kexec nixos anywhere

base.nix

@@ -22,6 +22,10 @@ with lib;
       type = types.bool;
       description = "enable nix-daemon and a writeable store";
     };
+    not-os.dhcp = mkOption {
+      type = types.bool;
+      description = "enable dhcp initial discovery on startup";
+    };
     not-os.rngd = mkOption {
       type = types.bool;
       description = "enable rngd";
@@ -32,6 +36,11 @@ with lib;
       default = false;
       description = "set a static ip of 10.0.2.15";
     };
+    not-os.extraStartup = mkOption {
+      type = types.nullOr types.lines;
+      default = null;
+      description = "extra lines to run during startup";
+    };
     networking.timeServers = mkOption {
       default = [
         "0.nixos.pool.ntp.org"
@@ -65,7 +74,7 @@ with lib;
     environment.systemPackages = lib.optional config.not-os.nix pkgs.nix;
     nixpkgs.config = {
       packageOverrides = self: {
-        utillinux = self.utillinux.override { systemd = null; systemdSupport = false; };
+        util-linux = self.util-linux.override { systemd = null; systemdSupport = false; };
         dhcpcd = self.dhcpcd.override { udev = null; };
         linux_rpixxx = self.linux_rpi.override {
           extraConfig = ''
@@ -99,6 +108,7 @@ with lib;
       passwd.text = ''
         root:x:0:0:System administrator:/root:/run/current-system/sw/bin/bash
         sshd:x:498:65534:SSH privilege separation user:/var/empty:/run/current-system/sw/bin/nologin
+        dhcpcd:x:499:65534:DHCP Client privilege separation user:/var/empty:/run/current-system/sw/bin/nologin
         toxvpn:x:1010:65534::/var/lib/toxvpn:/run/current-system/sw/bin/nologin
         nixbld1:x:30001:30000:Nix build user 1:/var/empty:/run/current-system/sw/bin/nologin
         nixbld2:x:30002:30000:Nix build user 2:/var/empty:/run/current-system/sw/bin/nologin
@@ -120,10 +130,6 @@ with lib;
         root:x:0:
         nixbld:x:30000:nixbld1,nixbld10,nixbld2,nixbld3,nixbld4,nixbld5,nixbld6,nixbld7,nixbld8,nixbld9
       '';
-      "ssh/ssh_host_rsa_key.pub".source = ./ssh/ssh_host_rsa_key.pub;
-      "ssh/ssh_host_rsa_key" = { mode = "0600"; source = ./ssh/ssh_host_rsa_key; };
-      "ssh/ssh_host_ed25519_key.pub".source = ./ssh/ssh_host_ed25519_key.pub;
-      "ssh/ssh_host_ed25519_key" = { mode = "0600"; source = ./ssh/ssh_host_ed25519_key; };
     };
     boot.kernelParams = [ "systemConfig=${config.system.build.toplevel}" ];
     boot.kernelPackages = lib.mkDefault (if pkgs.system == "armv7l-linux" then pkgs.linuxPackages_rpi1 else pkgs.linuxPackages);
@@ -155,6 +161,23 @@ with lib;
       # dummy to make setup-etc happy
     '';
     system.activationScripts.etc = stringAfter [ "users" "groups" ] config.system.build.etcActivationCommands;
+    # Re-apply deprecated var value due to systemd preference in recent nixpkgs
+    # See https://github.com/NixOS/nixpkgs/commit/59e37267556eb917146ca3110ab7c96905b9ffbd
+    system.activationScripts.var = lib.mkForce ''
+      # Various log/runtime directories.
+
+      mkdir -p /var/tmp
+      chmod 1777 /var/tmp
+
+      # Empty, immutable home directory of many system accounts.
+      mkdir -p /var/empty
+      # Make sure it's really empty
+      ${pkgs.e2fsprogs}/bin/chattr -f -i /var/empty || true
+      find /var/empty -mindepth 1 -delete
+      chmod 0555 /var/empty
+      chown root:root /var/empty
+      ${pkgs.e2fsprogs}/bin/chattr -f +i /var/empty || true
+    '';
 
