues inputs);
|
||||
in
|
||||
lib.attrsets.mapAttrs (system: pkgs:
|
||||
let overlayPkgs = builtins.intersectAttrs (self.overlay {} {}) pkgs;
|
||||
in overlayPkgs //
|
||||
{
|
||||
host-registry = pkgs.runCommand "host-registry" {
|
||||
src = builtins.toFile "host-registry.nix" (
|
||||
lib.generators.toPretty {} hostRegistry
|
||||
);
|
||||
} ''
|
||||
ln -s $src $out
|
||||
'';
|
||||
|
||||
list-upgradable = pkgs.writeScriptBin "list-upgradable" ''
|
||||
#! ${pkgs.runtimeShell}
|
||||
|
||||
NORMAL="\033[0m"
|
||||
RED="\033[0;31m"
|
||||
YELLOW="\033[0;33m"
|
||||
GREEN="\033[0;32m"
|
||||
|
||||
${pkgs.lib.concatMapStringsSep "\n" (name:
|
||||
let
|
||||
addr = getHostAddr name;
|
||||
in lib.optionalString (addr != null) ''
|
||||
echo -n -e "${name}: $RED"
|
||||
RUNNING=$(ssh -o PreferredAuthentications=publickey -o StrictHostKeyChecking=accept-new root@"${addr}" "readlink /run/current-system")
|
||||
if [ $? = 0 ] && [ -n "$RUNNING" ]; then
|
||||
CURRENT=$(nix eval --raw ".#nixosConfigurations.${name}.config.system.build.toplevel" 2>/dev/null)
|
||||
RUNNING_VER=$(basename $RUNNING|rev|cut -d - -f 1|rev)
|
||||
RUNNING_DATE=$(echo $RUNNING_VER|cut -d . -f 3)
|
||||
CURRENT_VER=$(basename $CURRENT|rev|cut -d - -f 1|rev)
|
||||
CURRENT_DATE=$(echo $CURRENT_VER|cut -d . -f 3)
|
||||
|
||||
if [ "$RUNNING" = "$CURRENT" ]; then
|
||||
echo -e "$GREEN"current"$NORMAL $RUNNING_VER"
|
||||
elif [ $RUNNING_DATE -gt $CURRENT_DATE ]; then
|
||||
echo -e "$GREEN"newer"$NORMAL $RUNNING_VER > $CURRENT_VER"
|
||||
elif [ "$RUNNING_VER" = "$CURRENT_VER" ]; then
|
||||
echo -e "$YELLOW"modified"$NORMAL $RUNNING_VER"
|
||||
elif [ -n "$RUNNING_VER" ]; then
|
||||
echo -e "$RED"outdated"$NORMAL $RUNNING_VER < $CURRENT_VER"
|
||||
else
|
||||
echo -e "$RED"error"$NORMAL $RUNNING_VER"
|
||||
fi
|
||||
fi
|
||||
echo -n -e "$NORMAL"
|
||||
'') (builtins.attrNames self.nixosConfigurations)}
|
||||
'';
|
||||
|
||||
prebuild-all = pkgs.runCommand "prebuild-all" {
|
||||
preferLocalBuild = true;
|
||||
} ''
|
||||
mkdir $out
|
||||
|
||||
${pkgs.lib.concatMapStrings (name: ''
|
||||
ln -s ${self.nixosConfigurations."${name}".config.system.build.toplevel} name
|
||||
'') (builtins.attrNames self.nixosConfigurations)}
|
||||
'';
|
||||
|
||||
prebuild-all-remote = pkgs.writeScriptBin "prebuild-all" ''
|
||||
#!${pkgs.runtimeShell} -e
|
||||
|
||||
nix copy --no-check-sigs --to ssh-ng://$1 ${inputPaths}
|
||||
|
||||
set -x
|
||||
ssh $1 -- nix build -L --no-link ${
|
||||
pkgs.lib.concatMapStringsSep " " (name:
|
||||
"${self}#nixosConfigurations.${name}.config.system.build.toplevel"
|
||||
) (builtins.attrNames self.nixosConfigurations)
|
||||
}
|
||||
'';
