diff options
author | Vincent Ambo <mail@tazj.in> | 2023-04-21T16·56+0300 |
---|---|---|
committer | tazjin <tazjin@tvl.su> | 2023-04-24T10·56+0000 |
commit | 6daf91c9cd52b729483aca6e1eaafc50fd796e7f (patch) | |
tree | 430e93bfd058a5500ddb81f2991b9e86cd24977e | |
parent | c7392b3c6b99bffb06965c81c7bf273371ce813e (diff) |
feat(corp/ops): add NixOS profile for Yandex Cloud machines r/6111
Sets up a virtual machine image that is bootable on Yandex Cloud. There are some slightly wonky behaviours still, like cloud-init apparently putting all keys into root's authorized_keys no matter what is specified in the metadata, but it does work now. Change-Id: I57dcb7fcfa6872a28855dc1347f73a6db3c56828 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8496 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
-rw-r--r-- | corp/ops/default.nix | 9 | ||||
-rw-r--r-- | corp/ops/modules/.skip-tree | 1 | ||||
-rw-r--r-- | corp/ops/modules/yandex-cloud.nix | 79 |
3 files changed, 89 insertions, 0 deletions
diff --git a/corp/ops/default.nix b/corp/ops/default.nix index 87f71da7860c..dfa62c80bafc 100644 --- a/corp/ops/default.nix +++ b/corp/ops/default.nix @@ -34,4 +34,13 @@ depot.nix.readTree.drvTargets rec { yc.attr = "corp.ops.yc-cli"; }; + + # Base image for Yandex VMs. + yandex-base-image = (depot.third_party.nixos { + configuration = { ... }: { + imports = [ + (depot.path.origSrc + ("/corp/ops/modules/yandex-cloud.nix")) + ]; + }; + }).config.system.build.yandexCloudImage; } diff --git a/corp/ops/modules/.skip-tree b/corp/ops/modules/.skip-tree new file mode 100644 index 000000000000..a6f528167f00 --- /dev/null +++ b/corp/ops/modules/.skip-tree @@ -0,0 +1 @@ +Only NixOS modules here. diff --git a/corp/ops/modules/yandex-cloud.nix b/corp/ops/modules/yandex-cloud.nix new file mode 100644 index 000000000000..cca81bc0ca5e --- /dev/null +++ b/corp/ops/modules/yandex-cloud.nix @@ -0,0 +1,79 @@ +# Profile for virtual machines on Yandex Cloud, intended for disk +# images. +# +# https://cloud.yandex.com/en/docs/compute/operations/image-create/custom-image +# +# TODO(tazjin): Upstream to nixpkgs once it works well. +{ config, lib, pkgs, modulesPath, ... }: + +let + cfg = config.virtualisation.yandexCloud; + + # Kernel modules required for interacting with the hypervisor. These + # must be available during stage 1 boot and during normal operation, + # as disks and network do not work without them. + modules = [ + "virtio-net" + "virtio-blk" + "virtio-pci" + "virtiofs" + ]; +in +{ + imports = [ + "${modulesPath}/profiles/headless.nix" + ]; + + options = { + virtualisation.yandexCloud.rootPartitionUuid = with lib; mkOption { + type = types.str; + default = "C55A5EE2-E5FA-485C-B3AE-CC928429AB6B"; + + description = '' + UUID to use for the root partition of the disk image. Yandex + Cloud requires that root partitions are mounted by UUID. + + Most users do not need to set this to a non-default value. + ''; + }; + }; + + config = { + fileSystems."/" = { + device = "/dev/disk/by-uuid/${lib.toLower cfg.rootPartitionUuid}"; + fsType = "ext4"; + autoResize = true; + }; + + boot = { + loader.grub.device = "/dev/vda"; + + initrd.kernelModules = modules; + kernelModules = modules; + kernelParams = [ + # Enable support for the serial console + "console=ttyS0" + ]; + + growPartition = true; + }; + + environment.etc.securetty = { + text = "ttyS0"; + mode = "0644"; + }; + + systemd.services."serial-getty@ttyS0".enable = true; + + services.openssh.enable = true; + services.cloud-init.enable = true; + + system.build.yandexCloudImage = import (pkgs.path + "/nixos/lib/make-disk-image.nix") { + inherit lib config pkgs; + additionalSpace = "128M"; + format = "qcow2"; + partitionTableType = "legacy+gpt"; + rootGPUID = cfg.rootPartitionUuid; + }; + }; +} |