wip: Update rescue-iso & add rescue-kexec:

2024-11-03 14:11:53 +01:00 · 2024-11-03 14:11:53 +01:00 · 729c2ee9b5
commit 729c2ee9b5
parent 50e07fbdba
4 changed files with 189 additions and 17 deletions
--- a/flake.lock
+++ b/flake.lock
@ -636,6 +636,57 @@
        "type": "github"
      }
    },
    "nixos-images": {
      "inputs": {
        "nixos-stable": "nixos-stable",
        "nixos-unstable": "nixos-unstable"
      },
      "locked": {
        "lastModified": 1729127036,
        "narHash": "sha256-NGLgmG+s6jY15TImq8i3GS0IuCCcNSt2McS20q9xRCs=",
        "owner": "nix-community",
        "repo": "nixos-images",
        "rev": "3103f26e0631a543963c03c583f03fd42fd9d51a",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "nixos-images",
        "type": "github"
      }
    },
    "nixos-stable": {
      "locked": {
        "lastModified": 1728909085,
        "narHash": "sha256-WLxED18lodtQiayIPDE5zwAfkPJSjHJ35UhZ8h3cJUg=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "c0b1da36f7c34a7146501f684e9ebdf15d2bebf8",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-24.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixos-unstable": {
      "locked": {
        "lastModified": 1729077633,
        "narHash": "sha256-6sIuRVqVMHq9ZwcEVdpf2BuZeuLIUgvFznhIfsc75Jo=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "8f1d45587bd9af3dbf5146aa8a1347e20421597b",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-unstable-small",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1728492678,
@ -754,6 +805,7 @@
        "nix-ld-rs": "nix-ld-rs",
        "nix-wallpaper": "nix-wallpaper",
        "nixos-hardware": "nixos-hardware",
        "nixos-images": "nixos-images",
        "nixpkgs": "nixpkgs",
        "nixpkgs-stable": "nixpkgs-stable",
        "nur": "nur",
--- a/flake.nix
+++ b/flake.nix
@ -16,6 +16,9 @@
    nixpkgs-stable = {
      url = "github:NixOS/nixpkgs/nixos-24.05";
    };
    nixos-images = {
      url = "github:nix-community/nixos-images";
    };
    flake-utils = {
      url = "github:numtide/flake-utils";
      inputs.systems.follows = "systems";
@ -205,8 +208,27 @@
              "${pkg.name}" = pkgs.callPackage pkg.path { };
            })
            pkgs-paths);
          # kexec-installer-path = ./systems/rescue-kexec;
          kexec-installer-path = builtins.toPath "${inputs.nixos-images}/nix/kexec-installer/module.nix";
          kexec-installer-fn = nixpkgs: module: (nixpkgs.legacyPackages.${system}.nixos [ module kexec-installer-path ]).config.system.build.kexecTarball;
          # rescue-kexec-fn = ./systems/rescue-kexec;
          kexec-pkgs = {
            # build:
            # nix build ".#packages.x86_64-linux.rescue-kexec-pkg"
            #
            # copy over single files:
            # tar -xvf result/nixos-kexec-installer-x86_64-linux.tar.gz
            # ssh root@176.9.242.147 "mkdir /root/kexec/"
            # for file in (ls ./kexec/); echo Transferring $file; cat ./kexec/$file |  ssh root@176.9.242.147 "cat > /root/kexec/$file" ; end
            # ssh root@176.9.242.147 "/root/kexec/run"
            rescue-kexec-pkg = kexec-installer-fn nixpkgs {
              imports = [ ./systems/rescue-kexec ];
              # imports = [ ];
              _module.args = { inherit inputs; };
            };
          };
        in
-        imported-pkgs;
+        imported-pkgs // kexec-pkgs;
      diskoConfigurations = {
        nixos-desk = import ./systems/nixos-desk/disko.nix;
        nixos-pulse = import ./systems/nixos-pulse/disko.nix;
--- a/systems/rescue-iso/default.nix
+++ b/systems/rescue-iso/default.nix
@ -21,26 +21,34 @@
  boot =
    let
-      version = "6.12-rc1";
+      version = "6.12-rc4";
      # version = "6.12-rc3";
      kernelPatches = pkgs.callPackage "${inputs.nixpkgs}/pkgs/os-specific/linux/kernel/patches.nix" { };
      # ref = "6efbea77b390604a7be7364583e19cd2d6a1291b";
-      ref = "bc6d2d10418e1bfdb95b16f5dd4cca42d5dec766";
+      # ref = "bc6d2d10418e1bfdb95b16f5dd4cca42d5dec766";
-      linux_mainline = { buildLinux, fetchzip, ... } @ args: buildLinux {
+      # ref = "822d4a94d6c27a518e63aec37ec0a2393419537b";
-        version = version;
+      ref = "7fcd631599f15f9f23d4dd49ac792de59cac6d38";
-        src = fetchzip {
+      linux_mainline =
-          # url = "https://git.kernel.org/torvalds/t/linux-${ref}.tar.gz";
+        { buildLinux
-          # hash = "";
+        , fetchzip
-          url = "https://github.com/koverstreet/bcachefs/archive/${ref}.tar.gz";
+        , ...
