Actually working (probably) root on tmpfs

This commit is contained in:
Jack O'Sullivan 2022-02-11 01:15:24 +00:00
parent ee353607d2
commit 99f7f80ec5
10 changed files with 160 additions and 28 deletions

3
.gitignore vendored
View File

@ -1,2 +1,3 @@
result* result*
*.qcow2 /.vms/*
!/.vms/.gitkeep

0
.vms/.gitkeep Normal file
View File

View File

@ -1,5 +1,13 @@
{ lib, pkgs, inputs, ... }: { lib, pkgs, inputs, ... }:
{ {
fileSystems = {
"/persist" = {
device = "/dev/disk/by-label/persist";
fsType = "ext4";
neededForBoot = true;
};
};
my = { my = {
server.enable = true; server.enable = true;
}; };

41
flake.lock generated
View File

@ -60,11 +60,11 @@
}, },
"flake-utils": { "flake-utils": {
"locked": { "locked": {
"lastModified": 1642700792, "lastModified": 1644229661,
"narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "846b2ae0fc4cc943637d3d1def4454213e203cba", "rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -80,11 +80,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1643933104, "lastModified": 1644534280,
"narHash": "sha256-NZPuFxRsZKN8pjRuHPpzlMyt6JQhcjiduBG8bMghSjE=", "narHash": "sha256-Gzf/Jq/F1vvTp6XkzPU+pBCj3OSAFLiR7f0ptwRseiI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "63dccc4e60422c1db2c3929b2fd1541f36b7e664", "rev": "6d9d9294d09b5e88df65f8c6651efb8a4d7d2476",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -93,6 +93,22 @@
"type": "github" "type": "github"
} }
}, },
"impermanence": {
"locked": {
"lastModified": 1644541943,
"narHash": "sha256-bMiRtPs3xh8S3duX7JiWLZdUZi7RwktpXGhykCdCroE=",
"owner": "devplayer0",
"repo": "impermanence",
"rev": "4bfa7f8b6844be7172264c1f7c11ac0c89027f79",
"type": "github"
},
"original": {
"owner": "devplayer0",
"ref": "qemu-vm-dirs",
"repo": "impermanence",
"type": "github"
}
},
"lowdown-src": { "lowdown-src": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -161,11 +177,11 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1643788601, "lastModified": 1644193793,
"narHash": "sha256-6l5Ax44pC/Oo/Muj5Y/NA27Pd38Wty/7GtGSSmYNug4=", "narHash": "sha256-ggCI5LCXwkUJQwjpkr9qDFbQMiK3JvAfeNR4Uy0ny5Q=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "f6ddd55d5f9d5eca08df138c248008c1ba73ecec", "rev": "521e4d7d13b09bc0a21976b9d19abd197d4e3b1e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -176,11 +192,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1643805626, "lastModified": 1644420267,
"narHash": "sha256-AXLDVMG+UaAGsGSpOtQHPIKB+IZ0KSd9WS77aanGzgc=", "narHash": "sha256-rFJuctggkjM412OC6OGPdXogFp7czGDW05ueWqpJbj8=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "554d2d8aa25b6e583575459c297ec23750adb6cb", "rev": "98bb5b77c8c6666824a4c13d23befa1e07210ef1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -195,6 +211,7 @@
"deploy-rs": "deploy-rs", "deploy-rs": "deploy-rs",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"home-manager": "home-manager", "home-manager": "home-manager",
"impermanence": "impermanence",
"nix": "nix", "nix": "nix",
"nixpkgs-stable": "nixpkgs-stable", "nixpkgs-stable": "nixpkgs-stable",
"nixpkgs-unstable": "nixpkgs-unstable" "nixpkgs-unstable": "nixpkgs-unstable"

View File

@ -8,14 +8,18 @@
# For extra-stable systems # For extra-stable systems
nixpkgs-stable.url = "nixpkgs/nixos-21.11"; nixpkgs-stable.url = "nixpkgs/nixos-21.11";
nix.url = "nix/latest-release"; # Stuff used by the flake for build / deployment
agenix.url = "github:ryantm/agenix"; agenix.url = "github:ryantm/agenix";
agenix.inputs.nixpkgs.follows = "nixpkgs-unstable"; agenix.inputs.nixpkgs.follows = "nixpkgs-unstable";
deploy-rs.url = "github:serokell/deploy-rs"; deploy-rs.url = "github:serokell/deploy-rs";
deploy-rs.inputs.nixpkgs.follows = "nixpkgs-unstable"; deploy-rs.inputs.nixpkgs.follows = "nixpkgs-unstable";
home-manager.url = "github:nix-community/home-manager"; home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs-unstable"; home-manager.inputs.nixpkgs.follows = "nixpkgs-unstable";
# Stuff used by systems
nix.url = "nix/latest-release";
#impermanence.url = "github:nix-community/impermanence";
impermanence.url = "github:devplayer0/impermanence/qemu-vm-dirs";
}; };
outputs = outputs =
@ -26,7 +30,6 @@
nixpkgs-unstable, nixpkgs-stable, nixpkgs-unstable, nixpkgs-stable,
nix,
agenix, agenix,
deploy-rs, deploy-rs,
@ -60,12 +63,14 @@
imports = [ (import path') ]; imports = [ (import path') ];
}) { }) {
common = "common.nix"; common = "common.nix";
build = "build.nix";
tmproot = "tmproot.nix"; tmproot = "tmproot.nix";
server = "server.nix"; server = "server.nix";
}; };
nixosConfigurations = import ./systems.nix { inherit lib pkgsFlakes inputs; modules = self.nixosModules; }; nixosConfigurations = import ./systems.nix { inherit lib pkgsFlakes inputs; modules = self.nixosModules; };
vms = mapAttrs (_: system: system.config.system.build.vm) self.nixosConfigurations; systems = mapAttrs (_: system: system.config.system.build.toplevel) self.nixosConfigurations;
vms = mapAttrs (_: system: system.config.my.build.devVM) self.nixosConfigurations;
apps = apps =
let apps' = {} let apps' = {}

