diff --git a/nixos/maintainers/scripts/azure-new/.gitignore b/nixos/maintainers/scripts/azure-new/.gitignore new file mode 100644 index 000000000000..26905a862347 --- /dev/null +++ b/nixos/maintainers/scripts/azure-new/.gitignore @@ -0,0 +1 @@ +azure \ No newline at end of file diff --git a/nixos/maintainers/scripts/azure-new/README.md b/nixos/maintainers/scripts/azure-new/README.md new file mode 100644 index 000000000000..1bc8d8a29384 --- /dev/null +++ b/nixos/maintainers/scripts/azure-new/README.md @@ -0,0 +1,30 @@ +# azure + +## Demo + +Here's a demo of this being used: https://asciinema.org/a/euXb9dIeUybE3VkstLWLbvhmp + +## Usage + +Build and upload the image +```shell +$ ./upload-image.sh ./examples/basic/image.nix + +... ++ attr=azbasic ++ nix-build ./examples/basic/image.nix --out-link azure +/nix/store/qdpzknpskzw30vba92mb24xzll1dqsmd-azure-image +... +95.5 %, 0 Done, 0 Failed, 1 Pending, 0 Skipped, 1 Total, 2-sec Throughput (Mb/s): 932.9565 +... +/subscriptions/aff271ee-e9be-4441-b9bb-42f5af4cbaeb/resourceGroups/nixos-images/providers/Microsoft.Compute/images/azure-image-todo-makethisbetter +``` + +Take the output, boot an Azure VM: + +``` +img="/subscriptions/.../..." # use output from last command +./boot-vm.sh "${img}" +... +=> booted +``` diff --git a/nixos/maintainers/scripts/azure-new/boot-vm.sh b/nixos/maintainers/scripts/azure-new/boot-vm.sh new file mode 100755 index 000000000000..1ce3a5f9db1e --- /dev/null +++ b/nixos/maintainers/scripts/azure-new/boot-vm.sh @@ -0,0 +1,36 @@ +#!/usr/bin/env bash +set -euo pipefail +set -x + +image="${1}" +location="westus2" +group="nixos-test-vm" +vm_size="Standard_D2s_v3"; os_size=42; + +# ensure group +az group create --location "westus2" --name "${group}" +group_id="$(az group show --name "${group}" -o tsv --query "[id]")" + +# (optional) identity +if ! az identity show -n "${group}-identity" -g "${group}" &>/dev/stderr; then + az identity create --name "${group}-identity" --resource-group "${group}" +fi + +# (optional) role assignment, to the resource group, bad but not really great alternatives +identity_id="$(az identity show --name "${group}-identity" --resource-group "${group}" -o tsv --query "[id]")" +principal_id="$(az identity show --name "${group}-identity" --resource-group "${group}" -o tsv --query "[principalId]")" +until az role assignment create --assignee "${principal_id}" --role "Owner" --scope "${group_id}"; do sleep 1; done + +# boot vm +az vm create \ + --name "${group}-vm" \ + --resource-group "${group}" \ + --assign-identity "${identity_id}" \ + --size "${vm_size}" \ + --os-disk-size-gb "${os_size}" \ + --image "${image}" \ + --admin-username "${USER}" \ + --location "westus2" \ + --storage-sku "Premium_LRS" \ + --ssh-key-values "$(ssh-add -L)" + diff --git a/nixos/maintainers/scripts/azure-new/common.sh b/nixos/maintainers/scripts/azure-new/common.sh new file mode 100644 index 000000000000..eb87c3e06501 --- /dev/null +++ b/nixos/maintainers/scripts/azure-new/common.sh @@ -0,0 +1,7 @@ +export group="${AZURE_RESOURCE_GROUP:-"azure"}" +export location="${AZURE_LOCATION:-"westus2"}" + +img_file=$(echo azure/*.vhd) +img_name="$(basename "${img_file}")" +img_name="${img_name%".vhd"}" +export img_name="${img_name//[._]/-}" diff --git a/nixos/maintainers/scripts/azure-new/examples/basic/image.nix b/nixos/maintainers/scripts/azure-new/examples/basic/image.nix new file mode 100644 index 000000000000..74b128151587 --- /dev/null +++ b/nixos/maintainers/scripts/azure-new/examples/basic/image.nix @@ -0,0 +1,10 @@ +let + pkgs = (import {}); + machine = import "${pkgs.path}/nixos/lib/eval-config.nix" { + system = "x86_64-linux"; + modules = [ + ({config, ...