patch of nix/vm: store service data in a shared folder on the host · round #1 · pull #466 · tangled.org/core

+27 -24

nix/modules/knot.nix

···

       126
       126
        
               cfg.package

     

       127
       127
        
             ];

     

       128
       128
        
       

     

       129
       129
       -
             system.activationScripts.gitConfig = let

     

       130
       130
       -
               setMotd =

     

       131
       131
       -
                 if cfg.motdFile != null && cfg.motd != null

     

       132
       132
       -
                 then throw "motdFile and motd cannot be both set"

     

       133
       133
       -
                 else ''

     

       134
       134
       -
                   ${optionalString (cfg.motdFile != null) "cat ${cfg.motdFile} > ${cfg.stateDir}/motd"}

     

       135
       135
       -
                   ${optionalString (cfg.motd != null) ''printf "${cfg.motd}" > ${cfg.stateDir}/motd''}

     

       136
       136
       -
                 '';

     

       137
       137
       -
             in ''

     

       138
       138
       -
               mkdir -p "${cfg.repo.scanPath}"

     

       139
       139
       -
               chown -R ${cfg.gitUser}:${cfg.gitUser} "${cfg.repo.scanPath}"

     

       140
       140
       -
       

     

       141
       141
       -
               mkdir -p "${cfg.stateDir}/.config/git"

     

       142
       142
       -
               cat > "${cfg.stateDir}/.config/git/config" << EOF

     

       143
       143
       -
               [user]

     

       144
       144
       -
                   name = Git User

     

       145
       145
       -
                   email = git@example.com

     

       146
       146
       -
               [receive]

     

       147
       147
       -
                   advertisePushOptions = true

     

       148
       148
       -
               EOF

     

       149
       149
       -
               ${setMotd}

     

       150
       150
       -
               chown -R ${cfg.gitUser}:${cfg.gitUser} "${cfg.stateDir}"

     

       151
       151
       -
             '';

     

       152
       152
       -
       

     

       153
       129
        
             users.users.${cfg.gitUser} = {

     

       154
       130
        
               isSystemUser = true;

     

       155
       131
        
               useDefaultShell = true;

     
···

       185
       161
        
               description = "knot service";

     

       186
       162
        
               after = ["network.target" "sshd.service"];

     

       187
       163
        
               wantedBy = ["multi-user.target"];

     

       164
       164
       +
               enableStrictShellChecks = true;

     

       165
       165
       +
       

     

       166
       166
       +
               preStart = let

     

       167
       167
       +
                 setMotd =

     

       168
       168
       +
                   if cfg.motdFile != null && cfg.motd != null

     

       169
       169
       +
                   then throw "motdFile and motd cannot be both set"

     

       170
       170
       +
                   else ''

     

       171
       171
       +
                     ${optionalString (cfg.motdFile != null) "cat ${cfg.motdFile} > ${cfg.stateDir}/motd"}

     

       172
       172
       +
                     ${optionalString (cfg.motd != null) ''printf "${cfg.motd}" > ${cfg.stateDir}/motd''}

     

       173
       173
       +
                   '';

     

       174
       174
       +
               in ''

     

       175
       175
       +
                 mkdir -p "${cfg.repo.scanPath}"

     

       176
       176
       +
                 chown -R ${cfg.gitUser}:${cfg.gitUser} "${cfg.repo.scanPath}"

     

       177
       177
       +
       

     

       178
       178
       +
                 mkdir -p "${cfg.stateDir}/.config/git"

     

       179
       179
       +
                 cat > "${cfg.stateDir}/.config/git/config" << EOF

     

       180
       180
       +
                 [user]

     

       181
       181
       +
                     name = Git User

     

       182
       182
       +
                     email = git@example.com

     

       183
       183
       +
                 [receive]

     

       184
       184
       +
                     advertisePushOptions = true

     

       185
       185
       +
                 EOF

     

       186
       186
       +
                 ${setMotd}

     

       187
       187
       +
                 chown -R ${cfg.gitUser}:${cfg.gitUser} "${cfg.stateDir}"

