Simplify kexec and iso image generation

2026-01-14 18:54:50 -08:00
parent bab2df5d7e
commit 5f7335c2a0
7 changed files with 58 additions and 136 deletions
--- a/5
+++ b/5
@@ -36,6 +36,11 @@ update-input:
 iso:
 	nix build .#packages.x86_64-linux.iso
 # Build Custom kexec image
 .PHONY: kexec-img
 kexec-img:
 	nix build .#packages.x86_64-linux.kexec
 # Deploy a host by name (ex: 's0')
 .PHONY: deploy
 deploy:
--- a/flake.lock
+++ b/flake.lock
@@ -239,6 +239,42 @@
        "type": "github"
      }
    },
    "nixlib": {
      "locked": {
        "lastModified": 1736643958,
        "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=",
        "owner": "nix-community",
        "repo": "nixpkgs.lib",
        "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "nixpkgs.lib",
        "type": "github"
      }
    },
    "nixos-generators": {
      "inputs": {
        "nixlib": "nixlib",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1764234087,
        "narHash": "sha256-NHF7QWa0ZPT8hsJrvijREW3+nifmF2rTXgS2v0tpcEA=",
        "owner": "nix-community",
        "repo": "nixos-generators",
        "rev": "032a1878682fafe829edfcf5fdfad635a2efe748",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "nixos-generators",
        "type": "github"
      }
    },
    "nixos-hardware": {
      "locked": {
        "lastModified": 1767185284,
@@ -280,6 +316,7 @@
        "flake-utils": "flake-utils",
        "home-manager": "home-manager",
        "nix-index-database": "nix-index-database",
        "nixos-generators": "nixos-generators",
        "nixos-hardware": "nixos-hardware",
        "nixpkgs": "nixpkgs",
        "simple-nixos-mailserver": "simple-nixos-mailserver",
--- a/flake.nix
+++ b/flake.nix
@@ -3,6 +3,11 @@
    # nixpkgs
    nixpkgs.url = "github:NixOS/nixpkgs/master";
    nixos-generators = {
      url = "github:nix-community/nixos-generators";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    # Common Utils Among flake inputs
    systems.url = "github:nix-systems/default";
    flake-utils = {
@@ -141,22 +146,17 @@
      packages =
        let
-          mkKexec = system:
+          mkEphemeral = system: format: inputs.nixos-generators.nixosGenerate {
-            (nixpkgs.lib.nixosSystem {
+            inherit system;
-              inherit system;
+            inherit format;
-              modules = [ ./machines/ephemeral/kexec.nix ];
+            modules = [ ./machines/ephemeral/minimal.nix ];
-            }).config.system.build.kexec_tarball;
+          };
          mkIso = system:
            (nixpkgs.lib.nixosSystem {
              inherit system;
              modules = [ ./machines/ephemeral/iso.nix ];
            }).config.system.build.isoImage;
        in
        {
-          "x86_64-linux"."kexec" = mkKexec "x86_64-linux";
+          "x86_64-linux".kexec = mkEphemeral "x86_64-linux" "kexec-bundle";
-          "x86_64-linux"."iso" = mkIso "x86_64-linux";
+          "x86_64-linux".iso = mkEphemeral "x86_64-linux" "iso";
-          "aarch64-linux"."kexec" = mkKexec "aarch64-linux";
+          "aarch64-linux".kexec = mkEphemeral "aarch64-linux" "kexec-bundle";
-          "aarch64-linux"."iso" = mkIso "aarch64-linux";
+          "aarch64-linux".iso = mkEphemeral "aarch64-linux" "iso";
        };
      overlays.default = import ./overlays { inherit inputs; };
--- a/machines/ephemeral/iso.nix
+++ b/machines/ephemeral/iso.nix
@@ -1,12 +0,0 @@
 { modulesPath, ... }:
 {
  imports = [
    (modulesPath + "/installer/cd-dvd/iso-image.nix")
    ./minimal.nix
  ];
  isoImage.makeUsbBootable = true;
  networking.hostName = "iso";
 }
--- a/machines/ephemeral/kexec.nix
+++ b/machines/ephemeral/kexec.nix
@@ -1,48 +0,0 @@
 # From https://mdleom.com/blog/2021/03/09/nixos-oracle/#Build-a-kexec-tarball
 # Builds a kexec img
 { config, pkgs, modulesPath, ... }:
