wip: Update rescue-iso & add rescue-kexec:

2024-11-03 14:11:53 +01:00 · 2024-11-03 14:11:53 +01:00 · 729c2ee9b5
commit 729c2ee9b5
parent 50e07fbdba
4 changed files with 189 additions and 17 deletions
--- a/flake.lock
+++ b/flake.lock
@ -636,6 +636,57 @@
        "type": "github"
      }
    },
+    "nixos-images": {
+      "inputs": {
+        "nixos-stable": "nixos-stable",
+        "nixos-unstable": "nixos-unstable"
+      },
+      "locked": {
+        "lastModified": 1729127036,
+        "narHash": "sha256-NGLgmG+s6jY15TImq8i3GS0IuCCcNSt2McS20q9xRCs=",
+        "owner": "nix-community",
+        "repo": "nixos-images",
+        "rev": "3103f26e0631a543963c03c583f03fd42fd9d51a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixos-images",
+        "type": "github"
+      }
+    },
+    "nixos-stable": {
+      "locked": {
+        "lastModified": 1728909085,
+        "narHash": "sha256-WLxED18lodtQiayIPDE5zwAfkPJSjHJ35UhZ8h3cJUg=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "c0b1da36f7c34a7146501f684e9ebdf15d2bebf8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-24.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixos-unstable": {
+      "locked": {
+        "lastModified": 1729077633,
+        "narHash": "sha256-6sIuRVqVMHq9ZwcEVdpf2BuZeuLIUgvFznhIfsc75Jo=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "8f1d45587bd9af3dbf5146aa8a1347e20421597b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable-small",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1728492678,
@ -754,6 +805,7 @@
        "nix-ld-rs": "nix-ld-rs",
        "nix-wallpaper": "nix-wallpaper",
        "nixos-hardware": "nixos-hardware",
+        "nixos-images": "nixos-images",
        "nixpkgs": "nixpkgs",
        "nixpkgs-stable": "nixpkgs-stable",
        "nur": "nur",
--- a/flake.nix
+++ b/flake.nix
@ -16,6 +16,9 @@
    nixpkgs-stable = {
      url = "github:NixOS/nixpkgs/nixos-24.05";
    };
+    nixos-images = {
+      url = "github:nix-community/nixos-images";
+    };
    flake-utils = {
      url = "github:numtide/flake-utils";
      inputs.systems.follows = "systems";
@ -205,8 +208,27 @@
              "${pkg.name}" = pkgs.callPackage pkg.path { };
            })
            pkgs-paths);
+          # kexec-installer-path = ./systems/rescue-kexec;
+          kexec-installer-path = builtins.toPath "${inputs.nixos-images}/nix/kexec-installer/module.nix";
+          kexec-installer-fn = nixpkgs: module: (nixpkgs.legacyPackages.${system}.nixos [ module kexec-installer-path ]).config.system.build.kexecTarball;
+          # rescue-kexec-fn = ./systems/rescue-kexec;
+          kexec-pkgs = {
+            # build:
+            # nix build ".#packages.x86_64-linux.rescue-kexec-pkg"
+            #
+            # copy over single files:
+            # tar -xvf result/nixos-kexec-installer-x86_64-linux.tar.gz
+            # ssh root@176.9.242.147 "mkdir /root/kexec/"
+            # for file in (ls ./kexec/); echo Transferring $file; cat ./kexec/$file |  ssh root@176.9.242.147 "cat > /root/kexec/$file" ; end
+            # ssh root@176.9.242.147 "/root/kexec/run"
+            rescue-kexec-pkg = kexec-installer-fn nixpkgs {
+              imports = [ ./systems/rescue-kexec ];
+              # imports = [ ];
+              _module.args = { inherit inputs; };
+            };
+          };
        in
-        imported-pkgs;
+        imported-pkgs // kexec-pkgs;
      diskoConfigurations = {
        nixos-desk = import ./systems/nixos-desk/disko.nix;
        nixos-pulse = import ./systems/nixos-pulse/disko.nix;
--- a/systems/rescue-iso/default.nix
+++ b/systems/rescue-iso/default.nix
@ -21,18 +21,26 @@

  boot =
    let
-      version = "6.12-rc1";
+      version = "6.12-rc4";
      # version = "6.12-rc3";
      kernelPatches = pkgs.callPackage "${inputs.nixpkgs}/pkgs/os-specific/linux/kernel/patches.nix" { };
      # ref = "6efbea77b390604a7be7364583e19cd2d6a1291b";
-      ref = "bc6d2d10418e1bfdb95b16f5dd4cca42d5dec766";
-      linux_mainline = { buildLinux, fetchzip, ... } @ args: buildLinux {
+      # ref = "bc6d2d10418e1bfdb95b16f5dd4cca42d5dec766";
+      # ref = "822d4a94d6c27a518e63aec37ec0a2393419537b";
+      ref = "7fcd631599f15f9f23d4dd49ac792de59cac6d38";
+      linux_mainline =
+        { buildLinux
+        , fetchzip
+        , ...
