From 6daf91c9cd52b729483aca6e1eaafc50fd796e7f Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Fri, 21 Apr 2023 19:56:48 +0300 Subject: feat(corp/ops): add NixOS profile for Yandex Cloud machines Sets up a virtual machine image that is bootable on Yandex Cloud. There are some slightly wonky behaviours still, like cloud-init apparently putting all keys into root's authorized_keys no matter what is specified in the metadata, but it does work now. Change-Id: I57dcb7fcfa6872a28855dc1347f73a6db3c56828 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8496 Tested-by: BuildkiteCI Reviewed-by: tazjin --- corp/ops/default.nix | 9 +++++ corp/ops/modules/.skip-tree | 1 + corp/ops/modules/yandex-cloud.nix | 79 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 89 insertions(+) create mode 100644 corp/ops/modules/.skip-tree create mode 100644 corp/ops/modules/yandex-cloud.nix diff --git a/corp/ops/default.nix b/corp/ops/default.nix index 87f71da7860c..dfa62c80bafc 100644 --- a/corp/ops/default.nix +++ b/corp/ops/default.nix @@ -34,4 +34,13 @@ depot.nix.readTree.drvTargets rec { yc.attr = "corp.ops.yc-cli"; }; + + # Base image for Yandex VMs. + yandex-base-image = (depot.third_party.nixos { + configuration = { ... }: { + imports = [ + (depot.path.origSrc + ("/corp/ops/modules/yandex-cloud.nix")) + ]; + }; + }).config.system.build.yandexCloudImage; } diff --git a/corp/ops/modules/.skip-tree b/corp/ops/modules/.skip-tree new file mode 100644 index 000000000000..a6f528167f00 --- /dev/null +++ b/corp/ops/modules/.skip-tree @@ -0,0 +1 @@ +Only NixOS modules here. diff --git a/corp/ops/modules/yandex-cloud.nix b/corp/ops/modules/yandex-cloud.nix new file mode 100644 index 000000000000..cca81bc0ca5e --- /dev/null +++ b/corp/ops/modules/yandex-cloud.nix @@ -0,0 +1,79 @@ +# Profile for virtual machines on Yandex Cloud, intended for disk +# images. +# +# https://cloud.yandex.com/en/docs/compute/operations/image-create/custom-image +# +# TODO(tazjin): Upstream to nixpkgs once it works well. +{ config, lib, pkgs, modulesPath, ... }: + +let + cfg = config.virtualisation.yandexCloud; + + # Kernel modules required for interacting with the hypervisor. These + # must be available during stage 1 boot and during normal operation, + # as disks and network do not work without them. + modules = [ + "virtio-net" + "virtio-blk" + "virtio-pci" + "virtiofs" + ]; +in +{ + imports = [ + "${modulesPath}/profiles/headless.nix" + ]; + + options = { + virtualisation.yandexCloud.rootPartitionUuid = with lib; mkOption { + type = types.str; + default = "C55A5EE2-E5FA-485C-B3AE-CC928429AB6B"; + + description = '' + UUID to use for the root partition of the disk image. Yandex + Cloud requires that root partitions are mounted by UUID. + + Most users do not need to set this to a non-default value. + ''; + }; + }; + + config = { + fileSystems."/" = { + device = "/dev/disk/by-uuid/${lib.toLower cfg.rootPartitionUuid}"; + fsType = "ext4"; + autoResize = true; + }; + + boot = { + loader.grub.device = "/dev/vda"; + + initrd.kernelModules = modules; + kernelModules = modules; + kernelParams = [ + # Enable support for the serial console + "console=ttyS0" + ]; + + growPartition = true; + }; + + environment.etc.securetty = { + text = "ttyS0"; + mode = "0644"; + }; + + systemd.services."serial-getty@ttyS0".enable = true; + + services.openssh.enable = true; + services.cloud-init.enable = true; + + system.build.yandexCloudImage = import (pkgs.path + "/nixos/lib/make-disk-image.nix") { + inherit lib config pkgs; + additionalSpace = "128M"; + format = "qcow2"; + partitionTableType = "legacy+gpt"; + rootGPUID = cfg.rootPartitionUuid; + }; + }; +} -- cgit 1.4.1