From a034fb50f79816c6738fb48b48503b09ea3b0132 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Tue, 8 Oct 2024 11:27:01 +0200 Subject: [PATCH] Format --- nixos/modules/profiles/nix-builder-vm.nix | 82 ++++++++++++++--------- 1 file changed, 51 insertions(+), 31 deletions(-) diff --git a/nixos/modules/profiles/nix-builder-vm.nix b/nixos/modules/profiles/nix-builder-vm.nix index 00768b1297ba..fcaca974f302 100644 --- a/nixos/modules/profiles/nix-builder-vm.nix +++ b/nixos/modules/profiles/nix-builder-vm.nix @@ -5,8 +5,13 @@ It contains both the relevant guest settings as well as an installer script that manages it as a QEMU virtual machine on the host. - */ -{ config, lib, options, ... }: +*/ +{ + config, + lib, + options, + ... +}: let keysDirectory = "/var/keys"; @@ -31,7 +36,10 @@ in ]; # swraid's default depends on stateVersion config.boot.swraid.enable = false; - options.boot.isContainer = lib.mkOption { default = false; internal = true; }; + options.boot.isContainer = lib.mkOption { + default = false; + internal = true; + }; } ]; @@ -67,13 +75,13 @@ in ''; }; workingDirectory = mkOption { - default = "."; - type = types.str; - example = "/var/lib/darwin-builder"; - description = '' - The working directory to use to run the script. When running - as part of a flake will need to be set to a non read-only filesystem. - ''; + default = "."; + type = types.str; + example = "/var/lib/darwin-builder"; + description = '' + The working directory to use to run the script. When running + as part of a flake will need to be set to a non read-only filesystem. + ''; }; hostPort = mkOption { default = 31022; @@ -160,26 +168,34 @@ in script = hostPkgs.writeShellScriptBin "create-builder" ( '' set -euo pipefail - '' + - # When running as non-interactively as part of a DarwinConfiguration the working directory - # must be set to a writeable directory. - (if cfg.workingDirectory != "." then '' - ${hostPkgs.coreutils}/bin/mkdir --parent "${cfg.workingDirectory}" - cd "${cfg.workingDirectory}" - '' else "") + '' - KEYS="''${KEYS:-./keys}" - ${hostPkgs.coreutils}/bin/mkdir --parent "''${KEYS}" - PRIVATE_KEY="''${KEYS}/${user}_${keyType}" - PUBLIC_KEY="''${PRIVATE_KEY}.pub" - if [ ! -e "''${PRIVATE_KEY}" ] || [ ! -e "''${PUBLIC_KEY}" ]; then - ${hostPkgs.coreutils}/bin/rm --force -- "''${PRIVATE_KEY}" "''${PUBLIC_KEY}" - ${hostPkgs.openssh}/bin/ssh-keygen -q -f "''${PRIVATE_KEY}" -t ${keyType} -N "" -C 'builder@localhost' - fi - if ! ${hostPkgs.diffutils}/bin/cmp "''${PUBLIC_KEY}" ${publicKey}; then - (set -x; sudo --reset-timestamp ${installCredentials} "''${KEYS}") - fi - KEYS="$(${hostPkgs.nix}/bin/nix-store --add "$KEYS")" ${lib.getExe config.system.build.vm} - ''); + '' + + + # When running as non-interactively as part of a DarwinConfiguration the working directory + # must be set to a writeable directory. + ( + if cfg.workingDirectory != "." then + '' + ${hostPkgs.coreutils}/bin/mkdir --parent "${cfg.workingDirectory}" + cd "${cfg.workingDirectory}" + '' + else + "" + ) + + '' + KEYS="''${KEYS:-./keys}" + ${hostPkgs.coreutils}/bin/mkdir --parent "''${KEYS}" + PRIVATE_KEY="''${KEYS}/${user}_${keyType}" + PUBLIC_KEY="''${PRIVATE_KEY}.pub" + if [ ! -e "''${PRIVATE_KEY}" ] || [ ! -e "''${PUBLIC_KEY}" ]; then + ${hostPkgs.coreutils}/bin/rm --force -- "''${PRIVATE_KEY}" "''${PUBLIC_KEY}" + ${hostPkgs.openssh}/bin/ssh-keygen -q -f "''${PRIVATE_KEY}" -t ${keyType} -N "" -C 'builder@localhost' + fi + if ! ${hostPkgs.diffutils}/bin/cmp "''${PUBLIC_KEY}" ${publicKey}; then + (set -x; sudo --reset-timestamp ${installCredentials} "''${KEYS}") + fi + KEYS="$(${hostPkgs.nix}/bin/nix-store --add "$KEYS")" ${lib.getExe config.system.build.vm} + '' + ); in script.overrideAttrs (old: { @@ -224,7 +240,11 @@ in memorySize = cfg.memorySize; forwardPorts = [ - { from = "host"; guest.port = 22; host.port = cfg.hostPort; } + { + from = "host"; + guest.port = 22; + host.port = cfg.hostPort; + } ]; # Disable graphics for the builder since users will likely want to run it