From 1a64deeb894dc95e2645a75771732c6cc53a79ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Wed, 4 Oct 2023 01:35:06 +0200 Subject: Squash changes containing private information There were a lot of changes since the previous commit, but a lot of them contained personnal information about users. All thos changes got stashed into a single commit (history is kept in a different place) and private information was moved in a separate private repository --- .../system/dilion/vms/base_configuration.nix | 21 ----- modules/private/system/dilion/vms/base_image.nix | 94 ---------------------- .../system/dilion/vms/buildbot_configuration.nix | 67 --------------- 3 files changed, 182 deletions(-) delete mode 100644 modules/private/system/dilion/vms/base_configuration.nix delete mode 100644 modules/private/system/dilion/vms/base_image.nix delete mode 100644 modules/private/system/dilion/vms/buildbot_configuration.nix (limited to 'modules/private/system/dilion/vms') diff --git a/modules/private/system/dilion/vms/base_configuration.nix b/modules/private/system/dilion/vms/base_configuration.nix deleted file mode 100644 index e2caba2..0000000 --- a/modules/private/system/dilion/vms/base_configuration.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ lib, config, ... }@args: -{ - options.myEnv = (import ../../../environment.nix (args // { name = "dummy"; })).options.myEnv; - config = { - fileSystems."/".device = "/dev/disk/by-label/nixos"; - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "virtio_balloon" "virtio_blk" "virtio_pci" "virtio_ring" ]; - boot.loader = { - grub = { - version = 2; - device = "/dev/vda"; - }; - timeout = 0; - }; - services.openssh.enable = true; - networking.firewall.allowedTCPPorts = [ 22 ]; - users = { - mutableUsers = false; - users.root.openssh.authorizedKeys.keys = [ config.myEnv.sshd.rootKeys.immae_dilion ]; - }; - }; -} diff --git a/modules/private/system/dilion/vms/base_image.nix b/modules/private/system/dilion/vms/base_image.nix deleted file mode 100644 index 8de8560..0000000 --- a/modules/private/system/dilion/vms/base_image.nix +++ /dev/null @@ -1,94 +0,0 @@ -configuration_file: { pkgs ? import {}, system ? builtins.currentSystem, myEnv, ... }: -let - config = (import { - inherit system; - modules = [ { - myEnv = myEnv; - imports = [ configuration_file ]; - - # We want our template image to be as small as possible, but the deployed image should be able to be - # of any size. Hence we resize on the first boot. - systemd.services.resize-main-fs = { - wantedBy = [ "multi-user.target" ]; - serviceConfig.Type = "oneshot"; - script = - '' - # Resize main partition to fill whole disk - echo ", +" | ${pkgs.utillinux}/bin/sfdisk /dev/vda --no-reread -N 1 - ${pkgs.parted}/bin/partprobe - # Resize filesystem - ${pkgs.e2fsprogs}/bin/resize2fs /dev/vda1 - ''; - }; - } ]; - }).config; -in pkgs.vmTools.runInLinuxVM ( - pkgs.runCommand "nixos-base-image" - { - memSize = 768; - preVM = - '' - mkdir $out - diskImage=image.qcow2 - ${pkgs.vmTools.qemu}/bin/qemu-img create -f qcow2 $diskImage 2G - mv closure xchg/ - ''; - postVM = - '' - echo compressing VM image... - ${pkgs.vmTools.qemu}/bin/qemu-img convert -c $diskImage -O qcow2 $out/nixos.qcow2 - ''; - buildInputs = [ pkgs.utillinux pkgs.perl pkgs.parted pkgs.e2fsprogs ]; - exportReferencesGraph = - [ "closure" config.system.build.toplevel ]; - } - '' - # Create the partition - parted /dev/vda mklabel msdos - parted /dev/vda -- mkpart primary ext4 1M -1s - - # Format the partition - mkfs.ext4 -L nixos /dev/vda1 - mkdir /mnt - mount /dev/vda1 /mnt - - for dir in dev proc sys; do - mkdir /mnt/$dir - mount --bind /$dir /mnt/$dir - done - - storePaths=$(perl ${pkgs.pathsFromGraph} /tmp/xchg/closure) - echo filling Nix store... - mkdir -p /mnt/nix/store - set -f - cp -prd $storePaths /mnt/nix/store - # The permissions will be set up incorrectly if the host machine is not running NixOS - chown -R 0:30000 /mnt/nix/store - - mkdir -p /mnt/etc/nix - echo 'build-users-group = ' > /mnt/etc/nix/nix.conf - - # Register the paths in the Nix database. - export USER=root - printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \ - chroot /mnt ${config.nix.package.out}/bin/nix-store --load-db - - # Create the system profile to allow nixos-rebuild to work. - chroot /mnt ${config.nix.package.out}/bin/nix-env \ - -p /nix/var/nix/profiles/system --set ${config.system.build.toplevel} - - # `nixos-rebuild' requires an /etc/NIXOS. - mkdir -p /mnt/etc/nixos - touch /mnt/etc/NIXOS - - # `switch-to-configuration' requires a /bin/sh - mkdir -p /mnt/bin - ln -s ${config.system.build.binsh}/bin/sh /mnt/bin/sh - - # Generate the GRUB menu. - chroot /mnt ${config.system.build.toplevel}/bin/switch-to-configuration boot - - umount /mnt/{proc,dev,sys} - umount /mnt - '' -) diff --git a/modules/private/system/dilion/vms/buildbot_configuration.nix b/modules/private/system/dilion/vms/buildbot_configuration.nix deleted file mode 100644 index 05b02d4..0000000 --- a/modules/private/system/dilion/vms/buildbot_configuration.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ pkgs, config, lib, ... }: -{ - imports = [ - - ./base_configuration.nix - ]; - systemd.services.buildbot-worker.serviceConfig.ExecStartPre = let - cfg = config.services.buildbot-worker; - script = pkgs.writeScript "decode-dmi" '' - #!${pkgs.stdenv.shell} - - mkdir -vp "${cfg.buildbotDir}" - varfile=${cfg.buildbotDir}/variables - rm $varfile || true - echo "[DEFAULT]" > $varfile - strings=$(${pkgs.dmidecode}/bin/dmidecode --oem-string count) - for i in $(seq 1 $strings); do - ${pkgs.dmidecode}/bin/dmidecode --oem-string $i >> $varfile - done - chown -R ${cfg.user}:${cfg.group} ${cfg.buildbotDir} - ''; - in - lib.mkForce ["+${script}"]; - systemd.services.buildbot-worker.serviceConfig.ExecStart = let - cfg = config.services.buildbot-worker; - tacFile = pkgs.writeText "buildbot-worker.tac" '' - import os - from io import open - - from buildbot_worker.bot import Worker - from twisted.application import service - - basedir = '${cfg.buildbotDir}' - - # note: this line is matched against to check that this is a worker - # directory; do not edit it. - application = service.Application('buildbot-worker') - - import configparser - config = config = configparser.ConfigParser() - config.read("${cfg.buildbotDir}/variables") - master_url_split = config["DEFAULT"]["buildbot_master_url"].split(':') - buildmaster_host = master_url_split[0] - port = int(master_url_split[1]) - workername = config["DEFAULT"]["buildbot_worker_name"] - - with open('${cfg.workerPassFile}', 'r', encoding='utf-8') as passwd_file: - passwd = passwd_file.read().strip('\r\n') - keepalive = ${toString cfg.keepalive} - umask = None - maxdelay = 300 - numcpus = None - allow_shutdown = None - - s = Worker(buildmaster_host, port, workername, passwd, basedir, - keepalive, umask=umask, maxdelay=maxdelay, - numcpus=numcpus, allow_shutdown=allow_shutdown) - s.setServiceParent(application) - ''; - in - lib.mkForce "${cfg.package.pythonModule.pkgs.twisted}/bin/twistd --nodaemon --pidfile= --logfile - --python ${tacFile}"; - services.buildbot-worker = { - enable = true; - workerPass = config.myEnv.buildbot.workerPassword; - packages = [ pkgs.git pkgs.gzip pkgs.openssh ]; - }; -} -- cgit v1.2.3