|
||||
|
||||
} //
|
||||
|
||||
builtins.foldl' (result: host: result // {
|
||||
# TODO: check if the ethernet address is reachable and if not,
|
||||
# execute wol on a machine in HQ.
|
||||
"${host}-wake" = pkgs.writeScriptBin "${host}-wake" ''
|
||||
#!${pkgs.runtimeShell}
|
||||
exec ${pkgs.wol}/bin/wol ${hostRegistry.hosts."${host}".ether}
|
||||
'';
|
||||
}) {} (builtins.attrNames (lib.filterAttrs (_: { wol ? false, ... }: wol) hostRegistry.hosts)) //
|
||||
|
||||
builtins.foldl' (result: name:
|
||||
let
|
||||
host = getHostAddr name;
|
||||
target = ''root@"${host}"'';
|
||||
rebuildArg = "--flake ${self}#${name} --option extra-substituters https://nix-serve.hq.c3d2.de";
|
||||
hostConfig = self.nixosConfigurations."${name}".config;
|
||||
# let /var/lib/microvm/*/flake point to the flake-update branch so that
|
||||
# `microvm -u $NAME` updates to what hydra built today.
|
||||
selfRef = "git+https://gitea.c3d2.de/c3d2/nix-config?ref=flake-update";
|
||||
in result // {
|
||||
# Generate a small script for copying this flake to the
|
||||
# remote machine and bulding and switching there.
|
||||
# Can be run with `nix run c3d2#…-nixos-rebuild switch`
|
||||
"${name}-nixos-rebuild" = pkgs.writeScriptBin "${name}-nixos-rebuild" ''
|
||||
#!${pkgs.runtimeShell} -ex
|
||||
[[ $(ssh ${target} cat /etc/hostname) == ${name} ]]
|
||||
nix copy --no-check-sigs --to ssh-ng://${target} ${inputPaths}
|
||||
ssh ${target} nixos-rebuild ${rebuildArg} "$@"
|
||||
'';
|
||||
|
||||
"${name}-nixos-rebuild-hydra" = pkgs.writeScriptBin "${name}-nixos-rebuild" ''
|
||||
#!${pkgs.runtimeShell} -e
|
||||
echo Copying Flakes
|
||||
nix copy --no-check-sigs --to ssh-ng://root@hydra.serv.zentralwerk.org ${inputPaths}
|
||||
echo Building on Hydra
|
||||
ssh root@hydra.serv.zentralwerk.org -- \
|
||||
nix build -L -o /tmp/nixos-system-${name} \
|
||||
${self}#nixosConfigurations.${name}.config.system.build.toplevel
|
||||
echo Built. Obtaining link to data
|
||||
TOPLEVEL=$(ssh root@hydra.serv.zentralwerk.org \
|
||||
readlink /tmp/nixos-system-${name})
|
||||
echo Checking target ${name}
|
||||
ssh ${target} -- bash -e <<EOF
|
||||
[[ \$(cat /etc/hostname) == ${name} ]]
|
||||
echo Copying data from Hydra to ${name}
|
||||
nix copy --from https://nix-serve.hq.c3d2.de \
|
||||
$TOPLEVEL
|
||||
echo Activation on ${name}: "$@"
|
||||
nix-env -p /nix/var/nix/profiles/system --set $TOPLEVEL
|
||||
$TOPLEVEL/bin/switch-to-configuration "$@"
|
||||
EOF
|
||||
'';
|
||||
|
||||
"${name}-nixos-rebuild-local" = pkgs.writeScriptBin "${name}-nixos-rebuild" ''
|
||||
#!${pkgs.runtimeShell} -ex
|
||||
[[ $1 == build || $(ssh ${target} cat /etc/hostname) == ${name} ]]
|
||||
${pkgs.nixos-rebuild}/bin/nixos-rebuild ${rebuildArg} --target-host ${target} --use-remote-sudo "$@"
|
||||
'';
|
||||
|
||||
"${name}-cleanup" = pkgs.writeScriptBin "${name}-cleanup" ''
|
||||
#!${pkgs.runtimeShell} -ex
|
||||
ssh ${target} "time nix-collect-garbage -d && time nix-store --optimise"