-          hash = "sha256-tq0dXKVtW1R+Yenv7HG4Qqc1P49OzcJgICpoZLkA/K4=";
+        } @ args:
        buildLinux {
          version = version;
          src = fetchzip {
            # url = "https://git.kernel.org/torvalds/t/linux-${ref}.tar.gz";
            # hash = "sha256-xp3a/+Vzwb6l/FcFhFIxbZbhk7S1WKt2W67k4v4swjI=";
            # url = "https://github.com/koverstreet/bcachefs/archive/${ref}.tar.gz";
            url = "https://github.com/vault81/linux-bcachefs/archive/${ref}.tar.gz";
            hash = "sha256-/Y+rop6QX+Sr3eUwVBBGVKoYiTT4ai7k92SK/s03vYM=";
          };
          modDirVersion = lib.versions.pad 3 version;
          kernelPatches = [
            kernelPatches.bridge_stp_helper
            kernelPatches.request_key_helper
          ];
          extraMeta.branch = "master";
        };
        modDirVersion = lib.versions.pad 3 version;
        kernelPatches = [
          kernelPatches.bridge_stp_helper
          kernelPatches.request_key_helper
        ];
        extraMeta.branch = "master";
      };
      linuxMainlinePkg = pkgs.callPackage linux_mainline { };
      linuxMainlinePkgs = pkgs.recurseIntoAttrs (pkgs.linuxPackagesFor linuxMainlinePkg);
    in
--- a/systems/rescue-kexec/default.nix
+++ b/systems/rescue-kexec/default.nix
@ -0,0 +1,90 @@
 { lib
 , pkgs
 , inputs
 , ...
 }: {
  imports = [
    # "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-graphical-plasma5.nix"
    # "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"
    #  "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/channel.nix"
    # "${inputs.nixos-images}/nix/kexec-installer/module.nix"
  ];
  nix = {
    settings.experimental-features = [ "nix-command" "flakes" ];
    extraOptions = "experimental-features = nix-command flakes";
  };
  services = {
    openssh.settings.PermitRootLogin = lib.mkForce "yes";
    # TODO Add authorized Keys
  };
  boot =
    let
      version = "6.12-rc1";
      # version = "6.12-rc3";
      kernelPatches = pkgs.callPackage "${inputs.nixpkgs}/pkgs/os-specific/linux/kernel/patches.nix" { };
      # ref = "6efbea77b390604a7be7364583e19cd2d6a1291b";
      # ref = "bc6d2d10418e1bfdb95b16f5dd4cca42d5dec766";
      ref = "81f8ef6863d2a40bd67b604d46f9a63b6e708818";
      linux_mainline =
        { buildLinux
        , fetchzip
        , ...
        } @ args:
        buildLinux {
          version = version;
          src = fetchzip {
            # url = "https://git.kernel.org/torvalds/t/linux-${ref}.tar.gz";
            # hash = "";
            # url = "https://github.com/koverstreet/bcachefs/archive/${ref}.tar.gz";
            # hash = "sha256-tq0dXKVtW1R+Yenv7HG4Qqc1P49OzcJgICpoZLkA/K4=";
            url = "https://github.com/koverstreet/bcachefs/archive/${ref}.tar.gz";
            hash = "sha256-kwPeZEpwIOPoLIEBQydyJqzHGpLoJdGqvHqkKaq03oU=";
          };
          modDirVersion = lib.versions.pad 3 version;
          kernelPatches = [
            kernelPatches.bridge_stp_helper
            kernelPatches.request_key_helper
          ];
          extraMeta.branch = "master";
        };
      linuxMainlinePkg = pkgs.callPackage linux_mainline { };
      linuxMainlinePkgs = pkgs.recurseIntoAttrs (pkgs.linuxPackagesFor linuxMainlinePkg);
    in
    {
      kernelPackages = lib.mkForce linuxMainlinePkgs;
      supportedFilesystems = lib.mkForce [ "bcachefs" "btrfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ];
    };
  users.users.root.openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4xz3EgIRiRb/gmnCSq17kHd4MLilf05zYOFZrwOIrA tristand@nixos-fw16"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDS/4JFRaAPoUaDiwDRbbNoaJqsBzaE+DEdaQH9OezM root@nixos-fw16"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHowJtKj3ohrYjyeWwQ8Lj6UMSPI390SwLRuVIlojcGM tristand@nixos-desk"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDP8ztBIgQsYh7LefSKtuDRYDWNheZWbmIr51T/Np/jc tristand@nixos-pulse"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/tkVxnPZB+C6sK9A12pUsB38OhXieMNaij6pC3foSH admin@vault81.de"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuH8L7mQDg86uJME6jndOu4niwLMASuJKpdbJU8Hfet tristan+desktop@vault81.de"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKokTPK/Gm30kqFAd+u5AT0BL7bG/eNt6pmGf40U8j03 arch-h1"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJ6wPntg8+kVLU4M+ykRuBb37SQd1csUtO3ZIStoW+4 root@he2.vault82.de"
  ];
  users.extraUsers.root.hashedPassword = "$y$j9T$6eIwRNXAtlsVCP4x8GrQi1$PDbhjsbOGyIArOYtxtgc6u.w7I.M4iZbfk3pc7a4b93"; # nixos
  users.extraUsers.root.initialPassword = lib.mkForce null;
  users.extraUsers.root.initialHashedPassword = lib.mkForce null;
  systemd = {
    services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
    targets = {
      sleep.enable = false;
      suspend.enable = false;
      hibernate.enable = false;
      hybrid-sleep.enable = false;
    };
  };
  networking = {
    hostName = "rescue-kexec";
  };
 }