From 026385d64a495ab3860cfa175c9a21b04eb91c44 Mon Sep 17 00:00:00 2001 From: Florian Agbuya Date: Tue, 2 Jan 2024 16:25:33 +0800 Subject: [PATCH 01/12] add new systemd.tmpfiles option --- systemd-compat.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systemd-compat.nix b/systemd-compat.nix index 11464c6..cb223b8 100644 --- a/systemd-compat.nix +++ b/systemd-compat.nix @@ -9,6 +9,8 @@ with lib; }; systemd.user = mkOption { }; + systemd.tmpfiles = mkOption { + }; }; config = { }; From 3d62a9bd6dbdd85756552e6840a6755924338b18 Mon Sep 17 00:00:00 2001 From: Florian Agbuya Date: Tue, 2 Jan 2024 16:24:44 +0800 Subject: [PATCH 02/12] activationSripts: add previous var value --- base.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/base.nix b/base.nix index 7eaee32..c1881cb 100644 --- a/base.nix +++ b/base.nix @@ -155,6 +155,23 @@ with lib; # dummy to make setup-etc happy ''; system.activationScripts.etc = stringAfter [ "users" "groups" ] config.system.build.etcActivationCommands; + # Re-apply deprecated var value due to systemd preference in recent nixpkgs + # See https://github.com/NixOS/nixpkgs/commit/59e37267556eb917146ca3110ab7c96905b9ffbd + system.activationScripts.var = lib.mkForce '' + # Various log/runtime directories. + + mkdir -p /var/tmp + chmod 1777 /var/tmp + + # Empty, immutable home directory of many system accounts. + mkdir -p /var/empty + # Make sure it's really empty + ${pkgs.e2fsprogs}/bin/chattr -f -i /var/empty || true + find /var/empty -mindepth 1 -delete + chmod 0555 /var/empty + chown root:root /var/empty + ${pkgs.e2fsprogs}/bin/chattr -f +i /var/empty || true + ''; # nix-build -A system.build.toplevel && du -h $(nix-store -qR result) --max=0 -BM|sort -n system.build.toplevel = pkgs.runCommand "not-os" { From 0da22c5b022c3670b6f8955fb539798ac2e1da3e Mon Sep 17 00:00:00 2001 From: Florian Agbuya Date: Mon, 15 Jan 2024 14:35:28 +0800 Subject: [PATCH 03/12] enable host key generation on first boot --- base.nix | 4 --- gen_keys | 4 --- runit.nix | 8 +++++- ssh/ssh_host_ed25519_key | 7 ----- ssh/ssh_host_ed25519_key.pub | 1 - ssh/ssh_host_rsa_key | 51 ------------------------------------ ssh/ssh_host_rsa_key.pub | 1 - 7 files changed, 7 insertions(+), 69 deletions(-) delete mode 100755 gen_keys delete mode 100644 ssh/ssh_host_ed25519_key delete mode 100644 ssh/ssh_host_ed25519_key.pub delete mode 100644 ssh/ssh_host_rsa_key delete mode 100644 ssh/ssh_host_rsa_key.pub diff --git a/base.nix b/base.nix index 7eaee32..622cbf1 100644 --- a/base.nix +++ b/base.nix @@ -120,10 +120,6 @@ with lib; root:x:0: nixbld:x:30000:nixbld1,nixbld10,nixbld2,nixbld3,nixbld4,nixbld5,nixbld6,nixbld7,nixbld8,nixbld9 ''; - "ssh/ssh_host_rsa_key.pub".source = ./ssh/ssh_host_rsa_key.pub; - "ssh/ssh_host_rsa_key" = { mode = "0600"; source = ./ssh/ssh_host_rsa_key; }; - "ssh/ssh_host_ed25519_key.pub".source = ./ssh/ssh_host_ed25519_key.pub; - "ssh/ssh_host_ed25519_key" = { mode = "0600"; source = ./ssh/ssh_host_ed25519_key; }; }; boot.kernelParams = [ "systemConfig=${config.system.build.toplevel}" ]; boot.kernelPackages = lib.mkDefault (if pkgs.system == "armv7l-linux" then pkgs.linuxPackages_rpi1 else pkgs.linuxPackages); diff --git a/gen_keys b/gen_keys deleted file mode 100755 index ee586a2..0000000 --- a/gen_keys +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -mkdir ssh -ssh-keygen -t rsa -b 4096 -f ssh/ssh_host_rsa_key -N "" -ssh-keygen -t ed25519 -f ssh/ssh_host_ed25519_key -N "" diff --git a/runit.nix b/runit.nix index d7b0bf3..6d602b6 100644 --- a/runit.nix +++ b/runit.nix @@ -2,7 +2,6 @@ let sshd_config = pkgs.writeText "sshd_config" '' - HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_ed25519_key Port 22 PidFile /run/sshd.pid @@ -30,6 +29,13 @@ in { "runit/1".source = pkgs.writeScript "1" '' #!${pkgs.runtimeShell} + + ED25519_KEY="/etc/ssh/ssh_host_ed25519_key" + + if [ ! -f $ED25519_KEY ]; then + ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $ED25519_KEY -N "" + fi + ${lib.optionalString config.not-os.simpleStaticIp '' ip addr add 10.0.2.15 dev eth0 ip link set eth0 up diff --git a/ssh/ssh_host_ed25519_key b/ssh/ssh_host_ed25519_key deleted file mode 100644 index 62f3b04..0000000 --- a/ssh/ssh_host_ed25519_key +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN OPENSSH PRIVATE KEY----- -b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW -QyNTUxOQAAACCyu5b2+49W47G9KYQj+7xz1YuY3w3Iz1kb/eIgNWPF7wAAAJhmBZVCZgWV -QgAAAAtzc2gtZWQyNTUxOQAAACCyu5b2+49W47G9KYQj+7xz1YuY3w3Iz1kb/eIgNWPF7w -AAAEBALOVU4aPZln0n7z7AR5jOoVnT7OhWAJiROqTw9ecEILK7lvb7j1bjsb0phCP7vHPV -i5jfDcjPWRv94iA1Y8XvAAAAEGNsZXZlckBhbWQtbml4b3MBAgMEBQ== ------END OPENSSH PRIVATE KEY----- diff --git a/ssh/ssh_host_ed25519_key.pub b/ssh/ssh_host_ed25519_key.pub deleted file mode 100644 index c636ae4..0000000 --- a/ssh/ssh_host_ed25519_key.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILK7lvb7j1bjsb0phCP7vHPVi5jfDcjPWRv94iA1Y8Xv clever@amd-nixos diff --git a/ssh/ssh_host_rsa_key b/ssh/ssh_host_rsa_key deleted file mode 100644 index d9c3b46..0000000 --- a/ssh/ssh_host_rsa_key +++ /dev/null @@ -1,51 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIJKAIBAAKCAgEAxTB2amEQdRnxKKoTpm81Eydd0gSgiotd0Ujeg+eEkArLwlWv -6gjoeNEzcNH8tZ0g3sjk1SVheZNxdHWCXqJnL/EIpoGn8VNW7pgRP1ZgW48wPjJ7 -dN8eve/28d2QCDYEkZNDTjHzDEHP/TxngjA6lli0KX6SfJbKUmqR/kdn8A5NpsjM -BmjQ/UkMTAH/KG3HhSHRoljHFsyfKw917a3uO9ahLiEnFih36/V9anjljboEZAux -XKNFUJFWkn+QPGLnPQtrP85ZUtSEFiwjOCcjCctps+miRJwZsNHE2erqelJbJb7v -Cq+paoffxc27U7dhvLoz2f9XalW4Sj8mL45kyysrN4WBSDxi1znPjxD6PuNsabCe -TBisHj2M09Zv7hZIoR53Jv6cjwZoML5MN6VA2yc/OAoYvDAJET/ZRPkl8tzzvMXo -Y+bfyUitYA3FJjBInFm+mmVkHTqi/V7SwFKWGXRhAO2JU0cUXUrDyI7OKnNS4Vue -h5O7UHGhtBvoFLDpkr9GJwNJNZXtNdK77eQXPDkv0k2qQcLZQLGRR4hBTIL9GAgE -3nlCGs6bNw+OgaiWMqcLwoe8IBeq0WDrjRDEuyoIOREAQYZ0twYrhvT5rLXhz9IJ -nUyn7P7uX4/i2tDWy3iPHJHNtFSD2lLA+xuXA6xoW1REfL3lCpIHZtpopP8CAwEA -AQKCAgEAjbNYtPNRd0UQJq+pdUWe90enxP8sOsMRxQ4/ULxzZ2tKpzkaM+z42bFD -7QQJPJ1QfKgSwRSeqlYJBq5W5BiCXFIybCzp+aJw6v3+DuzMS59nBJsUWpTnq4gg -hgg4s53VxKL1j+CXDqzQgOMCYuyzfUz7EoJxU/SsKXOJvBemGjy9EmhjLQvvesQe -gRRCPtQ8t2/pDGgNkVWz36a5kPYXJ4sBwntychrcqoR7/qIoG6Ob+iTo7HArpEz8 -0EO465wLHbPx+yUWzU4IKULIgFaneCdjqzTuNa2TTJxBgHOu0f4Sn9pIPv6imPpR -FPzVa8BxDMUl87bpI3G8ACbHEw+ZX52wxC5/149ofu9jxBiGxODsmCGullIsGnEH -F0PhA2kJzzb/MPcfZRGTvp0kbP9i3DM1yTa2vLSWT2hCi94zpRRiWMgN4azwvQeA -o/KLlQ78hRu8wdJ5lwn5/iDpDr13TN5cHc7uhf/bVdwOcS9uSMAZvdIqazThQhgy -G3AF5oIg/8MYz/pGwZg4aUmLTXB8O/Xgqtj5yUduMxR/vChZiKWHNt6EWT1VMHKs -ktVBiLUZvp8kfWqSNVcLjt7tI2+Dwy2hNIPpRXZOu7cSf0A0YsZlcB/MLWBKKtMk -mnYL1+rFTuR9TB6YkmDWwRqTHTEtyaXPADRX9j8Y0kF0Qd0JATECggEBAPp1+P5m -wWMn2xOuBb+Znv036O+NOnQ+OPP04lFXwSHUsR6BMPJDaA2B3n+15vGCxzMLNQsl -qn44WiUm2hv8BwO9DkFm/VpB9yj+30gnP6RXThPUsO6msN1XTa+F6GnnoJ8vRfnO -9+iRU97Owwi8IGoHeVlsXRKhbi6cIJ0Y711b6uN97mBnOB+ig0F7L2lHrRRVYO3R -SPpvZunsksZEoxdNGM4qTbhVjFve1gXWHNzzqDGzCqwnPWynVE8jEjM3jEp5GRKo -jIEEN4k1SBI5Ovou07qogLgtsZnudxlJCDSgLITlJbCMwluZ+sjpxu6GIZrbNtYt -yaCS+wwMvZYuWbcCggEBAMmM4kv2Na9Y272/oRIh5J14op4qMBWOqjXTdAX0WhrD -ay/+s77t6Gq/oMgmulqQLLgZcGkrz7Z8DWfdNoSxZvQQcftr3CHrgRiZvyFzvhRN -bnk3vTAT1Ay1nRFOmHsciOGVI8EijRVIunFJu2r4aIfQ6RUpBV16RwMk9CYjYcA1 -DAYc+IEDfH9SFmWAkO2/X9Gv7616fvAQsIjT+lSTkM6SPpvvwW7g/X3sM138ATJm -8EcBbT7NvTmGbVSDYhzSyPc/DfZXnNhSMXPZrbwRJQNhUzL26TsOJUCzzD9yhwAC -JTOON3VBqE3IRlKVlts5bghDcCxxFVK87U2pR6BvrvkCggEAWmTboc2qPEQ1MEwd -bQJfvFpCarrY/v06Buo6CEuYu8IMzsqnxLgJRN67U/Jt0Hp3tHd2BHjqqLVj64az -L2hti67fB0HJbJrkPlqGcX8g3ApadpPL68YjjS8mLZQxxo8/jFQ+eCN3m+tfjsmm -4G8tb7cU1+5hRQkYQCA/MRO/yD0VcFeSAh8exWQc5TQ1b1TcJbuOySZApYoxZXnp -mz9IcW905WulM0NE7h9ltSOKtUAHUzCgSHO9Gorlxc4NkoiYzIQaRX6pfyLrfEzL -nzAilgryhaqtEkwDjl/fgjO2j2/DwY8GZErZFsBjH8In9wxX8pDtoK1T2O1TSA0N -G7fMzwKCAQA1omgWDs76eor/U59pU9uijBe6Pz/MfMqOyFZ3vy67MIW1n/H1PRo8 -TgJbQPMWZod/9kUTt7TuutRWb2eyqALdsAKlBW7vF9yiz0ctf791Z6WeXFbcFGq5 -dxr1IBUzrcQ/Q5DgNHGW2GPFAfn93Vzzx4Q/PUtQNNnw3EScYY4BuBwbBFqc+nCG -8TFEkZH/so2tH0SIxbBB8i8IOmDDYQGH9yLyHDs9ZmIOwGxq9kTbRMlsG9UWgWl5 -hWxSsSPKx8zy/rSYeXgjmLvQOH0jLuzKmXuqdEpcjMcdELupprCGMAv2TEI10eMX -z9Pm5ife7sl5KXkQWodyHRSJNiL5br8BAoIBADu7tRChFC5oplnjQ2LYNbS58pv3 -+44RLBe6pZjiHTo9lSRmS+ymRrVoGyJWHEsS1eWjYZseuLjgQ0GuegF7fpeqqIST -gXRaJ3OkjBWXtSNt48zsaWUMUO6qI8V7viMmxnzWskELaoHJTmOQSUXS9/L0/MFz -1vhe6VN+xxlb0+x2if326RGJBIrDwInnTcMoIT0kPo1t9HWvs1pO29Qkg3Zellmg -iEarmJVdr9WO26j72e1IYBauorVQHG9rqdv6YOdtvqKSqqh/Axm3G2HAXKJd7s9T -FZYTE/OZsUWzEbRv73ZbzDFhva3BbHAHV71y4Uyllk85/PQ5qXISkf84gM4= ------END RSA PRIVATE KEY----- diff --git a/ssh/ssh_host_rsa_key.pub b/ssh/ssh_host_rsa_key.pub deleted file mode 100644 index 63dbd02..0000000 --- a/ssh/ssh_host_rsa_key.