Minor improvements and normalization towards Quartiq workflow #6

Open
eduardotenholder wants to merge 17 commits from eduardotenholder/defenestrate:quartiq into master
5 changed files with 49 additions and 20 deletions

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
result

12
README
View File

@ -1,10 +1,16 @@
On build device:
* nix-build
* (for LAN builds) nix-build --arg mlabs true
On target device:
* Enter BIOS, disable secure boot, enable UEFI PXE network boot * Enter BIOS, disable secure boot, enable UEFI PXE network boot
* sudo auto-install * sudo auto-install
* sudo reboot * sudo reboot
Outdated
Review

The issue with auto-reboot here is you need to monitor the installation and then select memtest86 after it has finished.
Either somehow set up the bootloader so it runs memtest86 on the first boot, or move memtest86 at the end (but user reboot is still necessary so it's not clear what has been added with auto-reboot, and also auto-reboot loses any messages printed by nixos-install), or revert this change.

The issue with auto-reboot here is you need to monitor the installation and then select memtest86 after it has finished. Either somehow set up the bootloader so it runs memtest86 on the first boot, or move memtest86 at the end (but user reboot is still necessary so it's not clear what has been added with auto-reboot, and also auto-reboot loses any messages printed by nixos-install), or revert this change.
* Run memtest86 * Run memtest86
* Copy device database to ~/artiq * Copy device database to ~/artiq
* Set timezone * Set timezone and kb layout
* Comment out openssh.authorizedKeys.keys * Comment out openssh.authorizedKeys.keys
* sudo nixos-rebuild boot
* sudo nix-collect-garbage -d
* history clear * history clear
On build device:
* cat sealoff.sh | ssh rabi@artiq "sudo sh"

View File

@ -33,7 +33,7 @@ let
parted /dev/nvme0n1 -- mkpart primary 512MiB 100% parted /dev/nvme0n1 -- mkpart primary 512MiB 100%
parted /dev/nvme0n1 -- mkpart ESP fat32 1MiB 512MiB parted /dev/nvme0n1 -- mkpart ESP fat32 1MiB 512MiB
parted /dev/nvme0n1 -- set 2 esp on parted /dev/nvme0n1 -- set 2 esp on
mkfs.ext4 -L nixos /dev/nvme0n1p1 mkfs.btrfs -f -L nixos /dev/nvme0n1p1
Review

According to Phoronix benchmarks, btrfs is slower than ext4 and I think most desktop users won't need the advanced btrfs features. Why do you want it?

If this is controversial we can also make it configurable at netboot image build time, just like the nixbld.m-labs.hk substituter priority.

According to Phoronix benchmarks, btrfs is slower than ext4 and I think most desktop users won't need the advanced btrfs features. Why do you want it? If this is controversial we can also make it configurable at netboot image build time, just like the nixbld.m-labs.hk substituter priority.
mkfs.fat -F 32 -n boot /dev/nvme0n1p2 mkfs.fat -F 32 -n boot /dev/nvme0n1p2
mount /dev/disk/by-label/nixos /mnt mount /dev/disk/by-label/nixos /mnt
mkdir -p /mnt/boot mkdir -p /mnt/boot
@ -43,17 +43,26 @@ let
nixos-install --no-root-password --flake /mnt/etc/nixos#artiq nixos-install --no-root-password --flake /mnt/etc/nixos#artiq
''; '';
customModule = { customModule = mlabs:
let storeUrl = "https://nixbld.m-labs.hk" + (if mlabs then "?priority=10" else "");
in
{
system.stateVersion = "24.05";
environment.systemPackages = [ autoInstall pkgs.git ]; environment.systemPackages = [ autoInstall pkgs.git ];
documentation.info.enable = false; # https://github.com/NixOS/nixpkgs/issues/124215
documentation.man.enable = false;
sb10q marked this conversation as resolved Outdated
Outdated
Review

The priority setting is there for a reason: most packages get downloaded from the LAN when we install here.
It's probably not what you want from Germany, so make it configurable (i.e. option in default.nix, which can be off by default, and which would be turned on when building the netboot image on nixbld).