 {
  imports = [
    (modulesPath + "/installer/netboot/netboot.nix")
    (modulesPath + "/profiles/qemu-guest.nix")
    ./minimal.nix
  ];
  networking.hostName = "kexec";
  # stripped down version of https://github.com/cleverca22/nix-tests/tree/master/kexec
  system.build = rec {
    image = pkgs.runCommand "image" { buildInputs = [ pkgs.nukeReferences ]; } ''
      mkdir $out
      if [ -f ${config.system.build.kernel}/bzImage ]; then
        cp ${config.system.build.kernel}/bzImage $out/kernel
      else
        cp ${config.system.build.kernel}/Image $out/kernel
      fi
      cp ${config.system.build.netbootRamdisk}/initrd $out/initrd
      nuke-refs $out/kernel
    '';
    kexec_script = pkgs.writeTextFile {
      executable = true;
      name = "kexec-nixos";
      text = ''
        #!${pkgs.stdenv.shell}
        set -e
        ${pkgs.kexec-tools}/bin/kexec -l ${image}/kernel --initrd=${image}/initrd --append="init=${builtins.unsafeDiscardStringContext config.system.build.toplevel}/init ${toString config.boot.kernelParams}"
        sync
        echo "executing kernel, filesystems will be improperly umounted"
        ${pkgs.kexec-tools}/bin/kexec -e
      '';
    };
    kexec_tarball = pkgs.callPackage (modulesPath + "/../lib/make-system-tarball.nix") {
      storeContents = [
        {
          object = config.system.build.kexec_script;
          symlink = "/kexec_nixos";
        }
      ];
      contents = [ ];
    };
  };
 }
--- a/machines/ephemeral/minimal.nix
+++ b/machines/ephemeral/minimal.nix
@@ -22,9 +22,7 @@
  boot.kernelParams = [
    "console=ttyS0,115200" # enable serial console
  ];
-  boot.kernel.sysctl."vm.overcommit_memory" = "1";
+  # boot.kernelPackages = pkgs.linuxPackages_latest;
  boot.kernelPackages = pkgs.linuxPackages_latest;
  system.stateVersion = "21.11";
@@ -46,7 +44,7 @@
  environment.variables.GC_INITIAL_HEAP_SIZE = "1M";
-  networking.useDHCP = true;
+  # networking.useDHCP = true;
  services.openssh = {
    enable = true;
@@ -56,6 +54,5 @@
    };
  };
  services.getty.autologinUser = "root";
  users.users.root.openssh.authorizedKeys.keys = config.machines.ssh.userKeys;
 }
--- a/machines/ephemeral/sdimg.nix
+++ b/machines/ephemeral/sdimg.nix
@@ -1,57 +0,0 @@
 { config, modulesPath, pkgs, lib, ... }:
 let
  pinecube-uboot = pkgs.buildUBoot {
    defconfig = "pinecube_defconfig";
    extraMeta.platforms = [ "armv7l-linux" ];
    filesToInstall = [ "u-boot-sunxi-with-spl.bin" ];
  };
 in
 {
  imports = [
    (modulesPath + "/installer/sd-card/sd-image.nix")
    ./minimal.nix
  ];
  sdImage.populateFirmwareCommands = "";
  sdImage.populateRootCommands = ''
    mkdir -p ./files/boot
    ${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot
  '';
  sdImage.postBuildCommands = ''
    dd if=${pinecube-uboot}/u-boot-sunxi-with-spl.bin of=$img bs=1024 seek=8 conv=notrunc
  '';
  ###
  networking.hostName = "pinecube";
  boot.loader.grub.enable = false;
  boot.loader.generic-extlinux-compatible.enable = true;
  boot.consoleLogLevel = 7;
  # cma is 64M by default which is waay too much and we can't even unpack initrd
  boot.kernelParams = [ "console=ttyS0,115200n8" "cma=32M" ];
  boot.kernelModules = [ "spi-nor" ]; # Not sure why this doesn't autoload. Provides SPI NOR at /dev/mtd0
  boot.extraModulePackages = [ config.boot.kernelPackages.rtl8189es ];
  zramSwap.enable = true; # 128MB is not much to work with
  sound.enable = true;
  environment.systemPackages = with pkgs; [
    ffmpeg
    (v4l_utils.override { withGUI = false; })
    usbutils
  ];
  services.getty.autologinUser = lib.mkForce "googlebot";
  users.users.googlebot = {
    isNormalUser = true;
    extraGroups = [ "wheel" "networkmanager" "video" ];
    openssh.authorizedKeys.keys = config.machines.ssh.userKeys;
  };
  networking.wireless.enable = true;
 }