+        } @ args:
+        buildLinux {
          version = version;
          src = fetchzip {
            # url = "https://git.kernel.org/torvalds/t/linux-${ref}.tar.gz";
-          # hash = "";
-          url = "https://github.com/koverstreet/bcachefs/archive/${ref}.tar.gz";
-          hash = "sha256-tq0dXKVtW1R+Yenv7HG4Qqc1P49OzcJgICpoZLkA/K4=";
+            # hash = "sha256-xp3a/+Vzwb6l/FcFhFIxbZbhk7S1WKt2W67k4v4swjI=";
+            # url = "https://github.com/koverstreet/bcachefs/archive/${ref}.tar.gz";
+            url = "https://github.com/vault81/linux-bcachefs/archive/${ref}.tar.gz";
+            hash = "sha256-/Y+rop6QX+Sr3eUwVBBGVKoYiTT4ai7k92SK/s03vYM=";
          };
          modDirVersion = lib.versions.pad 3 version;
          kernelPatches = [
--- a/systems/rescue-kexec/default.nix
+++ b/systems/rescue-kexec/default.nix
@ -0,0 +1,90 @@
+{ lib
+, pkgs
+, inputs
+, ...
+}: {
+  imports = [
+    # "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-graphical-plasma5.nix"
+    # "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"
+    #  "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/channel.nix"
+    # "${inputs.nixos-images}/nix/kexec-installer/module.nix"
+  ];
+
+  nix = {
+    settings.experimental-features = [ "nix-command" "flakes" ];
+    extraOptions = "experimental-features = nix-command flakes";
+  };
+
+  services = {
+    openssh.settings.PermitRootLogin = lib.mkForce "yes";
+    # TODO Add authorized Keys
+  };
+
+  boot =
+    let
+      version = "6.12-rc1";
+      # version = "6.12-rc3";
+      kernelPatches = pkgs.callPackage "${inputs.nixpkgs}/pkgs/os-specific/linux/kernel/patches.nix" { };
+      # ref = "6efbea77b390604a7be7364583e19cd2d6a1291b";
+      # ref = "bc6d2d10418e1bfdb95b16f5dd4cca42d5dec766";
+      ref = "81f8ef6863d2a40bd67b604d46f9a63b6e708818";
+      linux_mainline =
+        { buildLinux
+        , fetchzip
+        , ...
+        } @ args:
+        buildLinux {
+          version = version;
+          src = fetchzip {
+            # url = "https://git.kernel.org/torvalds/t/linux-${ref}.tar.gz";
+            # hash = "";
+            # url = "https://github.com/koverstreet/bcachefs/archive/${ref}.tar.gz";
+            # hash = "sha256-tq0dXKVtW1R+Yenv7HG4Qqc1P49OzcJgICpoZLkA/K4=";
+
+            url = "https://github.com/koverstreet/bcachefs/archive/${ref}.tar.gz";
+            hash = "sha256-kwPeZEpwIOPoLIEBQydyJqzHGpLoJdGqvHqkKaq03oU=";
+          };
+          modDirVersion = lib.versions.pad 3 version;
+          kernelPatches = [
+            kernelPatches.bridge_stp_helper
+            kernelPatches.request_key_helper
+          ];
+          extraMeta.branch = "master";
+        };
+      linuxMainlinePkg = pkgs.callPackage linux_mainline { };
+      linuxMainlinePkgs = pkgs.recurseIntoAttrs (pkgs.linuxPackagesFor linuxMainlinePkg);
+    in
+    {
+      kernelPackages = lib.mkForce linuxMainlinePkgs;
+      supportedFilesystems = lib.mkForce [ "bcachefs" "btrfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ];
+    };
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4xz3EgIRiRb/gmnCSq17kHd4MLilf05zYOFZrwOIrA tristand@nixos-fw16"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDS/4JFRaAPoUaDiwDRbbNoaJqsBzaE+DEdaQH9OezM root@nixos-fw16"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHowJtKj3ohrYjyeWwQ8Lj6UMSPI390SwLRuVIlojcGM tristand@nixos-desk"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDP8ztBIgQsYh7LefSKtuDRYDWNheZWbmIr51T/Np/jc tristand@nixos-pulse"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/tkVxnPZB+C6sK9A12pUsB38OhXieMNaij6pC3foSH admin@vault81.de"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuH8L7mQDg86uJME6jndOu4niwLMASuJKpdbJU8Hfet tristan+desktop@vault81.de"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKokTPK/Gm30kqFAd+u5AT0BL7bG/eNt6pmGf40U8j03 arch-h1"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJ6wPntg8+kVLU4M+ykRuBb37SQd1csUtO3ZIStoW+4 root@he2.vault82.de"
+  ];
+
+  users.extraUsers.root.hashedPassword = "$y$j9T$6eIwRNXAtlsVCP4x8GrQi1$PDbhjsbOGyIArOYtxtgc6u.w7I.M4iZbfk3pc7a4b93"; # nixos
+  users.extraUsers.root.initialPassword = lib.mkForce null;
+  users.extraUsers.root.initialHashedPassword = lib.mkForce null;
+
+  systemd = {
+    services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
+    targets = {
+      sleep.enable = false;
+      suspend.enable = false;
+      hibernate.enable = false;
+      hybrid-sleep.enable = false;
+    };
+  };
+
+  networking = {
+    hostName = "rescue-kexec";
+  };
+}