     # nix-build -A system.build.toplevel && du -h $(nix-store -qR result) --max=0 -BM|sort -n
     system.build.toplevel = pkgs.runCommand "not-os" {

default.nix

@@ -1,59 +1,22 @@
 { configuration ? import ./configuration.nix
-, nixpkgs ? <nixpkgs>
+, pkgs ? import <nixpkgs> {
+    inherit system;
+    platform = platform;
+    config = {};
+ }
 , extraModules ? []
 , system ? builtins.currentSystem
 , platform ? null
-, crossSystem ? null }:
-
-let
-  pkgs = import nixpkgs { inherit system; platform = platform; config = {}; };
-  pkgsModule = {config, ... }: {
-    _file = ./default.nix;
-    key = ./default.nix;
-    config = {
-      nixpkgs.pkgs = (import nixpkgs {
-        inherit system crossSystem;
-        #crossSystem = (import <nixpkgs/lib>).systems.examples.aarch64-multiplatform;
-        config = config.nixpkgs.config;
-        overlays = config.nixpkgs.overlays;
-      });
-      nixpkgs.localSystem = {
-        inherit system;
-      } // pkgs.lib.optionalAttrs (crossSystem != null) {
-        inherit crossSystem;
-      };
-    };
+, crossSystem ? null
+}: let
+  inherit (import ./eval-config.nix {
+    nixpkgs = pkgs;
+    inherit extraModules;
+  }) evalModules;
+in rec {
+  test1 = evalModules {
+    modules = [configuration];
   };
-  baseModules = [
-      ./base.nix
-      ./system-path.nix
-      ./stage-1.nix
-      ./stage-2.nix
-      ./runit.nix
-      (nixpkgs + "/nixos/modules/system/etc/etc.nix")
-      (nixpkgs + "/nixos/modules/system/activation/activation-script.nix")
-      (nixpkgs + "/nixos/modules/misc/nixpkgs.nix")
-      (nixpkgs + "/nixos/modules/system/boot/kernel.nix")
-      (nixpkgs + "/nixos/modules/misc/assertions.nix")
-      (nixpkgs + "/nixos/modules/misc/lib.nix")
-      (nixpkgs + "/nixos/modules/config/sysctl.nix")
-      ./ipxe.nix
-      ./systemd-compat.nix
-      pkgsModule
-  ];
-  other = {
-    _module.check = true;
-    _module.args = {};
-  };
-  evalConfig = modules: pkgs.lib.evalModules {
-    prefix = [];
-    modules = modules ++ baseModules ++ [ pkgsModule other ] ++ extraModules;
-  };
-in
-rec {
-  test1 = evalConfig [
-    configuration
-  ];
   runner = test1.config.system.build.runvm;
   config = test1.config;
 }

eval-config.nix

@@ -0,0 +1,68 @@
+{ nixpkgs
+, baseModules ? import ./module-list.nix
+, extraModules ? []
+}:
+let
+  nixos-lib = import (nixpkgs + /nixos/lib) {
+    featureFlags.minimalModules = true;
+  };
+
+  modulesModule = {
+    config = {
+      _module.args = {
+        inherit baseModules extraModules;
+      };
+    };
+  };
+
+  evalModules = {modules}: nixos-lib.evalModules {
+    prefix = [];
+    specialArgs = {
+      notOSmodulesPath = builtins.toString ./.;
+    };
+    modules = modules ++ baseModules ++ extraModules ++ [
+      modulesModule
+    ];
+  };
+
+  /* This specifies the testing node type which governs the
+  module system that is applied to each node.
+
+  In our case, it needs to be the not os module set.
+
+  It also consumes the defaults set for all nodes as well as,
+  by convention of the nixos testing framework, node wise
+  specialArgs.
+
+  We ignore config.extraBaseModules, however:
+  use extraModules, instead.
+
+  */
+  nodeType = {config, hostPkgs, ...}: {
+    node.type = (nixos-lib.evalModules {
+      prefix = [];
+      specialArgs = {
+        notOSmodulesPath = builtins.toString ./.;
+      } // config.node.specialArgs;
+      modules = [config.defaults] ++ baseModules ++ extraModules ++ [
+        modulesModule
+        ./tests/test-instrumentation.nix
+      ];
+    }).type;
+  };
+
+  evalTest = module: nixos-lib.evalTest {
+    imports = [
+      module
+      nodeType
+    ];
+  };
+  runTest = module: nixos-lib.runTest {
+    imports = [
+      module
+      nodeType
+    ];
+  };
+in {
+  inherit evalModules evalTest runTest;
+}