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFMHZqYRB1GfEoqhOmbzUTJ13SBKCKi13RSN6D54SQCsvCVa/qCOh40TNw0fy1nSDeyOTVJWF5k3F0dYJeomcv8QimgafxU1bumBE/VmBbjzA+Mnt03x697/bx3ZAINgSRk0NOMfMMQc/9PGeCMDqWWLQpfpJ8lspSapH+R2fwDk2myMwGaND9SQxMAf8obceFIdGiWMcWzJ8rD3Xtre471qEuIScWKHfr9X1qeOWNugRkC7Fco0VQkVaSf5A8Yuc9C2s/zllS1IQWLCM4JyMJy2mz6aJEnBmw0cTZ6up6Ulslvu8Kr6lqh9/FzbtTt2G8ujPZ/1dqVbhKPyYvjmTLKys3hYFIPGLXOc+PEPo+42xpsJ5MGKwePYzT1m/uFkihHncm/pyPBmgwvkw3pUDbJz84Chi8MAkRP9lE+SXy3PO8xehj5t/JSK1gDcUmMEicWb6aZWQdOqL9XtLAUpYZdGEA7YlTRxRdSsPIjs4qc1LhW56Hk7tQcaG0G+gUsOmSv0YnA0k1le010rvt5Bc8OS/STapBwtlAsZFHiEFMgv0YCATeeUIazps3D46BqJYypwvCh7wgF6rRYOuNEMS7Kgg5EQBBhnS3BiuG9PmsteHP0gmdTKfs/u5fj+La0NbLeI8ckc20VIPaUsD7G5cDrGhbVER8veUKkgdm2mik/w== clever@amd-nixos From 89bd809654518efe962ae1601782deb0182e614f Mon Sep 17 00:00:00 2001 From: David Date: Fri, 17 May 2024 12:22:40 +0200 Subject: [PATCH 04/12] fix: enable <( ... ) on bash --- stage-2-init.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/stage-2-init.sh b/stage-2-init.sh index 6cc08e2..2ee22fc 100644 --- a/stage-2-init.sh +++ b/stage-2-init.sh @@ -17,6 +17,8 @@ mount -t devpts devpts /dev/pts mount -t tmpfs tmpfs /run mount -t tmpfs tmpfs /dev/shm +ln -s /proc/self/fd /dev/fd + $systemConfig/activate exec runit From 055d526ac1fb2bcc85cadd74ee185ed03a1f6a4a Mon Sep 17 00:00:00 2001 From: David Date: Fri, 17 May 2024 21:06:58 +0200 Subject: [PATCH 05/12] fix: echo when services start; start sshd properly catches start loops in case there are any --- runit.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/runit.nix b/runit.nix index 6d602b6..07be641 100644 --- a/runit.nix +++ b/runit.nix @@ -67,10 +67,12 @@ in ''; "service/sshd/run".source = pkgs.writeScript "sshd_run" '' #!${pkgs.runtimeShell} - ${pkgs.openssh}/bin/sshd -f ${sshd_config} + echo Start ssh daemon + ${pkgs.openssh}/bin/sshd -D -e -f ${sshd_config} ''; "service/nix/run".source = pkgs.writeScript "nix" '' #!${pkgs.runtimeShell} + echo Start nix daemon nix-store --load-db < /nix/store/nix-path-registration nix-daemon ''; @@ -78,6 +80,7 @@ in (lib.mkIf config.not-os.rngd { "service/rngd/run".source = pkgs.writeScript "rngd" '' #!${pkgs.runtimeShell} + ecoh Start rng daemon export PATH=$PATH:${pkgs.rng-tools}/bin exec rngd -r /dev/hwrng ''; From 6efd14a8622fba9b13a54cae751d6e7f98451664 Mon Sep 17 00:00:00 2001 From: David Date: Sun, 12 May 2024 17:41:07 +0200 Subject: [PATCH 06/12] feat: compress with zstd if possible --- stage-1.