     

       188
       188
       +
               '';

     

       189
       189
       +
       

     

       188
       190
        
               serviceConfig = {

     

       189
       191
        
                 User = cfg.gitUser;

     

       192
       192
       +
                 PermissionsStartOnly = true;

     

       190
       193
        
                 WorkingDirectory = cfg.stateDir;

     

       191
       194
        
                 Environment = [

     

       192
       195
        
                   "KNOT_REPO_SCAN_PATH=${cfg.repo.scanPath}"

.gitignore

···

       15
       15
        
       .env

     

       16
       16
        
       *.rdb

     

       17
       17
        
       .envrc

     

       18
       18
       +
       /nix/vm-data

+3 -5

docs/hacking.md

···

       60
       60
        
       ideally in a `.envrc` with [direnv](https://direnv.net) so you

     

       61
       61
        
       don't lose it.

     

       62
       62
        
       

     

       63
       63
       -
       You can now start a lightweight NixOS VM using

     

       64
       64
       -
       `nixos-shell` like so:

     

       63
       63
       +
       You can now start a lightweight NixOS VM like so:

     

       65
       64
        
       

     

       66
       65
        
       ```bash

     

       67
       67
       -
       nix run .#vm

     

       68
       68
       -
       # or nixos-shell --flake .#vm

     

       66
       66
       +
       nix run --impure .#vm

     

       69
       67
        
       

     

       70
       70
       -
       # hit Ctrl-a + c + q to exit the VM

     

       68
       68
       +
       # type `poweroff` at the shell to exit the VM

     

       71
       69
        
       ```

     

       72
       70
        
       

     

       73
       71
        
       This starts a knot on port 6000, a spindle on port 6555

+22 -27

flake.nix

···

       175
       175
        
               program = ''${tailwind-watcher}/bin/run'';

     

       176
       176
        
             };

     

       177
       177
        
             vm = let

     

       178
       178
       -
               system =

     

       178
       178
       +
               guestSystem =

     

       179
       179
        
                 if pkgs.stdenv.hostPlatform.isAarch64

     

       180
       180
       -
                 then "aarch64"

     

       181
       181
       -
                 else "x86_64";

     

       182
       182
       -
       

     

       183
       183
       -
               nixos-shell = pkgs.nixos-shell.overrideAttrs (old: {

     

       184
       184
       -
                 patches =

     

       185
       185
       -
                   (old.patches or [])

     

       186
       186
       -
                   ++ [

     

       187
       187
       -
                     # https://github.com/Mic92/nixos-shell/pull/94

     

       188
       188
       -
                     (pkgs.fetchpatch {

     

       189
       189
       -
                       name = "fix-foreign-vm.patch";

     

       190
       190
       -
                       url = "https://github.com/Mic92/nixos-shell/commit/113e4cc55ae236b5b0b1fbd8b321e9b67c77580e.patch";

     

       191
       191
       -
                       hash = "sha256-eauetBK0wXAOcd9PYbExokNCiwz2QyFnZ4FnwGi9VCo=";

     

       192
       192
       -
                     })

     

       193
       193
       -
                   ];

     

       194
       194
       -
               });

     

       180
       180
       +
                 then "aarch64-linux"

     

       181
       181
       +
                 else "x86_64-linux";

     

       195
       182
        
             in {

     

       196
       183
        
               type = "app";

     

       197
       197
       -
               program = toString (pkgs.writeShellScript "vm" ''

     

       198
       198
       -
                 ${nixos-shell}/bin/nixos-shell --flake .#vm-${system} --guest-system ${system}-linux

     

       199
       199
       -
               '');

     

       184
       184
       +
               program =

     

       185
       185
       +
                 (pkgs.writeShellApplication {

     

       186
       186
       +
                   name = "launch-vm";

     

       187
       187
       +
                   text = ''

     

       188
       188
       +
                     rootDir=$(jj --ignore-working-copy root || git rev-parse --show-toplevel) || (echo "error: can't find repo root?"; exit 1)

     

       189
       189
       +
                     cd "$rootDir"