module-list.nix

@@ -0,0 +1,20 @@
+let
+  nixos = path: {modulesPath, ...}: {
+    imports = [(modulesPath + path)];
+  };
+in [
+  ./base.nix
+  ./system-path.nix
+  ./stage-1.nix
+  ./stage-2.nix
+  ./runit.nix
+  ./ipxe.nix
+  ./systemd-compat.nix
+  (nixos "/system/etc/etc.nix")
+  (nixos "/system/activation/activation-script.nix")
+  (nixos "/misc/nixpkgs.nix")
+  (nixos "/system/boot/kernel.nix")
+  (nixos "/misc/assertions.nix")
+  (nixos "/misc/lib.nix")
+  (nixos "/config/sysctl.nix")
+]

runit.nix

@@ -2,7 +2,6 @@
 
 let
   sshd_config = pkgs.writeText "sshd_config" ''
-    HostKey /etc/ssh/ssh_host_rsa_key
     HostKey /etc/ssh/ssh_host_ed25519_key
     Port 22
     PidFile /run/sshd.pid
@@ -30,25 +29,40 @@ in
     {
       "runit/1".source = pkgs.writeScript "1" ''
         #!${pkgs.runtimeShell}
+
+        ED25519_KEY="/etc/ssh/ssh_host_ed25519_key"
+
+        if [ ! -f $ED25519_KEY ]; then
+          ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $ED25519_KEY -N ""
+        fi
+
         ${lib.optionalString config.not-os.simpleStaticIp ''
         ip addr add 10.0.2.15 dev eth0
         ip link set eth0 up
         ip route add 10.0.2.0/24 dev eth0
         ip  route add default via 10.0.2.2 dev eth0
         ''}
+
         mkdir /bin/
         ln -s ${pkgs.runtimeShell} /bin/sh
 
+        ${lib.optionalString config.not-os.dhcp ''
+          mkdir -p /var/db/dhcpcd /var/run/dhcpcd
+          touch /etc/dhcpcd.conf
+          ${pkgs.dhcpcd}/sbin/dhcpcd --oneshot
+        ''}
+
         ${lib.optionalString (config.networking.timeServers != []) ''
           ${pkgs.ntp}/bin/ntpdate ${toString config.networking.timeServers}
         ''}
 
+        ${if config.not-os.extraStartup != null then config.not-os.extraStartup else ""}
+
         # disable DPMS on tty's
         echo -ne "\033[9;0]" > /dev/tty0
 
         touch /etc/runit/stopit
         chmod 0 /etc/runit/stopit
-        ${if true then "" else "${pkgs.dhcpcd}/sbin/dhcpcd"}
       '';
       "runit/2".source = pkgs.writeScript "2" ''
         #!${pkgs.runtimeShell}
@@ -61,17 +75,27 @@ in
       '';
       "service/sshd/run".source = pkgs.writeScript "sshd_run" ''
         #!${pkgs.runtimeShell}
-        ${pkgs.openssh}/bin/sshd -f ${sshd_config}
+        echo Start ssh daemon
+        ${pkgs.openssh}/bin/sshd -D -e -f ${sshd_config}
       '';
       "service/nix/run".source = pkgs.writeScript "nix" ''
         #!${pkgs.runtimeShell}
+        echo Start nix daemon
         nix-store --load-db < /nix/store/nix-path-registration
         nix-daemon
       '';
     }
+    (lib.mkIf config.not-os.dhcp {
+      "service/dhcp/run".source = pkgs.writeScript "dhcp_run" ''
+        #!${pkgs.runtimeShell}
+        echo Start dhcp client
+        ${pkgs.dhcpcd}/sbin/dhcpcd --background
+      '';
+    })
     (lib.mkIf config.not-os.rngd {
       "service/rngd/run".source = pkgs.writeScript "rngd" ''
         #!${pkgs.runtimeShell}
+        ecoh Start rng daemon
         export PATH=$PATH:${pkgs.rng-tools}/bin
         exec rngd -r /dev/hwrng
       '';