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/stage-1.nix b/stage-1.nix index 331fecd..6d556f0 100644 --- a/stage-1.nix +++ b/stage-1.nix @@ -188,6 +188,10 @@ let exec ${shell} ''; initialRamdisk = pkgs.makeInitrd { + compressor = + if lib.versionAtLeast config.boot.kernelPackages.kernel.version "5.9" + then "zstd" + else "gzip"; contents = [ { object = bootStage1; symlink = "/init"; } ]; }; in From 431fe93dc0e9d9d3d8d8fe6f659d5996cf446be2 Mon Sep 17 00:00:00 2001 From: David Date: Sat, 18 May 2024 14:30:04 +0200 Subject: [PATCH 07/12] feat: enable dhcp --- base.nix | 5 +++++ runit.nix | 15 ++++++++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/base.nix b/base.nix index 142085c..61a38cf 100644 --- a/base.nix +++ b/base.nix @@ -22,6 +22,10 @@ with lib; type = types.bool; description = "enable nix-daemon and a writeable store"; }; + not-os.dhcp = mkOption { + type = types.bool; + description = "enable dhcp initial discovery on startup"; + }; not-os.rngd = mkOption { type = types.bool; description = "enable rngd"; @@ -99,6 +103,7 @@ with lib; passwd.text = '' root:x:0:0:System administrator:/root:/run/current-system/sw/bin/bash sshd:x:498:65534:SSH privilege separation user:/var/empty:/run/current-system/sw/bin/nologin + dhcpcd:x:499:65534:DHCP Client privilege separation user:/var/empty:/run/current-system/sw/bin/nologin toxvpn:x:1010:65534::/var/lib/toxvpn:/run/current-system/sw/bin/nologin nixbld1:x:30001:30000:Nix build user 1:/var/empty:/run/current-system/sw/bin/nologin nixbld2:x:30002:30000:Nix build user 2:/var/empty:/run/current-system/sw/bin/nologin diff --git a/runit.nix b/runit.nix index 07be641..4c23d50 100644 --- a/runit.nix +++ b/runit.nix @@ -42,9 +42,16 @@ in ip route add 10.0.2.0/24 dev eth0 ip route add default via 10.0.2.2 dev eth0 ''} + mkdir /bin/ ln -s ${pkgs.runtimeShell} /bin/sh + ${lib.optionalString config.not-os.dhcp '' + mkdir -p /var/db/dhcpcd /var/run/dhcpcd + touch /etc/dhcpcd.conf + ${pkgs.dhcpcd}/sbin/dhcpcd --oneshot + ''} + ${lib.optionalString (config.networking.timeServers != []) '' ${pkgs.ntp}/bin/ntpdate ${toString config.networking.timeServers} ''} @@ -54,7 +61,6 @@ in touch /etc/runit/stopit chmod 0 /etc/runit/stopit - ${if true then "" else "${pkgs.dhcpcd}/sbin/dhcpcd"} ''; "runit/2".source = pkgs.writeScript "2" '' #!${pkgs.runtimeShell} @@ -77,6 +83,13 @@ in nix-daemon ''; } + (lib.mkIf config.not-os.dhcp { + "service/dhcp/run".source = pkgs.writeScript "dhcp_run" '' + #!${pkgs.runtimeShell} + echo Start dhcp client + ${pkgs.dhcpcd}/sbin/dhcpcd --background + ''; + }) (lib.mkIf config.not-os.rngd { "service/rngd/run".source = pkgs.writeScript "rngd" '' #!${pkgs.runtimeShell} From 52666655a7bc316001382a8337451d519bf6bf74 Mon Sep 17 00:00:00 2001 From: David Date: Sat, 18 May 2024 14:36:22 +0200 Subject: [PATCH 08/12] feat: post mount and extra start scripts --- base.nix | 5 +++++ runit.nix | 2 ++ stage-1.nix | 5 +++++ 3 files changed, 12 insertions(+) diff --git a/base.nix b/base.nix index 61a38cf..5e51e68 100644 --- a/base.nix +++ b/base.nix @@ -36,6 +36,11 @@ with lib; default = false; description = "set a static ip of 10.0.2.15"; }; + not-os.extraStartup = mkOption { + type = types.nullOr types.lines; + default = null; + description = "extra lines to run during startup"; + }; networking.timeServers = mkOption { default = [ "0.nixos.pool.ntp.org" diff --git a/runit.nix b/runit.nix index 4c23d50..0925ac6 100644 --- a/runit.nix +++ b/runit.nix @@ -56,6 +56,8 @@ in ${pkgs.ntp}/bin/ntpdate ${toString config.networking.timeServers} ''} + ${if config.not-os.extraStartup != null then config.not-os.extraStartup else ""} + # disable DPMS on tty's echo -ne "\033[9;0]" > /dev/tty0 diff --git a/stage-1.nix b/stage-1.nix index 6d556f0..837a444 100644 --- a/stage-1.nix +++ b/stage-1.nix @@ -161,6 +161,7 @@ let mount $realroot /mnt || exec ${shell} fi chmod 755 /mnt/ + ${config.not-os.postMount} mkdir -p /mnt/nix/store/ @@ -201,6 +202,10 @@ in type = types.lines; default = ""; }; + not-os.postMount = mkOption { + type = types.lines; + default = ""; + }; boot.initrd.enable = mkOption { type = types.bool; default = true; From f136f2bcc3f52e76c0954088c5ca24473fcbd398 Mon Sep 17 00:00:00 2001 From: David Date: Sat, 18 May 2024 14:36:54 +0200 Subject: [PATCH 09/12] chore: dont use the alias --- base.nix | 2 +- system-path.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/base.nix b/base.nix index 5e51e68..39c93a8 100644 --- a/base.nix +++ b/base.nix @@ -74,7 +74,7 @@ with lib; environment.systemPackages = lib.optional config.not-os.nix pkgs.nix; nixpkgs.config = { packageOverrides = self: { - utillinux = self.utillinux.override { systemd = null; systemdSupport = false; }; + util-linux = self.util-linux.override { systemd = null; systemdSupport = false; }; dhcpcd = self.dhcpcd.override { udev = null; }; linux_rpixxx = self.linux_rpi.override { extraConfig = '' diff --git a/system-path.nix b/system-path.nix index 490197d..21dc195 100644 --- a/system-path.nix +++ b/system-path.nix @@ -6,7 +6,7 @@ with lib; let - requiredPackages = with pkgs; [ utillinux coreutils iproute iputils procps bashInteractive runit ]; + requiredPackages = with pkgs; [ util-linux coreutils iproute iputils procps bashInteractive runit ]; in { options = { From b6fc45aec1c97906c9ad26e60856c8c1209d9005 Mon Sep 17 00:00:00 2001 From: David Date: Sat, 18 May 2024 14:42:45 +0200 Subject: [PATCH 10/12] chore: add arch-wise console params to test instrumentation --- tests/test-instrumentation.nix | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/tests/test-instrumentation.nix b/tests/test-instrumentation.nix index 12500f1..3adf173 100644 --- a/tests/test-instrumentation.nix +++ b/tests/test-instrumentation.nix @@ -1,4 +1,9 @@ -{ pkgs, ... }: +{ pkgs,... }: let + qemuSerialDevice = + if with pkgs.stdenv.hostPlatform; isx86 || isLoongArch64 || isMips64 || isRiscV then "ttyS0" + else if (with pkgs.stdenv.hostPlatform; isAarch || isPower) then "ttyAMA0" + else throw "Unknown QEMU serial device