     

       190
       190
       +
       

     

       191
       191
       +
                     mkdir -p nix/vm-data/{knot,repos,spindle,spindle-logs}

     

       192
       192
       +
       

     

       193
       193
       +
                     export TANGLED_VM_DATA_DIR="$rootDir/nix/vm-data"

     

       194
       194
       +
                     exec ${pkgs.lib.getExe

     

       195
       195
       +
                       (import ./nix/vm.nix {

     

       196
       196
       +
                         inherit nixpkgs self;

     

       197
       197
       +
                         system = guestSystem;

     

       198
       198
       +
                         hostSystem = system;

     

       199
       199
       +
                       }).config.system.build.vm}

     

       200
       200
       +
                   '';

     

       201
       201
       +
                 })

     

       202
       202
       +
                 + /bin/launch-vm;

     

       200
       203
        
             };

     

       201
       204
        
             gomod2nix = {

     

       202
       205
        
               type = "app";

     
···

       258
       261
        
       

     

       259
       262
        
             services.tangled-spindle.package = lib.mkDefault self.packages.${pkgs.system}.spindle;

     

       260
       263
        
           };

     

       261
       261
       -
           nixosConfigurations.vm-x86_64 = import ./nix/vm.nix {

     

       262
       262
       -
             inherit self nixpkgs;

     

       263
       263
       -
             system = "x86_64-linux";

     

       264
       264
       -
           };

     

       265
       265
       -
           nixosConfigurations.vm-aarch64 = import ./nix/vm.nix {

     

       266
       266
       -
             inherit self nixpkgs;

     

       267
       267
       -
             system = "aarch64-linux";

     

       268
       268
       -
           };

     

       269
       264
        
         };

     

       270
       265
        
       }

+52 -16

nix/vm.nix

···

       1
       1
        
       {

     

       2
       2
        
         nixpkgs,

     

       3
       3
        
         system,

     

       4
       4
       +
         hostSystem,

     

       4
       5
        
         self,

     

       5
       6
        
       }: let

     

       6
       7
        
         envVar = name: let

     
···

       16
       17
        
             self.nixosModules.knot

     

       17
       18
        
             self.nixosModules.spindle

     

       18
       19
        
             ({

     

       20
       20
       +
               lib,

     

       19
       21
        
               config,

     

       20
       22
        
               pkgs,

     

       21
       23
        
               ...

     

       22
       24
        
             }: {

     

       23
       23
       -
               nixos-shell = {

     

       24
       24
       -
                 inheritPath = false;

     

       25
       25
       -
                 mounts = {

     

       26
       26
       -
                   mountHome = false;

     

       27
       27
       -
                   mountNixProfile = false;

     

       28
       28
       -
                 };

     

       29
       29
       -
               };

     

       30
       30
       -
               virtualisation = {

     

       25
       25
       +
               virtualisation.vmVariant.virtualisation = {

     

       26
       26
       +
                 host.pkgs = import nixpkgs {system = hostSystem;};

     

       27
       27
       +
       

     

       28
       28
       +
                 graphics = false;

     

       31
       29
        
                 memorySize = 2048;

     

       32
       30
        
                 diskSize = 10 * 1024;

     

       33
       31
        
                 cores = 2;

     
···

       51
       49
        
                     guest.port = 6555;

     

       52
       50
        
                   }

     

       53
       51
        
                 ];

     

       52
       52
       +
                 sharedDirectories = {

     

       53
       53
       +
                   # We can't use the 9p mounts directly for most of these

     

       54
       54
       +
                   # as SQLite is incompatible with them. So instead we

     

       55
       55
       +
                   # mount the shared directories to a different location

     

       56
       56
       +
                   # and copy the contents around on service start/stop.

