commit 8b16862469fc1e239f672ddd2e9af3fa9dd9352d · pyrox.dev/nixpkgs

+2

nixos/doc/manual/release-notes/rl-2411.section.md

··· 402 402 - The `antennas` package and the `services.antennas` module have been 403 403 removed as they only work with `tvheadend` (see above). 404 404 405 + - The `system.build.brightboxImage` image has been removed as It did not build anymore and has not seen any maintenance in over 7 years (excluding tree-wide changes). 406 + 405 407 - The `services.syncplay` module now exposes all currently available command-line arguments for `syncplay-server` as options, as well as a `useACMEHost` option for easy TLS setup. 406 408 The systemd service now uses `DynamicUser`/`StateDirectory` and the `user` and `group` options have been deprecated. 407 409

-5

nixos/modules/virtualisation/brightbox-config.nix

··· 1 - { modulesPath, ... }: 2 - 3 - { 4 - imports = [ "${modulesPath}/virtualisation/brightbox-image.nix" ]; 5 - }

-166

nixos/modules/virtualisation/brightbox-image.nix

··· 1 - { config, lib, pkgs, ... }: 2 - 3 - with lib; 4 - let 5 - diskSize = "20G"; 6 - in 7 - { 8 - imports = [ ../profiles/headless.nix ../profiles/qemu-guest.nix ]; 9 - 10 - system.build.brightboxImage = 11 - pkgs.vmTools.runInLinuxVM ( 12 - pkgs.runCommand "brightbox-image" 13 - { preVM = 14 - '' 15 - mkdir $out 16 - diskImage=$out/$diskImageBase 17 - truncate $diskImage --size ${diskSize} 18 - mv closure xchg/ 19 - ''; 20 - 21 - postVM = 22 - '' 23 - PATH=$PATH:${lib.makeBinPath [ pkgs.gnutar pkgs.gzip ]} 24 - pushd $out 25 - ${pkgs.qemu_kvm}/bin/qemu-img convert -c -O qcow2 $diskImageBase nixos.qcow2 26 - rm $diskImageBase 27 - popd 28 - ''; 29 - diskImageBase = "nixos-image-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.raw"; 30 - buildInputs = [ pkgs.util-linux pkgs.perl ]; 31 - exportReferencesGraph = 32 - [ "closure" config.system.build.toplevel ]; 33 - } 34 - '' 35 - # Create partition table 36 - ${pkgs.parted}/sbin/parted --script /dev/vda mklabel msdos 37 - ${pkgs.parted}/sbin/parted --script /dev/vda mkpart primary ext4 1 ${diskSize} 38 - ${pkgs.parted}/sbin/parted --script /dev/vda print 39 - . /sys/class/block/vda1/uevent 40 - mknod /dev/vda1 b $MAJOR $MINOR 41 - 42 - # Create an empty filesystem and mount it. 43 - ${pkgs.e2fsprogs}/sbin/mkfs.ext4 -L nixos /dev/vda1 44 - ${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda1 45 - 46 - mkdir /mnt 47 - mount /dev/vda1 /mnt 48 - 49 - # The initrd expects these directories to exist. 50 - mkdir /mnt/dev /mnt/proc /mnt/sys 51 - 52 - mount --bind /proc /mnt/proc 53 - mount --bind /dev /mnt/dev 54 - mount --bind /sys /mnt/sys 55 - 56 - # Copy all paths in the closure to the filesystem. 57 - storePaths=$(perl ${pkgs.pathsFromGraph} /tmp/xchg/closure) 58 - 59 - mkdir -p /mnt/nix/store 60 - echo "copying everything (will take a while)..." 61 - cp -prd $storePaths /mnt/nix/store/ 62 - 63 - # Register the paths in the Nix database. 64 - printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \ 65 - chroot /mnt ${config.nix.package.out}/bin/nix-store --load-db --option build-users-group "" 66 - 67 - # Create the system profile to allow nixos-rebuild to work. 68 - chroot /mnt ${config.nix.package.out}/bin/nix-env \ 69 - -p /nix/var/nix/profiles/system --set ${config.system.build.toplevel} \ 70 - --option build-users-group "" 71 - 72 - # `nixos-rebuild' requires an /etc/NIXOS. 