|
||||
'';
|
||||
|
||||
"microvm-update-${name}" = pkgs.writeScriptBin "microvm-update-${name}" ''
|
||||
#!${pkgs.runtimeShell} -e
|
||||
|
||||
${lib.optionalString (! builtins.elem (hostConfig.c3d2.deployment.server or null) [ "server9" "server10" ]) ''
|
||||
echo "MicroVM must be configured to proper server" >&2
|
||||
exit 1
|
||||
''}
|
||||
|
||||
${hostConfig.system.build.copyToServer} ${inputPaths}
|
||||
|
||||
${hostConfig.system.build.runOnServer} bash -e <<END
|
||||
mkdir -p /var/lib/microvms/${name}
|
||||
cd /var/lib/microvms/${name}
|
||||
chown root:kvm .
|
||||
chmod 0775 .
|
||||
|
||||
rm -f old
|
||||
[ -e current ] && cp --no-dereference current old
|
||||
|
||||
nix build -L \
|
||||
-o current \
|
||||
${self}#nixosConfigurations.${name}.config.microvm.declaredRunner
|
||||
echo '${selfRef}' > flake
|
||||
|
||||
[ -e old ] && nix store diff-closures ./old ./current
|
||||
ln -sfT \$PWD/current /nix/var/nix/gcroots/microvm/${name}
|
||||
ln -sfT \$PWD/booted /nix/var/nix/gcroots/microvm/booted-${name}
|
||||
ln -sfT \$PWD/old /nix/var/nix/gcroots/microvm/old-${name}
|
||||
|
||||
systemctl restart microvm@${name}.service
|
||||
END
|
||||
'';
|
||||
|
||||
"microvm-update-${name}-local" = pkgs.writeScriptBin "microvm-update-${name}" ''
|
||||
#!${pkgs.runtimeShell} -e
|
||||
|
||||
${lib.optionalString (! builtins.elem (hostConfig.c3d2.deployment.server or null) [ "server9" "server10" ]) ''
|
||||
echo "MicroVM must be configured to proper server" >&2
|
||||
exit 1
|
||||
''}
|
||||
|
||||
${hostConfig.system.build.copyToServer} ${hostConfig.microvm.declaredRunner}
|
||||
|
||||
${hostConfig.system.build.runOnServer} bash -e <<END
|
||||
mkdir -p /var/lib/microvms/${name}
|
||||
cd /var/lib/microvms/${name}
|
||||
chown root:kvm .
|
||||
chmod 0775 .
|
||||
|
||||
rm -f old
|
||||
[ -e current ] && cp --no-dereference current old
|
||||
|
||||
ln -sfT ${hostConfig.microvm.declaredRunner} current
|
||||
echo '${selfRef}' > flake
|
||||
|
||||
[ -e old ] && nix store diff-closures ./old ./current
|
||||
ln -sfT \$PWD/current /nix/var/nix/gcroots/microvm/${name}
|
||||
ln -sfT \$PWD/booted /nix/var/nix/gcroots/microvm/booted-${name}
|
||||
ln -sfT \$PWD/old /nix/var/nix/gcroots/microvm/old-${name}
|
||||
|
||||
systemctl restart microvm@${name}.service
|
||||
END
|
||||
'';
|
||||
|
||||
"nomad-${name}" = pkgs.writeScriptBin "nomad-${name}" ''
|
||||
#!${pkgs.runtimeShell} -e
|
||||
|
||||
${lib.optionalString (hostConfig.c3d2.deployment.server or null == "nomad") ''
|
||||
echo "MicroVM must be configured for nomad" >&2
|
||||
exit 1
|
||||
''}
|
||||
|
||||
echo Copying Flakes
|
||||
nix copy --no-check-sigs --to ssh-ng://root@hydra.serv.zentralwerk.org ${secrets} ${self}
|
||||
|
||||
echo Building on Hydra
|
||||
ssh root@hydra.serv.zentralwerk.org -- \
|
||||
nix build -L -o /tmp/microvm-${name}.job \
|
||||
${self}#nixosConfigurations.${name}.config.system.build.nomadJob
|
||||
|
||||
echo -n Built. Obtaining path...
