Format
This commit is contained in:
Robert Hensing
parent
00355648f0
commit
a034fb50f7
@ -5,8 +5,13 @@
|
|||||||
|
|
||||||
It contains both the relevant guest settings as well as an installer script
|
It contains both the relevant guest settings as well as an installer script
|
||||||
that manages it as a QEMU virtual machine on the host.
|
that manages it as a QEMU virtual machine on the host.
|
||||||
*/
|
*/
|
||||||
{ config, lib, options, ... }:
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
options,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
|
||||||
let
|
let
|
||||||
keysDirectory = "/var/keys";
|
keysDirectory = "/var/keys";
|
||||||
@ -31,7 +36,10 @@ in
|
|||||||
];
|
];
|
||||||
# swraid's default depends on stateVersion
|
# swraid's default depends on stateVersion
|
||||||
config.boot.swraid.enable = false;
|
config.boot.swraid.enable = false;
|
||||||
options.boot.isContainer = lib.mkOption { default = false; internal = true; };
|
options.boot.isContainer = lib.mkOption {
|
||||||
|
default = false;
|
||||||
|
internal = true;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
@ -67,13 +75,13 @@ in
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
workingDirectory = mkOption {
|
workingDirectory = mkOption {
|
||||||
default = ".";
|
default = ".";
|
||||||
type = types.str;
|
type = types.str;
|
||||||
example = "/var/lib/darwin-builder";
|
example = "/var/lib/darwin-builder";
|
||||||
description = ''
|
description = ''
|
||||||
The working directory to use to run the script. When running
|
The working directory to use to run the script. When running
|
||||||
as part of a flake will need to be set to a non read-only filesystem.
|
as part of a flake will need to be set to a non read-only filesystem.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
hostPort = mkOption {
|
hostPort = mkOption {
|
||||||
default = 31022;
|
default = 31022;
|
||||||
@ -160,26 +168,34 @@ in
|
|||||||
script = hostPkgs.writeShellScriptBin "create-builder" (
|
script = hostPkgs.writeShellScriptBin "create-builder" (
|
||||||
''
|
''
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
'' +
|
''
|
||||||
# When running as non-interactively as part of a DarwinConfiguration the working directory
|
+
|
||||||
# must be set to a writeable directory.
|
# When running as non-interactively as part of a DarwinConfiguration the working directory
|
||||||
(if cfg.workingDirectory != "." then ''
|
# must be set to a writeable directory.
|
||||||
${hostPkgs.coreutils}/bin/mkdir --parent "${cfg.workingDirectory}"
|
(
|
||||||
cd "${cfg.workingDirectory}"
|
if cfg.workingDirectory != "." then
|
||||||
'' else "") + ''
|
''
|
||||||
KEYS="''${KEYS:-./keys}"
|
${hostPkgs.coreutils}/bin/mkdir --parent "${cfg.workingDirectory}"
|
||||||
${hostPkgs.coreutils}/bin/mkdir --parent "''${KEYS}"
|
cd "${cfg.workingDirectory}"
|
||||||
PRIVATE_KEY="''${KEYS}/${user}_${keyType}"
|
''
|
||||||
PUBLIC_KEY="''${PRIVATE_KEY}.pub"
|
else
|
||||||
if [ ! -e "''${PRIVATE_KEY}" ] || [ ! -e "''${PUBLIC_KEY}" ]; then
|
""
|
||||||
${hostPkgs.coreutils}/bin/rm --force -- "''${PRIVATE_KEY}" "''${PUBLIC_KEY}"
|
)
|
||||||
${hostPkgs.openssh}/bin/ssh-keygen -q -f "''${PRIVATE_KEY}" -t ${keyType} -N "" -C 'builder@localhost'
|
+ ''
|
||||||
fi
|
KEYS="''${KEYS:-./keys}"
|
||||||
if ! ${hostPkgs.diffutils}/bin/cmp "''${PUBLIC_KEY}" ${publicKey}; then
|
${hostPkgs.coreutils}/bin/mkdir --parent "''${KEYS}"
|
||||||
(set -x; sudo --reset-timestamp ${installCredentials} "''${KEYS}")
|
PRIVATE_KEY="''${KEYS}/${user}_${keyType}"
|
||||||
fi
|
PUBLIC_KEY="''${PRIVATE_KEY}.pub"
|
||||||
KEYS="$(${hostPkgs.nix}/bin/nix-store --add "$KEYS")" ${lib.getExe config.system.build.vm}
|
if [ ! -e "''${PRIVATE_KEY}" ] || [ ! -e "''${PUBLIC_KEY}" ]; then
|
||||||
'');
|
${hostPkgs.coreutils}/bin/rm --force -- "''${PRIVATE_KEY}" "''${PUBLIC_KEY}"
|
||||||
|
${hostPkgs.openssh}/bin/ssh-keygen -q -f "''${PRIVATE_KEY}" -t ${keyType} -N "" -C 'builder@localhost'
|
||||||
|
fi
|
||||||
|
if ! ${hostPkgs.diffutils}/bin/cmp "''${PUBLIC_KEY}" ${publicKey}; then
|
||||||
|
(set -x; sudo --reset-timestamp ${installCredentials} "''${KEYS}")
|
||||||
|
fi
|
||||||
|
KEYS="$(${hostPkgs.nix}/bin/nix-store --add "$KEYS")" ${lib.getExe config.system.build.vm}
|
||||||
|
''
|
||||||
|
);
|
||||||
|
|
||||||
in
|
in
|
||||||
script.overrideAttrs (old: {
|
script.overrideAttrs (old: {
|
||||||
@ -224,7 +240,11 @@ in
|
|||||||
memorySize = cfg.memorySize;
|
memorySize = cfg.memorySize;
|
||||||
|
|
||||||
forwardPorts = [
|
forwardPorts = [
|
||||||
{ from = "host"; guest.port = 22; host.port = cfg.hostPort; }
|
{
|
||||||
|
from = "host";
|
||||||
|
guest.port = 22;
|
||||||
|
host.port = cfg.hostPort;
|
||||||
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
# Disable graphics for the builder since users will likely want to run it
|
# Disable graphics for the builder since users will likely want to run it
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user