73 - mkdir -p /mnt/etc 74 - touch /mnt/etc/NIXOS 75 - 76 - # `switch-to-configuration' requires a /bin/sh 77 - mkdir -p /mnt/bin 78 - ln -s ${config.system.build.binsh}/bin/sh /mnt/bin/sh 79 - 80 - # Install a configuration.nix. 81 - mkdir -p /mnt/etc/nixos /mnt/boot/grub 82 - cp ${./brightbox-config.nix} /mnt/etc/nixos/configuration.nix 83 - 84 - # Generate the GRUB menu. 85 - ln -s vda /dev/sda 86 - chroot /mnt ${config.system.build.toplevel}/bin/switch-to-configuration boot 87 - 88 - umount /mnt/proc /mnt/dev /mnt/sys 89 - umount /mnt 90 - '' 91 - ); 92 - 93 - fileSystems."/".label = "nixos"; 94 - 95 - # Generate a GRUB menu. Amazon's pv-grub uses this to boot our kernel/initrd. 96 - boot.loader.grub.device = "/dev/vda"; 97 - boot.loader.timeout = 0; 98 - 99 - # Don't put old configurations in the GRUB menu. The user has no 100 - # way to select them anyway. 101 - boot.loader.grub.configurationLimit = 0; 102 - 103 - # Allow root logins only using the SSH key that the user specified 104 - # at instance creation time. 105 - services.openssh.enable = true; 106 - services.openssh.settings.PermitRootLogin = "prohibit-password"; 107 - 108 - # Force getting the hostname from Google Compute. 109 - networking.hostName = mkDefault ""; 110 - 111 - # Always include cryptsetup so that NixOps can use it. 112 - environment.systemPackages = [ pkgs.cryptsetup ]; 113 - 114 - systemd.services.fetch-ec2-data = 115 - { description = "Fetch EC2 Data"; 116 - 117 - wantedBy = [ "multi-user.target" "sshd.service" ]; 118 - before = [ "sshd.service" ]; 119 - wants = [ "network-online.target" ]; 120 - after = [ "network-online.target" ]; 121 - 122 - path = [ pkgs.wget pkgs.iproute2 ]; 123 - 124 - script = 125 - '' 126 - wget="wget -q --retry-connrefused -O -" 127 - 128 - ${optionalString (config.networking.hostName == "") '' 129 - echo "setting host name..." 130 - ${pkgs.nettools}/bin/hostname $($wget http://169.254.169.254/latest/meta-data/hostname) 131 - ''} 132 - 133 - # Don't download the SSH key if it has already been injected 134 - # into the image (a Nova feature). 135 - if ! [ -e /root/.ssh/authorized_keys ]; then 136 - echo "obtaining SSH key..." 137 - mkdir -m 0700 -p /root/.ssh 138 - $wget http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key > /root/key.pub 139 - if [ $? -eq 0 -a -e /root/key.pub ]; then 140 - if ! grep -q -f /root/key.pub /root/.ssh/authorized_keys; then 141 - cat /root/key.pub >> /root/.ssh/authorized_keys 142 - echo "new key added to authorized_keys" 143 - fi 144 - chmod 600 /root/.ssh/authorized_keys 145 - rm -f /root/key.pub 146 - fi 147 - fi 148 - 149 - # Extract the intended SSH host key for this machine from 150 - # the supplied user data, if available. Otherwise sshd will 151 - # generate one normally. 152 - $wget http://169.254.169.254/2011-01-01/user-data > /root/user-data || true 153 - key="$(sed 's/|/\n/g; s/SSH_HOST_DSA_KEY://; t; d' /root/user-data)" 154 - key_pub="$(sed 's/SSH_HOST_DSA_KEY_PUB://; t; d' /root/user-data)" 155 - if [ -n "$key" -a -n "$key_pub" -a ! -e /etc/ssh/ssh_host_dsa_key ]; then 156 - mkdir -m 0755 -p /etc/ssh 157 - (umask 077; echo "$key" > /etc/ssh/ssh_host_dsa_key) 158 - echo "$key_pub" > /etc/ssh/ssh_host_dsa_key.pub 159 - fi 160 - ''; 161 - 162 - serviceConfig.Type = "oneshot"; 163 - serviceConfig.RemainAfterExit = true; 164 - }; 165 - 166 - }