The priority setting is there for a reason: most packages get downloaded from the LAN when we install here. It's probably not what you want from Germany, so make it configurable (i.e. option in default.nix, which can be off by default, and which would be turned on when building the netboot image on nixbld).
nix.settings.trusted-public-keys = ["nixbld.m-labs.hk-1:5aSRVA5b320xbNvu30tqxVPXpld73bhtOeH6uAjRyHc="]; nix.settings.trusted-public-keys = ["nixbld.m-labs.hk-1:5aSRVA5b320xbNvu30tqxVPXpld73bhtOeH6uAjRyHc="];
nix.settings.substituters = ["https://nixbld.m-labs.hk?priority=10"]; nix.settings.substituters = [ storeUrl ];
}; };
in
{ mlabs ? false }:
let module = customModule mlabs;
in in
makeNetboot { makeNetboot {
modules = [ modules = [
<nixpkgs/nixos/modules/installer/netboot/netboot-minimal.nix> <nixpkgs/nixos/modules/installer/netboot/netboot-minimal.nix>
customModule module
]; ];
system = "x86_64-linux"; system = "x86_64-linux";
} }

View File

@ -32,7 +32,7 @@
console.keyMap = "us"; console.keyMap = "us";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
time.timeZone = "Asia/Hong_Kong"; time.timeZone = "UTC";
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@ -84,11 +84,11 @@
hardware.pulseaudio.package = pkgs.pulseaudioFull; hardware.pulseaudio.package = pkgs.pulseaudioFull;
services.xserver.enable = true; services.xserver.enable = true;
services.xserver.layout = "us"; services.xserver.xkb.layout = "us";
services.xserver.displayManager.gdm.enable = true; services.xserver.displayManager.gdm.enable = true;
services.xserver.displayManager.autoLogin.enable = true; services.displayManager.autoLogin.enable = true;
services.xserver.displayManager.autoLogin.user = "rabi"; services.displayManager.autoLogin.user = "rabi";
# https://github.com/NixOS/nixpkgs/issues/103746 # https://github.com/NixOS/nixpkgs/issues/103746
systemd.services."getty@tty1".enable = false; systemd.services."getty@tty1".enable = false;
systemd.services."autovt@tty1".enable = false; systemd.services."autovt@tty1".enable = false;
@ -106,8 +106,16 @@
extraGroups = ["networkmanager" "wheel" "plugdev" "dialout" "wireshark"]; extraGroups = ["networkmanager" "wheel" "plugdev" "dialout" "wireshark"];
initialPassword = "rabi"; initialPassword = "rabi";
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