|
||||
JOB=$(ssh root@hydra.serv.zentralwerk.org -- \
|
||||
readlink /tmp/microvm-${name}.job)
|
||||
echo \ $JOB
|
||||
|
||||
for h in server9 server10 ; do
|
||||
echo Sharing with $h
|
||||
ssh root@$h.cluster.zentralwerk.org -- \
|
||||
bash -e <<EOF &
|
||||
nix copy --from https://nix-serve.hq.c3d2.de $JOB
|
||||
mkdir -p /glusterfs/fast/microvms/${name}
|
||||
chown microvm:kvm /glusterfs/fast/microvms/${name}
|
||||
chmod 0775 /glusterfs/fast/microvms/${name}
|
||||
mkdir -p /nix/var/nix/gcroots/microvm
|
||||
rm -f /nix/var/nix/gcroots/microvm/${name}
|
||||
ln -sfT $JOB /nix/var/nix/gcroots/microvm/${name}
|
||||
EOF
|
||||
done
|
||||
wait
|
||||
|
||||
echo Now starting the job
|
||||
ssh root@hydra.serv.zentralwerk.org -- \
|
||||
nomad run -detach $JOB
|
||||
'';
|
||||
}) {} (builtins.attrNames self.nixosConfigurations) //
|
||||
|
||||
builtins.foldl' (result: host:
|
||||
let
|
||||
inherit (self.nixosConfigurations.${host}) config;
|
||||
in
|
||||
result // {
|
||||
# boot any machine in a microvm
|
||||
"${host}-vm" = (self.nixosConfigurations.${host}
|
||||
.extendModules {
|
||||
modules = [ {
|
||||
microvm = {
|
||||
mem = lib.mkForce 2048;
|
||||
hypervisor = lib.mkForce "qemu";
|
||||
socket = lib.mkForce null;
|
||||
shares = lib.mkForce [ {
|
||||
tag = "ro-store";
|
||||
source = "/nix/store";
|
||||
mountPoint = "/nix/.ro-store";
|
||||
} ];
|
||||
interfaces = lib.mkForce [ {
|
||||
type = "user";
|
||||
id = "eth0";
|
||||
mac = "02:23:de:ad:be:ef";
|
||||
} ];
|
||||
};
|
||||
boot.isContainer = lib.mkForce false;
|
||||
users.users.root.password = "";
|
||||
fileSystems."/".fsType = lib.mkForce "tmpfs";
|
||||
services.getty.helpLine = ''
|
||||
Log in as "root" with an empty password.
|
||||
Use "reboot" to shut qemu down.
|
||||
'';
|
||||
} ] ++ lib.optionals (! config ? microvm) [
|
||||
microvm.nixosModules.microvm
|
||||
];
|
||||
})
|
||||
.config.microvm.declaredRunner;
|
||||
|
||||
"${host}-tftproot" =
|
||||
if config.system.build ? tftproot
|
||||
then config.system.build.tftproot
|
||||
else lib.trace "No tftproot for ${host}" null;
|
||||
}
|
||||
) {} (builtins.attrNames self.nixosConfigurations)
|
||||
) self.legacyPackages
|
Loading…
Reference in New Issue