diff --git a/Makefile b/Makefile index 54656e9e1..b34278ced 100644 --- a/Makefile +++ b/Makefile @@ -21,6 +21,10 @@ else ifdef system deploy:;@ make eval system=$(system) get=config.krebs.build.script filter=json | sh +.PHONY: infest +infest:;@ + make eval system=$(system) get=config.krebs.build.infest filter=json | sh + .PHONY: eval eval: @ diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index a6b5a1906..2db9feda0 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -121,6 +121,112 @@ let exec "$profile"/bin/switch-to-configuration switch EOF + + ''; + }; + infest = mkOption { + type = types.str; + default = '' + #! /bin/sh + set -efux + + target=${escapeShellArg cfg.build.target} + + push(){( + src=$1/ + dst=$target:/mnt$2 + rsync \ + --exclude .git \ + --exclude .graveyard \ + --exclude old \ + --rsync-path="mkdir -p \"/mnt$2\" && rsync" \ + --delete-excluded \ + -vrLptgoD \ + "$src" "$dst" + )} + + cat krebs/4lib/infest/1prepare | ssh "$target" + cat krebs/4lib/infest/2install-nix | ssh "$target" + + ${concatStrings (mapAttrsToList (name: { url, rev, ... }: + optionalString (rev == null) '' + push ${toString (map escapeShellArg [ + "${url}" + "/root/src/${name}" + ])} + '') config.deps)} + + ssh -S none "$target" /bin/sh <<\EOF + set -efux + + fetch(){( + url=$1 + rev=$2 + dst=$3 + mkdir -p "$dst" + cd "$dst" + if ! test -e .git; then + git init + fi + if ! cur_url=$(git config remote.origin.url 2>/dev/null); then + git remote add origin "$url" + elif test "$cur_url" != "$url"; then + git remote set-url origin "$url" + fi + if test "$(git rev-parse --verify HEAD 2>/dev/null)" != "$rev"; then + git fetch origin + git checkout "$rev" -- . + git checkout -q "$rev" + git submodule init + git submodule update + fi + git clean -dxf + )} + + ${concatStrings (mapAttrsToList (name: { url, rev, ... }: + optionalString (rev != null) '' + fetch ${toString (map escapeShellArg [ + url + rev + "/mnt/root/src/${name}" + ])} + '') config.deps)} + + export PATH=/root/.nix-profile/bin:/root/.nix-profile/sbin:$PATH + + sed < "$(type -p nixos-install)" > nixos-install ' + /^echo "building the system configuration..."/,/--set -A system/{ + s/.*/# &/ + s@.*--set -A system.*@&\n${concatStringsSep " " [ + "NIX_PATH=/mnt/root/src/" + "nix-env" + "-Q" + "-p /nix/var/nix/profiles/system" + "-f \"\"" + "--set" + "-A system" + "--argstr user-name ${escapeShellArg cfg.build.user.name}" + "--argstr system-name ${escapeShellArg cfg.build.host.name}" + ]}@ + } + ' + + sed -i 's/^nixpkgs=.*$/#&/' nixos-install + + + chmod +x nixos-install + + echo {} > /root/dummy.nix + + echo build system... + profile=/nix/var/nix/profiles/system + NIXOS_CONFIG=/root/dummy.nix \ + ./nixos-install -I /root/src/ + #nl -bp nixos-install + + EOF + + cat krebs/4lib/infest/4finalize | ssh "$target" ''; }; host = mkOption { diff --git a/krebs/4lib/infest/1prepare b/krebs/4lib/infest/1prepare new file mode 100644 index 000000000..07c00c3a5 --- /dev/null +++ b/krebs/4lib/infest/1prepare @@ -0,0 +1,74 @@ +#! /bin/sh +set -efu + +prepare() {( + if test -e /etc/os-release; then + . /etc/os-release + case $ID in + centos) + case $VERSION_ID in + 7) + prepare_centos7 "$@" + exit + ;; + esac + ;; + esac + fi + echo "$0 prepare: unknown OS" >&2 + exit -1 +)} + +prepare_centos7() { + type bzip2 2>/dev/null || yum install -y bzip2 + type git 2>/dev/null || yum install -y git + type rsync 2>/dev/null || yum install -y rsync + if ! getent group nixbld >/dev/null; then + groupadd -g 30000 -r nixbld + fi + for i in `seq 1 10`; do + if ! getent passwd nixbld$i 2>/dev/null; then + useradd \ + -c "CentOS Nix build user $i" \ + -d /var/empty \ + -g 30000 \ + -G 30000 \ + -l \ + -M \ + -s /sbin/nologin \ + -u $(expr 30000 + $i) \ + nixbld$i + rm -f /var/spool/mail/nixbld$i + fi + done + + # + # mount install directory + # + + if ! mount | grep -Fq '/dev/mapper/centos-root on /mnt type xfs'; then + mkdir -p /newshit + mount --bind /newshit /mnt + fi + + if ! mount | grep -Fq '/dev/sda1 on /mnt/boot type xfs'; then + mkdir -p /mnt/boot + mount /dev/sda1 /mnt/boot + fi + + mount | grep 'on /mnt\>' >&2 + + # + # prepare install directory + # + + mkdir -p /mnt/etc/nixos + mkdir -m 0555 -p /mnt/var/empty + + if ! mount | grep -Fq '/dev/mapper/centos-root on /mnt/root type xfs'; then + mkdir -p /mnt/root + mount --bind /root /mnt/root + fi +} + +prepare "$@" diff --git a/krebs/4lib/infest/2install-nix b/krebs/4lib/infest/2install-nix new file mode 100644 index 000000000..3021c1143 --- /dev/null +++ b/krebs/4lib/infest/2install-nix @@ -0,0 +1,57 @@ +#! /bin/sh +set -efu + +nix_url=https://nixos.org/releases/nix/nix-1.10/nix-1.10-x86_64-linux.tar.bz2 +nix_sha256="504f7a3a85fceffb8766ae5e1005de9e02e489742f5a63cc3e7552120b138bf4" + +install-nix() {( + + # install nix on host (cf. https://nixos.org/nix/install) + if ! test -e /root/.nix-profile/etc/profile.d/nix.sh; then + ( + verify() { + printf '%s %s\n' $nix_sha256 $(basename $nix_url) | sha256sum -c + } + if ! verify; then + curl -C - -O "$nix_url" + verify + fi + ) + nix_src_dir=$(basename $nix_url .tar.bz2) + tar jxf $nix_src_dir.tar.bz2 + mkdir -v -m 0755 -p /nix + $nix_src_dir/install + fi + + #TODO: make this general or move to 1prepare + if ! mount | grep -Fq '/dev/mapper/centos-root on /mnt/nix type xfs'; then + mkdir -p /mnt/nix + mount --bind /nix /mnt/nix + fi + + . /root/.nix-profile/etc/profile.d/nix.sh + + for i in \ + bash \ + coreutils \ + # This line intentionally left blank. + do + if ! nix-env -q $i | grep -q .; then + nix-env -iA nixpkgs.pkgs.$i + fi + done + + # install nixos-install + if ! type nixos-install 2>/dev/null; then + nixpkgs_expr='import { system = builtins.currentSystem; }' + nixpkgs_path=$(find /nix/store -mindepth 1 -maxdepth 1 -name *-nixpkgs-* -type d) + nix-env \ + --arg config "{ nix.package = ($nixpkgs_expr).nix; }" \ + --arg pkgs "$nixpkgs_expr" \ + --arg modulesPath 'throw "no modulesPath"' \ + -f $nixpkgs_path/nixpkgs/nixos/modules/installer/tools/tools.nix \ + -iA config.system.build.nixos-install + fi +)} + +install-nix "$@" diff --git a/krebs/4lib/infest/3install-nix-tools b/krebs/4lib/infest/3install-nix-tools new file mode 100644 index 000000000..59fa6f14a --- /dev/null +++ b/krebs/4lib/infest/3install-nix-tools @@ -0,0 +1,9 @@ +#! /bin/sh +set -efu + +install-nix-tools() {( + + +)} + +install-nix-tools "$@" diff --git a/krebs/4lib/infest/4finalize b/krebs/4lib/infest/4finalize new file mode 100644 index 000000000..d095fa31b --- /dev/null +++ b/krebs/4lib/infest/4finalize @@ -0,0 +1,65 @@ +#! /bin/sh +set -eux +{ + umount /mnt/nix || [ $? -eq 32 ] + umount /mnt/boot || [ $? -eq 32 ] + umount /mnt/root || [ $? -eq 32 ] + umount /mnt || [ $? -eq 32 ] + umount /boot || [ $? -eq 32 ] + + PATH=$(for i in /nix/store/*coreutils*/bin; do :; done; echo $i) + export PATH + + mkdir /oldshit + + mv /bin /oldshit/ + mv /newshit/bin / + + # TODO ensure /boot is empty + rmdir /newshit/boot + + # skip /dev + rmdir /newshit/dev + + mv /etc /oldshit/ + mv /newshit/etc / + + # skip /nix (it's already there) + rmdir /newshit/nix + + # skip /proc + rmdir /newshit/proc + + # skip /run + rmdir /newshit/run + + # skip /sys + rmdir /newshit/sys + + # skip /root + rmdir /newshit/root + + # skip /tmp + # TODO rmdir /newshit/tmp + + mv /home /oldshit/ + mv /newshit/home / + + mv /usr /oldshit/ + mv /newshit/usr / + + mv /var /oldshit/ + mv /newshit/var / + + mv /lib /oldshit/ + mv /lib64 /oldshit/ + mv /sbin /oldshit/ + mv /srv /oldshit/ + mv /opt /oldshit/ + + + mv /newshit /root/ # TODO this one shoult be empty + mv /oldshit /root/ + + sync +}