From 729c2ee9b5b1931c7a7d86d96dacdeabe2ddd6d4 Mon Sep 17 00:00:00 2001 From: Tristan Druyen Date: Sun, 3 Nov 2024 14:11:53 +0100 Subject: [PATCH] wip: Update rescue-iso & add rescue-kexec: --- flake.lock | 52 ++++++++++++++++++ flake.nix | 24 ++++++++- systems/rescue-iso/default.nix | 40 ++++++++------ systems/rescue-kexec/default.nix | 90 ++++++++++++++++++++++++++++++++ 4 files changed, 189 insertions(+), 17 deletions(-) create mode 100644 systems/rescue-kexec/default.nix diff --git a/flake.lock b/flake.lock index cefbcc6..f9bac18 100644 --- a/flake.lock +++ b/flake.lock @@ -636,6 +636,57 @@ "type": "github" } }, + "nixos-images": { + "inputs": { + "nixos-stable": "nixos-stable", + "nixos-unstable": "nixos-unstable" + }, + "locked": { + "lastModified": 1729127036, + "narHash": "sha256-NGLgmG+s6jY15TImq8i3GS0IuCCcNSt2McS20q9xRCs=", + "owner": "nix-community", + "repo": "nixos-images", + "rev": "3103f26e0631a543963c03c583f03fd42fd9d51a", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-images", + "type": "github" + } + }, + "nixos-stable": { + "locked": { + "lastModified": 1728909085, + "narHash": "sha256-WLxED18lodtQiayIPDE5zwAfkPJSjHJ35UhZ8h3cJUg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c0b1da36f7c34a7146501f684e9ebdf15d2bebf8", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixos-unstable": { + "locked": { + "lastModified": 1729077633, + "narHash": "sha256-6sIuRVqVMHq9ZwcEVdpf2BuZeuLIUgvFznhIfsc75Jo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "8f1d45587bd9af3dbf5146aa8a1347e20421597b", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1728492678, @@ -754,6 +805,7 @@ "nix-ld-rs": "nix-ld-rs", "nix-wallpaper": "nix-wallpaper", "nixos-hardware": "nixos-hardware", + "nixos-images": "nixos-images", "nixpkgs": "nixpkgs", "nixpkgs-stable": "nixpkgs-stable", "nur": "nur", diff --git a/flake.nix b/flake.nix index e5524dd..46a3c8e 100644 --- a/flake.nix +++ b/flake.nix @@ -16,6 +16,9 @@ nixpkgs-stable = { url = "github:NixOS/nixpkgs/nixos-24.05"; }; + nixos-images = { + url = "github:nix-community/nixos-images"; + }; flake-utils = { url = "github:numtide/flake-utils"; inputs.systems.follows = "systems"; @@ -205,8 +208,27 @@ "${pkg.name}" = pkgs.callPackage pkg.path { }; }) pkgs-paths); + # kexec-installer-path = ./systems/rescue-kexec; + kexec-installer-path = builtins.toPath "${inputs.nixos-images}/nix/kexec-installer/module.nix"; + kexec-installer-fn = nixpkgs: module: (nixpkgs.legacyPackages.${system}.nixos [ module kexec-installer-path ]).config.system.build.kexecTarball; + # rescue-kexec-fn = ./systems/rescue-kexec; + kexec-pkgs = { + # build: + # nix build ".#packages.x86_64-linux.rescue-kexec-pkg" + # + # copy over single files: + # tar -xvf result/nixos-kexec-installer-x86_64-linux.tar.gz + # ssh root@176.9.242.147 "mkdir /root/kexec/" + # for file in (ls ./kexec/); echo Transferring $file; cat ./kexec/$file | ssh root@176.9.242.147 "cat > /root/kexec/$file" ; end + # ssh root@176.9.242.147 "/root/kexec/run" + rescue-kexec-pkg = kexec-installer-fn nixpkgs { + imports = [ ./systems/rescue-kexec ]; + # imports = [ ]; + _module.args = { inherit inputs; }; + }; + }; in - imported-pkgs; + imported-pkgs // kexec-pkgs; diskoConfigurations = { nixos-desk = import ./systems/nixos-desk/disko.nix; nixos-pulse = import ./systems/nixos-pulse/disko.nix; diff --git a/systems/rescue-iso/default.nix b/systems/rescue-iso/default.nix index 1e49891..277947e 100644 --- a/systems/rescue-iso/default.nix +++ b/systems/rescue-iso/default.nix @@ -21,26 +21,34 @@ boot = let - version = "6.12-rc1"; + version = "6.12-rc4"; # version = "6.12-rc3"; kernelPatches = pkgs.callPackage "${inputs.nixpkgs}/pkgs/os-specific/linux/kernel/patches.nix" { }; # ref = "6efbea77b390604a7be7364583e19cd2d6a1291b"; - ref = "bc6d2d10418e1bfdb95b16f5dd4cca42d5dec766"; - linux_mainline = { buildLinux, fetchzip, ... } @ args: buildLinux { - version = version; - src = fetchzip { - # url = "https://git.kernel.org/torvalds/t/linux-${ref}.tar.gz"; - # hash = ""; - url = "https://github.com/koverstreet/bcachefs/archive/${ref}.tar.gz"; - hash = "sha256-tq0dXKVtW1R+Yenv7HG4Qqc1P49OzcJgICpoZLkA/K4="; + # ref = "bc6d2d10418e1bfdb95b16f5dd4cca42d5dec766"; + # ref = "822d4a94d6c27a518e63aec37ec0a2393419537b"; + ref = "7fcd631599f15f9f23d4dd49ac792de59cac6d38"; + linux_mainline = + { buildLinux + , fetchzip + , ... + } @ args: + buildLinux { + version = version; + src = fetchzip { + # url = "https://git.kernel.org/torvalds/t/linux-${ref}.tar.gz"; + # hash = "sha256-xp3a/+Vzwb6l/FcFhFIxbZbhk7S1WKt2W67k4v4swjI="; + # url = "https://github.com/koverstreet/bcachefs/archive/${ref}.tar.gz"; + url = "https://github.com/vault81/linux-bcachefs/archive/${ref}.tar.gz"; + hash = "sha256-/Y+rop6QX+Sr3eUwVBBGVKoYiTT4ai7k92SK/s03vYM="; + }; + modDirVersion = lib.versions.pad 3 version; + kernelPatches = [ + kernelPatches.bridge_stp_helper + kernelPatches.request_key_helper + ]; + extraMeta.branch = "master"; }; - modDirVersion = lib.versions.pad 3 version; - kernelPatches = [ - kernelPatches.bridge_stp_helper - kernelPatches.request_key_helper - ]; - extraMeta.branch = "master"; - }; linuxMainlinePkg = pkgs.callPackage linux_mainline { }; linuxMainlinePkgs = pkgs.recurseIntoAttrs (pkgs.linuxPackagesFor linuxMainlinePkg); in diff --git a/systems/rescue-kexec/default.nix b/systems/rescue-kexec/default.nix new file mode 100644 index 0000000..28b5f78 --- /dev/null +++ b/systems/rescue-kexec/default.nix @@ -0,0 +1,90 @@ +{ lib +, pkgs +, inputs +, ... +}: { + imports = [ + # "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-graphical-plasma5.nix" + # "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix" + # "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/channel.nix" + # "${inputs.nixos-images}/nix/kexec-installer/module.nix" + ]; + + nix = { + settings.experimental-features = [ "nix-command" "flakes" ]; + extraOptions = "experimental-features = nix-command flakes"; + }; + + services = { + openssh.settings.PermitRootLogin = lib.mkForce "yes"; + # TODO Add authorized Keys + }; + + boot = + let + version = "6.12-rc1"; + # version = "6.12-rc3"; + kernelPatches = pkgs.callPackage "${inputs.nixpkgs}/pkgs/os-specific/linux/kernel/patches.nix" { }; + # ref = "6efbea77b390604a7be7364583e19cd2d6a1291b"; + # ref = "bc6d2d10418e1bfdb95b16f5dd4cca42d5dec766"; + ref = "81f8ef6863d2a40bd67b604d46f9a63b6e708818"; + linux_mainline = + { buildLinux + , fetchzip + , ... + } @ args: + buildLinux { + version = version; + src = fetchzip { + # url = "https://git.kernel.org/torvalds/t/linux-${ref}.tar.gz"; + # hash = ""; + # url = "https://github.com/koverstreet/bcachefs/archive/${ref}.tar.gz"; + # hash = "sha256-tq0dXKVtW1R+Yenv7HG4Qqc1P49OzcJgICpoZLkA/K4="; + + url = "https://github.com/koverstreet/bcachefs/archive/${ref}.tar.gz"; + hash = "sha256-kwPeZEpwIOPoLIEBQydyJqzHGpLoJdGqvHqkKaq03oU="; + }; + modDirVersion = lib.versions.pad 3 version; + kernelPatches = [ + kernelPatches.bridge_stp_helper + kernelPatches.request_key_helper + ]; + extraMeta.branch = "master"; + }; + linuxMainlinePkg = pkgs.callPackage linux_mainline { }; + linuxMainlinePkgs = pkgs.recurseIntoAttrs (pkgs.linuxPackagesFor linuxMainlinePkg); + in + { + kernelPackages = lib.mkForce linuxMainlinePkgs; + supportedFilesystems = lib.mkForce [ "bcachefs" "btrfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ]; + }; + + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4xz3EgIRiRb/gmnCSq17kHd4MLilf05zYOFZrwOIrA tristand@nixos-fw16" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDS/4JFRaAPoUaDiwDRbbNoaJqsBzaE+DEdaQH9OezM root@nixos-fw16" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHowJtKj3ohrYjyeWwQ8Lj6UMSPI390SwLRuVIlojcGM tristand@nixos-desk" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDP8ztBIgQsYh7LefSKtuDRYDWNheZWbmIr51T/Np/jc tristand@nixos-pulse" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/tkVxnPZB+C6sK9A12pUsB38OhXieMNaij6pC3foSH admin@vault81.de" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuH8L7mQDg86uJME6jndOu4niwLMASuJKpdbJU8Hfet tristan+desktop@vault81.de" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKokTPK/Gm30kqFAd+u5AT0BL7bG/eNt6pmGf40U8j03 arch-h1" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJ6wPntg8+kVLU4M+ykRuBb37SQd1csUtO3ZIStoW+4 root@he2.vault82.de" + ]; + + users.extraUsers.root.hashedPassword = "$y$j9T$6eIwRNXAtlsVCP4x8GrQi1$PDbhjsbOGyIArOYtxtgc6u.w7I.M4iZbfk3pc7a4b93"; # nixos + users.extraUsers.root.initialPassword = lib.mkForce null; + users.extraUsers.root.initialHashedPassword = lib.mkForce null; + + systemd = { + services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ]; + targets = { + sleep.enable = false; + suspend.enable = false; + hibernate.enable = false; + hybrid-sleep.enable = false; + }; + }; + + networking = { + hostName = "rescue-kexec"; + }; +}