31
modules/build.nix Normal file
View File

@ -0,0 +1,31 @@
{ lib, extendModules, modulesPath, options, config, ... }:
let
inherit (lib) mkOption;
inherit (lib.my) mkBoolOpt;
cfg = config.my.build;
# TODO: This is broken on 21.11 (https://github.com/NixOS/nixpkgs/issues/148343)
asDevVM = extendModules {
modules = [
(import "${modulesPath}/virtualisation/qemu-vm.nix")
({ config, ... }: {
my.boot.isDevVM = true;
})
];
};
in {
options.my = with lib.types; {
boot.isDevVM = mkBoolOpt false;
build = options.system.build;
asDevVM = mkOption {
inherit (asDevVM) type;
default = {};
visible = "shallow";
};
};
config.my.build = {
devVM = config.my.asDevVM.system.build.vm;
};
}

View File

@ -44,6 +44,29 @@
experimental-features = nix-command flakes ca-derivations experimental-features = nix-command flakes ca-derivations
''; '';
}; };
nixpkgs = {
config = {
allowUnfree = true;
};
};
boot = {
# Use latest LTS release by default
kernelPackages = mkDefault pkgs.linuxKernel.packages.linux_5_15;
loader = {
efi = {
efiSysMountPoint = mkDefault "/boot";
canTouchEfiVariables = mkDefault false;
};
systemd-boot = {
enable = mkDefault true;
editor = mkDefault true;
consoleMode = mkDefault "max";
configurationLimit = mkDefault 10;
memtest86.enable = mkDefault true;
};
};
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
bash-completion bash-completion

View File

@ -1,7 +1,7 @@
{ lib, pkgs, inputs, config, ... }: { lib, pkgs, inputs, config, ... }@args:
let let
inherit (lib) concatStringsSep mkIf mkDefault mkAliasDefinitions; inherit (lib) any concatStringsSep mkIf mkDefault mkMerge mkVMOverride;
inherit (lib.my) mkOpt mkBoolOpt; inherit (lib.my) mkOpt mkBoolOpt mkVMOverride';
cfg = config.my.tmproot; cfg = config.my.tmproot;
@ -45,17 +45,63 @@
recurse(base) recurse(base)
''; '';
rootDef = {
device = "yeet";
fsType = "tmpfs";
options = [ "size=${cfg.size}" ];
};
in { in {
imports = [ inputs.impermanence.nixosModules.impermanence ];
options.my.tmproot = with lib.types; { options.my.tmproot = with lib.types; {
enable = mkBoolOpt true; enable = mkBoolOpt true;
persistDir = mkOpt str "/persist";
size = mkOpt str "2G";
ignoreUnsaved = mkOpt (listOf str) [ ignoreUnsaved = mkOpt (listOf str) [
"/tmp" "/tmp"
]; ];
}; };
config = mkIf cfg.enable { config = mkMerge [
(mkIf cfg.enable {
assertions = [
{
assertion = config.fileSystems ? "${cfg.persistDir}";
message = "The 'fileSystems' option does not specify your persistence file system (${cfg.persistDir}).";
}
];
environment.systemPackages = [ environment.systemPackages = [
(pkgs.writeScriptBin "tmproot-unsaved" showUnsaved) (pkgs.writeScriptBin "tmproot-unsaved" showUnsaved)
]; ];
environment.persistence."${cfg.persistDir}" = {
hideMounts = mkDefault true;
directories = [
"/var/log"
];
files = [
"/etc/machine-id"
];
}; };
fileSystems."/" = rootDef;
# If we need to override any VM-specific options that the modules system won't know about this early
my.asDevVM.config.virtualisation = {
diskImage = "./.vms/${config.system.name}-persist.qcow2";
};
})
(mkIf (cfg.enable && config.my.boot.isDevVM) {
fileSystems = mkVMOverride {
"/" = mkVMOverride' rootDef;
# Hijack the "root" device for persistence in the VM
"${cfg.persistDir}" = {
device = config.virtualisation.bootDevice;
neededForBoot = true;
};
};
})
];
} }

View File

@ -18,7 +18,7 @@
in mapAttrs mkSystem { in mapAttrs mkSystem {
colony = { colony = {
system = "x86_64-linux"; system = "x86_64-linux";
nixpkgs = "stable"; nixpkgs = "unstable";
config = boxes/colony.nix; config = boxes/colony.nix;
}; };
} }

View File

@ -1,6 +1,6 @@
{ lib }: { lib }:
let let
inherit (lib) genAttrs mapAttrs' types mkOption; inherit (lib) genAttrs mapAttrs' types mkOption mkOverride;
inherit (lib.flake) defaultSystems; inherit (lib.flake) defaultSystems;
in { in {
addPrefix = prefix: mapAttrs' (n: v: { name = "${prefix}${n}"; value = v; }); addPrefix = prefix: mapAttrs' (n: v: { name = "${prefix}${n}"; value = v; });
@ -12,4 +12,5 @@
type = types.bool; type = types.bool;
example = true; example = true;
}; };
mkVMOverride' = mkOverride 9;
} }