     

       57
       57
       +
                   knotData = {

     

       58
       58
       +
                     source = "$TANGLED_VM_DATA_DIR/knot";

     

       59
       59
       +
                     target = "/mnt/knot-data";

     

       60
       60
       +
                   };

     

       61
       61
       +
                   spindleData = {

     

       62
       62
       +
                     source = "$TANGLED_VM_DATA_DIR/spindle";

     

       63
       63
       +
                     target = "/mnt/spindle-data";

     

       64
       64
       +
                   };

     

       65
       65
       +
                   spindleLogs = {

     

       66
       66
       +
                     source = "$TANGLED_VM_DATA_DIR/spindle-logs";

     

       67
       67
       +
                     target = "/var/log/spindle";

     

       68
       68
       +
                   };

     

       69
       69
       +
                 };

     

       54
       70
        
               };

     

       55
       71
        
               services.getty.autologinUser = "root";

     

       56
       72
        
               environment.systemPackages = with pkgs; [curl vim git sqlite litecli];

     

       57
       57
       -
               systemd.tmpfiles.rules = let

     

       58
       58
       -
                 u = config.services.tangled-knot.gitUser;

     

       59
       59
       -
                 g = config.services.tangled-knot.gitUser;

     

       60
       60
       -
               in [

     

       61
       61
       -
                 "d /var/lib/knot 0770 ${u} ${g} - -" # Create the directory first

     

       62
       62
       -
                 "f+ /var/lib/knot/secret 0660 ${u} ${g} - KNOT_SERVER_SECRET=${envVar "TANGLED_VM_KNOT_SECRET"}"

     

       63
       63
       -
               ];

     

       64
       73
        
               services.tangled-knot = {

     

       65
       74
        
                 enable = true;

     

       66
       75
        
                 motd = "Welcome to the development knot!\n";

     

       67
       76
        
                 server = {

     

       68
       68
       -
                   secretFile = "/var/lib/knot/secret";

     

       77
       77
       +
                   secretFile = builtins.toFile "knot-secret" ("KNOT_SERVER_SECRET=" + (envVar "TANGLED_VM_KNOT_SECRET"));

     

       69
       78
        
                   hostname = "localhost:6000";

     

       70
       79
        
                   listenAddr = "0.0.0.0:6000";

     

       71
       80
        
                 };

     
···

       82
       91
        
                   };

     

       83
       92
        
                 };

     

       84
       93
        
               };

     

       94
       94
       +
               users = {

     

       95
       95
       +
                 # So we don't have to deal with permission clashing between

     

       96
       96
       +
                 # blank disk VMs and existing state

     

       97
       97
       +
                 users.${config.services.tangled-knot.gitUser}.uid = 666;

     

       98
       98
       +
                 groups.${config.services.tangled-knot.gitUser}.gid = 666;

     

       99
       99
       +
       

     

       100
       100
       +
                 # TODO: separate spindle user

     

       101
       101
       +
               };

     

       102
       102
       +
               systemd.services = let

     

       103
       103
       +
                 mkDataSyncScripts = source: target: {

     

       104
       104
       +
                   enableStrictShellChecks = true;

     

       105
       105
       +
       

     

       106
       106
       +
                   preStart = lib.mkBefore ''

     

       107
       107
       +
                     mkdir -p ${target}

     

       108
       108
       +
                     ${lib.getExe pkgs.rsync} -a ${source}/ ${target}

     

       109
       109
       +
                   '';

     

       110
       110
       +
       

     

       111
       111
       +
                   postStop = lib.mkAfter ''

     

       112
       112
       +
                     ${lib.getExe pkgs.rsync} -a ${target}/ ${source}

     

       113
       113
       +
                   '';

     

       114
       114
       +
       

     

       115
       115
       +
                   serviceConfig.PermissionsStartOnly = true;

     

       116
       116
       +
                 };

     

       117
       117
       +
               in {

     

       118
       118
       +
                 knot = mkDataSyncScripts "/mnt/knot-data" config.services.tangled-knot.stateDir;

     

       119
       119
       +
                 spindle = mkDataSyncScripts "/mnt/spindle-data" (builtins.dirOf config.services.tangled-spindle.server.dbPath);

     

       120
       120
       +
               };

     

       85
       121
        
             })

     

       86
       122
        
           ];

     

       87
       123
        
         }