for system '${pkgs.stdenv.hostPlatform.system}'"; +in { environment.etc = { @@ -18,7 +23,7 @@ cd /tmp exec < /dev/hvc0 > /dev/hvc0 - while ! exec 2> /dev/ttyS0; do sleep 0.1; done + while ! exec 2> /dev/${qemuSerialDevice}; do sleep 0.1; done echo "connecting to host..." >&2 stty -F /dev/hvc0 raw -echo # prevent nl -> cr/nl conversion echo @@ -26,5 +31,8 @@ ''; }; boot.initrd.availableKernelModules = [ "virtio_console" ]; - boot.kernelParams = [ "panic=-1" ]; + boot.kernelParams = [ + "console=${qemuSerialDevice}" + "panic=-1" + ]; } From a767b54578cad2d5ba53688fe29ac31facc702d1 Mon Sep 17 00:00:00 2001 From: David Date: Sat, 18 May 2024 14:43:45 +0200 Subject: [PATCH 11/12] feat: add qemu profile to test instrumentation --- tests/test-instrumentation.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/test-instrumentation.nix b/tests/test-instrumentation.nix index 3adf173..b57e194 100644 --- a/tests/test-instrumentation.nix +++ b/tests/test-instrumentation.nix @@ -6,6 +6,7 @@ in { + imports = [ ../qemu.nix ]; environment.etc = { "service/backdoor/run".source = pkgs.writeScript "backdoor_run" '' #!/bin/sh From 553fa52fc5f9f6962b005db790b20c4ba067f059 Mon Sep 17 00:00:00 2001 From: David Date: Sat, 18 May 2024 14:43:16 +0200 Subject: [PATCH 12/12] WIP: add eval-config interface --- default.nix | 65 ++++++++++------------------------------------ eval-config.nix | 68 +++++++++++++++++++++++++++++++++++++++++++++++++ module-list.nix | 20 +++++++++++++++ 3 files changed, 102 insertions(+), 51 deletions(-) create mode 100644 eval-config.nix create mode 100644 module-list.nix diff --git a/default.nix b/default.nix index 4828302..ad998be 100644 --- a/default.nix +++ b/default.nix @@ -1,59 +1,22 @@ { configuration ? import ./configuration.nix -, nixpkgs ? +, pkgs ? import { + inherit system; + platform = platform; + config = {}; + } , extraModules ? [] , system ? builtins.currentSystem , platform ? null -, crossSystem ? null }: - -let - pkgs = import nixpkgs { inherit system; platform = platform; config = {}; }; - pkgsModule = {config, ... }: { - _file = ./default.nix; - key = ./default.nix; - config = { - nixpkgs.pkgs = (import nixpkgs { - inherit system crossSystem; - #crossSystem = (import ).systems.examples.aarch64-multiplatform; - config = config.nixpkgs.config; - overlays = config.nixpkgs.overlays; - }); - nixpkgs.localSystem = { - inherit system; - } // pkgs.lib.optionalAttrs (crossSystem != null) { - inherit crossSystem; - }; - }; +, crossSystem ? null +}: let + inherit (import ./eval-config.nix { + nixpkgs = pkgs; + inherit extraModules; + }) evalModules; +in rec { + test1 = evalModules { + modules = [configuration]; }; - baseModules = [ - ./base.nix - ./system-path.nix - ./stage-1.nix - ./stage-2.nix - ./runit.nix - (nixpkgs + "/nixos/modules/system/etc/etc.nix") - (nixpkgs + "/nixos/modules/system/activation/activation-script.nix") - (nixpkgs + "/nixos/modules/misc/nixpkgs.nix") - (nixpkgs + "/nixos/modules/system/boot/kernel.nix") - (nixpkgs + "/nixos/modules/misc/assertions.nix") - (nixpkgs + "/nixos/modules/misc/lib.nix") - (nixpkgs + "/nixos/modules/config/sysctl.nix") - ./ipxe.nix - ./systemd-compat.nix - pkgsModule - ]; - other = { - _module.check = true; - _module.args = {}; - }; - evalConfig = modules: pkgs.lib.evalModules { - prefix = []; - modules = modules ++ baseModules ++ [ pkgsModule other ] ++ extraModules; - }; -in -rec { - test1 = evalConfig [ - configuration - ]; runner = test1.config.system.build.runvm; config = test1.config; } diff --git a/eval-config.nix b/eval-config.nix new file mode 100644 index 0000000..a61ac28 --- /dev/null +++ b/eval-config.nix @@ -0,0 +1,68 @@ +{ nixpkgs +, baseModules ? import ./module-list.nix +, extraModules ? [] +}: +let + nixos-lib = import (nixpkgs + /nixos/lib) { + featureFlags.minimalModules = true; + }; + + modulesModule = { + config = { + _module.args = { + inherit baseModules extraModules; + }; + }; + }; + + evalModules = {modules}: nixos-lib.evalModules { + prefix = []; + specialArgs = { + notOSmodulesPath = builtins.toString ./.; + }; + modules = modules ++ baseModules ++ extraModules ++ [ + modulesModule + ]; + }; + + /* This specifies the testing node type which governs the + module system that is applied to each node. + + In our case, it needs to be the not os module set. + + It also consumes the defaults set for all nodes as well as, + by convention of the nixos testing framework, node wise + specialArgs. + + We ignore config.extraBaseModules, however: + use extraModules, instead. + + */ + nodeType = {config, hostPkgs, ...}: { + node.type = (nixos-lib.evalModules { + prefix = []; + specialArgs = { + notOSmodulesPath = builtins.toString ./.; + } // config.node.specialArgs; + modules = [config.defaults] ++ baseModules ++ extraModules ++ [ + modulesModule + ./tests/test-instrumentation.nix + ]; + }).type; + }; + + evalTest = module: nixos-lib.evalTest { + imports = [ + module + nodeType + ]; + }; + runTest = module: nixos-lib.runTest { + imports = [ + module + nodeType + ]; + }; +in { + inherit evalModules evalTest runTest; +} diff --git a/module-list.nix b/module-list.nix new file mode 100644 index 0000000..c222ed2 --- /dev/null +++ b/module-list.nix @@ -0,0 +1,20 @@ +let + nixos = path: {modulesPath, ...}: { + imports = [(modulesPath + path)]; + }; +in [ + ./base.nix + ./system-path.nix + ./stage-1.nix + ./stage-2.nix + ./runit.nix + ./ipxe.nix + ./systemd-compat.nix + (nixos "/system/etc/etc.nix") + (nixos "/system/activation/activation-script.nix") + (nixos "/misc/nixpkgs.nix") + (nixos "/system/boot/kernel.nix") + (nixos "/misc/assertions.nix") + (nixos "/misc/lib.nix") + (nixos "/config/sysctl.nix") +]