# m-labs
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyPk5WyFoWSvF4ozehxcVBoZ+UHgrI7VW/OoQfFFwIQe0qvetUZBMZwR2FwkLPAMZV8zz1v4EfncudEkVghy4P+/YVLlDjqDq9zwZnh8Nd/ifu84wmcNWHT2UcqnhjniCdshL8a44memzABnxfLLv+sXhP2x32cJAamo5y6fukr2qLp2jbXzR+3sv3klE0ruUXis/BR1lLqNJEYP8jB6fLn2sLKinnZPfn6DwVOk10mGeQsdME/eGl3phpjhODH9JW5V2V5nJBbC0rBnq+78dyArKVqjPSmIcSy72DEIpTctnMEN1W34BGrnsDd5Xd/DKxKxHKTMCHtZRwLC2X0NWN" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyPk5WyFoWSvF4ozehxcVBoZ+UHgrI7VW/OoQfFFwIQe0qvetUZBMZwR2FwkLPAMZV8zz1v4EfncudEkVghy4P+/YVLlDjqDq9zwZnh8Nd/ifu84wmcNWHT2UcqnhjniCdshL8a44memzABnxfLLv+sXhP2x32cJAamo5y6fukr2qLp2jbXzR+3sv3klE0ruUXis/BR1lLqNJEYP8jB6fLn2sLKinnZPfn6DwVOk10mGeQsdME/eGl3phpjhODH9JW5V2V5nJBbC0rBnq+78dyArKVqjPSmIcSy72DEIpTctnMEN1W34BGrnsDd5Xd/DKxKxHKTMCHtZRwLC2X0NWN"
# m-labs
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCMALVC8RDTHec+PC8y1s3tcpUAODgq6DEzQdHDf/cyvDMfmCaPiMxfIdmkns5lMa03hymIfSmLUF0jFFDc7biRp7uf9AAXNsrTmplHii0l0McuOOZGlSdZM4eL817P7UwJqFMxJyFXDjkubhQiX6kp25Kfuj/zLnupRCaiDvE7ho/xay6Jrv0XLz935TPDwkc7W1asLIvsZLheB+sRz9SMOb9gtrvk5WXZl5JTOFOLu+JaRwQLHL/xdcHJTOod7tqHYfpoC5JHrEwKzbhTOwxZBQBfTQjQktKENQtBxXHTe71rUEWfEZQGg60/BC4BrRmh4qJjlJu3v4VIhC7SSHn1" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCMALVC8RDTHec+PC8y1s3tcpUAODgq6DEzQdHDf/cyvDMfmCaPiMxfIdmkns5lMa03hymIfSmLUF0jFFDc7biRp7uf9AAXNsrTmplHii0l0McuOOZGlSdZM4eL817P7UwJqFMxJyFXDjkubhQiX6kp25Kfuj/zLnupRCaiDvE7ho/xay6Jrv0XLz935TPDwkc7W1asLIvsZLheB+sRz9SMOb9gtrvk5WXZl5JTOFOLu+JaRwQLHL/xdcHJTOod7tqHYfpoC5JHrEwKzbhTOwxZBQBfTQjQktKENQtBxXHTe71rUEWfEZQGg60/BC4BrRmh4qJjlJu3v4VIhC7SSHn1"
# quartiq rj
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC27krR8G8Pb59YuYm7+X2mmNnVdk/t9myYgO8LH0zfb2MeeXX5+90nW9kMjKflJss/oLl8dkD85jbJ0fRbRkfJd20pGCqCUuYAbYKkowigFVEkbrbWSLkmf+clRjzJOuBuUA0uq0XKS17uMC3qhu+dDdBOAIKb3L83NfVE8p8Pjb4BPktQrdxefM43/x4jTMuc7tgxVmTOEge3+rmVPK2GnLkUBgBn8b6S+9ElPd63HXI5J5f61v21l5N9V0mhTu1pv6PiDRdFIlFDK9dLVZcZ2qlzpKmCnFrOoreBEgre44SpfFe5/MMItxvWiVsj/rij/rHZZiol1k7JiQCnEHeCCbjjvcBBka5HxZgcb3vBZVceTOawrmjbdbA2dq35sUptz/bEgdZ1UVCmVpWsdROAlEDBmSSbcVwxzcvhoKnkpbuP4Q0V3tVKSLW053ADFNB4frtwY5nAZfsVErFLLphjwb8nlyJoDRNapQrn5syEiW0ligX2AAskZTYIl2A5AYyWPrmX6HJOPqZGatMU3qQiRMxs+hFqhyyCmBgl0kcsgW09MBKtJWk1Fbii98MHqgRUN9R7AUiYy5p78Pnv9DC8DT8Ubl9zoP0g5d40P9NGK2LAhMxLXvtckJ4ERqbSEcNZJw+q4jBrOHnMTz+NLdAUiEtru+6T2OdhaHv+eiNlFQ=="
# quartiq rj
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMUaB2G1jexxfkdlly3fdWslH54/s/bOuvk9AxqpjtAY"
# quartiq pk
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIu6yhjCoZ62eamYrAXtFefDhplTRUIdD4tncwlkyAEH"
]; ];
}; };
security.sudo.wheelNeedsPassword = false; security.sudo.wheelNeedsPassword = false;

5
sealoff.sh Normal file
View File

@ -0,0 +1,5 @@
#!/bin/sh
set -e
nixos-rebuild boot
nix-collect-garbage -d