}: { imports = [ ./system.nix ]; }) + ]; + }; +in + machine.config.system.build.azureImage diff --git a/nixos/maintainers/scripts/azure-new/examples/basic/system.nix b/nixos/maintainers/scripts/azure-new/examples/basic/system.nix new file mode 100644 index 000000000000..7e4d245d6ccf --- /dev/null +++ b/nixos/maintainers/scripts/azure-new/examples/basic/system.nix @@ -0,0 +1,42 @@ +{ pkgs, modulesPath, ... }: + +{ + imports = [ + "${modulesPath}/virtualisation/azure-common.nix" + "${modulesPath}/virtualisation/azure-image.nix" + ]; + + ##### test user ###### + users.extraGroups."cole".gid = 1000; + users.extraUsers."cole" = { + isNormalUser = true; + home = "/home/cole"; + description = "Cole Mickens"; + openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC9YAN+P0umXeSP/Cgd5ZvoD5gpmkdcrOjmHdonvBbptbMUbI/Zm0WahBDK0jO5vfJ/C6A1ci4quMGCRh98LRoFKFRoWdwlGFcFYcLkuG/AbE8ObNLHUxAwqrdNfIV6z0+zYi3XwVjxrEqyJ/auZRZ4JDDBha2y6Wpru8v9yg41ogeKDPgHwKOf/CKX77gCVnvkXiG5ltcEZAamEitSS8Mv8Rg/JfsUUwULb6yYGh+H6RECKriUAl9M+V11SOfv8MAdkXlYRrcqqwuDAheKxNGHEoGLBk+Fm+orRChckW1QcP89x6ioxpjN9VbJV0JARF+GgHObvvV+dGHZZL1N3jr8WtpHeJWxHPdBgTupDIA5HeL0OCoxgSyyfJncMl8odCyUqE+lqXVz+oURGeRxnIbgJ07dNnX6rFWRgQKrmdV4lt1i1F5Uux9IooYs/42sKKMUQZuBLTN4UzipPQM/DyDO01F0pdcaPEcIO+tp2U6gVytjHhZqEeqAMaUbq7a6ucAuYzczGZvkApc85nIo9jjW+4cfKZqV8BQfJM1YnflhAAplIq6b4Tzayvw1DLXd2c5rae+GlVCsVgpmOFyT6bftSon/HfxwBE4wKFYF7fo7/j6UbAeXwLafDhX+S5zSNR6so1epYlwcMLshXqyJePJNhtsRhpGLd9M3UqyGDAFoOQ== (none)"]; + #mkpasswd -m sha-512 + hashedPassword = "$6$k.vT0coFt3$BbZN9jqp6Yw75v9H/wgFs9MZfd5Ycsfthzt3Jdw8G93YhaiFjkmpY5vCvJ.HYtw0PZOye6N9tBjNS698tM3i/1"; + uid = 1000; + group = "cole"; + }; + nix.trustedUsers = [ "cole" ]; + ##### test user ###### + + virtualisation.azureImage.diskSize = 2500; + + system.stateVersion = "20.03"; + networking.hostName = "azbuildworld"; + boot.kernelPackages = pkgs.linuxPackages_latest; + + #environment.noXlibs = true; + #documentation.enable = false; + #documentation.nixos.enable = false; + + services.openssh.passwordAuthentication = false; + programs.mosh.enable = true; + + security.sudo.wheelNeedsPassword = false; + + environment.systemPackages = with pkgs; [ + git neovim jq file htop ripgrep cachix wget curl tmux zsh + ]; +} diff --git a/nixos/maintainers/scripts/azure-new/shell.nix b/nixos/maintainers/scripts/azure-new/shell.nix new file mode 100644 index 000000000000..592f1bf9056e --- /dev/null +++ b/nixos/maintainers/scripts/azure-new/shell.nix @@ -0,0 +1,13 @@ +with (import ../../../../default.nix {}); +stdenv.mkDerivation { + name = "nixcfg-azure-devenv"; + + nativeBuildInputs = [ + azure-cli + bash + cacert + azure-storage-azcopy + ]; + + AZURE_CONFIG_DIR="/tmp/azure-cli/.azure"; +} diff --git a/nixos/maintainers/scripts/azure-new/upload-image.sh b/nixos/maintainers/scripts/azure-new/upload-image.sh new file mode 100755 index 000000000000..4f3da6778e89 --- /dev/null +++ b/nixos/maintainers/scripts/azure-new/upload-image.sh @@ -0,0 +1,55 @@ +#!/usr/bin/env bash +set -euo pipefail +set -x + +attr="${1:-"azbasic"}" + +nix-build ./examples/basic/image.nix --out-link "azure" + +group="nixos-images" +location="westus2" +img_name="azure-image-todo-makethisbetter" # TODO: clean this up +img_file="$(readlink -f ./azure/disk.vhd)" # TODO: this doesn't feel great either + +if ! az group show -n "${group}" &>/dev/null; then + az group create --name "${group}" --location "${location}" +fi + +if ! az disk show -g "${group}" -n "${img_name}" &>/dev/null; then + bytes="$(stat -c %s ${img_file})" + size="30" + az disk create \ + --resource-group "${group}" \ + --name "${img_name}" \ + --for-upload true --upload-size-bytes "${bytes}" + + timeout=$(( 60 * 60 )) # disk access token timeout + sasurl="$(\ + az disk grant-access \ + --access-level Write \ + --resource-group "${group}" \ + --name "${img_name}" \ + --duration-in-seconds ${timeout} \ + | jq -r '.accessSas' + )" + + azcopy copy "${img_file}" "${sasurl}" \ + --blob-type PageBlob + + az disk revoke-access \ + --resource-group "${group}" \ + --name "${img_name}" +fi + +if ! az image show -g "${group}" -n "${img_name}" &>/dev/null; then + diskid="$(az disk show -g "${group}" -n "${img_name}" -o json | jq -r .id)" + + az image create \ + --resource-group "${group}" \ + --name "${img_name}" \ + --source "${diskid}" \ + --os-type "linux" >/dev/null +fi + +imageid="$(az image show -g "${group}" -n "${img_name}" -o json | jq -r .id)" +echo "${imageid}" diff --git a/nixos/modules/virtualisation/azure-image.nix b/nixos/modules/virtualisation/azure-image.nix index 94c48b59a7d2..21fd58e5c902 100644 --- a/nixos/modules/virtualisation/azure-image.nix +++ b/nixos/modules/virtualisation/azure-image.nix @@ -21,6 +21,7 @@ in name = "azure-image"; postVM = '' ${pkgs.vmTools.qemu}/bin/qemu-img convert -f raw -o subformat=fixed,force_size -O vpc $diskImage $out/disk.vhd + rm $diskImage ''; configFile = ./azure-config-user.nix; format = "raw";