From f144bda9e6b7056058dd431027e0cf7aadf9fe3a Mon Sep 17 00:00:00 2001 From: Zuckerberg Date: Mon, 16 May 2022 13:04:31 -0400 Subject: [PATCH] Minimal kexec image builder --- flake.nix | 16 ++++++-- machines/kexec.nix | 72 ++++++++++++++++++++++++++++++++++ machines/ray/configuration.nix | 2 + 3 files changed, 86 insertions(+), 4 deletions(-) create mode 100644 machines/kexec.nix diff --git a/flake.nix b/flake.nix index 9c8c84f..73aca48 100644 --- a/flake.nix +++ b/flake.nix @@ -32,13 +32,10 @@ archivebox.inputs.flake-utils.follows = "flake-utils"; }; - outputs = inputs: { + outputs = { self, nixpkgs, nixpkgs-unstable, ... }@inputs: { nixosConfigurations = let - nixpkgs = inputs.nixpkgs; - nixpkgs-unstable = inputs.nixpkgs-unstable; - modules = system: [ ./common inputs.simple-nixos-mailserver.nixosModule @@ -119,5 +116,16 @@ "n6" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n6/configuration.nix; "n7" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n7/configuration.nix; }; + + packages = let + mkKexec = system: + (nixpkgs.lib.nixosSystem { + inherit system; + modules = [ ./machines/kexec.nix ]; + }).config.system.build.kexec_tarball; + in { + "x86_64-linux"."kexec" = mkKexec "x86_64-linux"; + "aarch64-linux"."kexec" = mkKexec "aarch64-linux"; + }; }; } diff --git a/machines/kexec.nix b/machines/kexec.nix new file mode 100644 index 0000000..965dacf --- /dev/null +++ b/machines/kexec.nix @@ -0,0 +1,72 @@ +# From https://mdleom.com/blog/2021/03/09/nixos-oracle/#Build-a-kexec-tarball +# Builds a kexec img + +{ config, pkgs, modulesPath, ... }: +{ + imports = [ + (modulesPath + "/installer/netboot/netboot.nix") + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + # stripped down version of https://github.com/cleverca22/nix-tests/tree/master/kexec + system.build = rec { + image = pkgs.runCommand "image" { buildInputs = [ pkgs.nukeReferences ]; } '' + mkdir $out + if [ -f ${config.system.build.kernel}/bzImage ]; then + cp ${config.system.build.kernel}/bzImage $out/kernel + else + cp ${config.system.build.kernel}/Image $out/kernel + fi + cp ${config.system.build.netbootRamdisk}/initrd $out/initrd + nuke-refs $out/kernel + ''; + kexec_script = pkgs.writeTextFile { + executable = true; + name = "kexec-nixos"; + text = '' + #!${pkgs.stdenv.shell} + set -e + ${pkgs.kexectools}/bin/kexec -l ${image}/kernel --initrd=${image}/initrd --append="init=${builtins.unsafeDiscardStringContext config.system.build.toplevel}/init ${toString config.boot.kernelParams}" + sync + echo "executing kernel, filesystems will be improperly umounted" + ${pkgs.kexectools}/bin/kexec -e + ''; + }; + kexec_tarball = pkgs.callPackage (modulesPath + "/../lib/make-system-tarball.nix") { + storeContents = [ + { + object = config.system.build.kexec_script; + symlink = "/kexec_nixos"; + } + ]; + contents = [ ]; + }; + }; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "e1000" "e1000e" "virtio_pci" "r8169" ]; + boot.kernelParams = [ + "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues + "console=ttyS0" # enable serial console + "console=tty1" + ]; + boot.kernel.sysctl."vm.overcommit_memory" = "1"; + + environment.systemPackages = with pkgs; [ + cryptsetup + btrfs-progs + ]; + environment.variables.GC_INITIAL_HEAP_SIZE = "1M"; + + networking.useDHCP = true; + + networking.hostName = "kexec"; + + services.openssh = { + enable = true; + challengeResponseAuthentication = false; + passwordAuthentication = false; + }; + + services.getty.autologinUser = "root"; + users.users.root.openssh.authorizedKeys.keys = (import ../common/ssh.nix).users; +} \ No newline at end of file diff --git a/machines/ray/configuration.nix b/machines/ray/configuration.nix index d5e4b5f..0716eec 100644 --- a/machines/ray/configuration.nix +++ b/machines/ray/configuration.nix @@ -17,6 +17,8 @@ allowDiscards = true; }; + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; + networking.hostName = "ray"; hardware.enableAllFirmware = true;