-
Notifications
You must be signed in to change notification settings - Fork 107
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Merged by Bors] - lib/devos: bake devos repo into live cd #168
Conversation
894dd40
to
c164fe0
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Two specific doubts, and a general one:
Are store paths actually copied over from the iso?
I couldn't tell from: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/installer/tools/nixos-install.sh#L143
_Note: You _could_ install another machine than the one your iso was built for, | ||
but the iso doesn't necesarily already carry all the necesary build artifacts._ | ||
|
||
<!-- TODO: find out why --impure is necesary / PRs welcome! --> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was stumbling on and over access to path '/mnt/nix/...' is forbidden in restricted mode
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This is looking pretty good. Have your considered also adding |
Cool! I'll do a couple of tests today, still, and will include that. I also want to experiment to also set a static link local ip on the network interface when using the live cd. That way, we can feed a well known ip to the |
Isn't hostname usually enough for that? I'm not sure about adding a static ip, because of possible ip conflicts and other issues that can happen. Worst case you could find the ip of the machine by searching by hostname. |
Host name needs identity (which we actually have here since we build bespoke iso installers, but we also might want to work with a generic hostconfig, instead, eg. I still want to cover the case of an anonymous bootstrap image / iso that we can burn onto stockpiled computers and then ship to the site and initiate with an identity over the network. (kind of a rescue partition) |
I definitely understand the benefits of static IP. I've just had issues with it on my network and I know it can be kind of finicky. And I don't want the machine to lose network connection entirely for the convenience of a static ip. |
I think that is the exact use case for link local ad hoc networks
https://tools.ietf.org/html/rfc3927 So we should be good. Two anonymous hosts at the same time on the same link will necessarily clash. |
Also I was thinking that we should extract the custom system builds outside of lib, so users can add their own custom builds for all their hosts. The idea behind devosSystem is really great and I found a use for it in the home manager PR, and I'm sure others might have good ideas. And they can customize the existing systems we configure. |
I'll have to learn more about that. But it looks like you have a good plan! |
It looks as if this easily exceeds the size of an usb flash drive. But foremost, I hope that |
It looks like this is getting pretty close. I'm going to delegate this to both of you, while I work on opening a further PR toward #152. There is no harm in trying a |
✌️ blaggacao can now approve this pull request. To approve and merge a pull request, simply reply with |
✌️ Pacman99 can now approve this pull request. To approve and merge a pull request, simply reply with |
I'm checking out MulticastDNS as an alternative to static IPs. that might be slightly friendlier to the end user, althouth I'm not sure if that depends on fancy router support... that would look something like EDIT: instead of a ipv4 link-local, as a fall back to MulticastDNS, we can use ipv6which has it built-in, like in: https://networklessons.com/ipv6/ipv6-eui-64-explained |
This comment has been minimized.
This comment has been minimized.
doc/start/iso.md
Outdated
The latter option is currently blocked by [Nix Issue 4643](https://github.com/NixOS/nix/issues/4643). | ||
|
||
TODO: The former did not complete on my machine as the MulticastDNS seemed to be too unstable. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
blocked by NixOS/nix#4643
The NixOS.local
MulticastDNS didn't seem to be utterly stable on my network and disappeared rather quickly (between the deploy's nix copy — suceeded — and remote activation — failed)
I'll do another manual test, cleanup & rebase today, so we should be close to ".good to go". |
This looks really good. I think the only thing I would like to change is to use |
Also I had another idea for the live cd. You could include all the inputs in the ISO's registry. So while installing you don't need to download the inputs again. Once all inputs get passed to lib you could do something like:
This would also require adding But not sure this would work, and probably best to save it for a future PR. |
6fd68bd
to
5452058
Compare
2b55d42
to
6e011bf
Compare
It is generally useful to acess the top level flake from library functions or hosts. This not only simplifies the mental model and code but also provides additional context and not least a handle to the repo source code in the nix store. closes divnix#169
Copy over the nix storepath contents of the top level flake in order to be able to boostrap a host from a live iso installer conforming to the devos documentation using it's devshell. closes divnix#167
Replace default networking with a specially configured systemd-networkd network which is responsible for setting up DHCP and also provide a well known ipv6 link-local address as well as enable multicastDNS to expose the hostname on the local link over the reserved `local.` top level domain.
6e011bf
to
a09c1a9
Compare
Lat's call this a day! We might consider opening issues / discussions for further improvements:
This includes #189 |
bors r+ |
👎 Rejected by too few up-to-date approved reviews (some of the PR reviews are stale) |
bors r+ |
fix #167 This worked for me to bootstrap another machine.
Ohh right this is going to do a squash merge :( |
Never mind, I think Tim is going to change that soon... |
sorry for delay, I believe I figured out how to fix the ci runner while keeping everything up to date (import for users who want to run their own ci). Essentially we will use the stable nix daemon, and only rely on nixosUnstable for the client side. On my tests last night this seemed to fix things, but a lot of derivations were failing (I believe due to updates to nixpkgs). BORS won't commit with failing tests, so I'll see what I can do to fix them, or we may just have to disable some of the failing archtiectures for a while.` |
@nrdxp If you exceptionally can merge this manually, we would save my carefully crafted git history for once. 😉 I built everything on my machine and tested end to end on target host. Only caveat: |
Well, give me about half an hour to implement the fixes in the CI runner, and if it still doesn't work, I'll just merge manually. |
Pull request successfully merged into core. Build succeeded: |
So it merged. There is the |
Yeah apologies, I will remember that for the future. |
Not a big deal, it is inevitable with any workflow shift to have a few kinks to work out. I am glad that @blaggacao at least got credit in the commit message though. |
I'm not after any credit whatsoever 😉 |
fix #167
This worked for me to bootstrap another machine.