commit cc04dc016881b435ab9cffc569327295eab00909 · veryroundbird.house/core

+2 -1

.gitignore

···

       16
        
       *.rdb

     

       17
        
       .envrc

     

       18
        
       # Created if following hacking.md

     

       19
       -
       genjwks.out
     

       0

···

       16
        
       *.rdb

     

       17
        
       .envrc

     

       18
        
       # Created if following hacking.md

     

       19
       +
       genjwks.out

     

       20
       +
       /nix/vm-data

+4 -6

docs/hacking.md

···

       64
        
       You will also need to set the `$TANGLED_VM_SPINDLE_OWNER`

     

       65
        
       variable to some value. If you don't want to [set up a

     

       66
        
       spindle](#running-a-spindle), you can use any placeholder

     

       67
       -
       value. 

     

       68
        
       

     

       69
       -
       You can now start a lightweight NixOS VM using

     

       70
       -
       `nixos-shell` like so:

     

       71
        
       

     

       72
        
       ```bash

     

       73
       -
       nix run .#vm

     

       74
       -
       # or nixos-shell --flake .#vm

     

       75
        
       

     

       76
       -
       # hit Ctrl-a + c + q to exit the VM

     

       77
        
       ```

     

       78
        
       

     

       79
        
       This starts a knot on port 6000, a spindle on port 6555

···

       64
        
       You will also need to set the `$TANGLED_VM_SPINDLE_OWNER`

     

       65
        
       variable to some value. If you don't want to [set up a

     

       66
        
       spindle](#running-a-spindle), you can use any placeholder

     

       67
       +
       value.

     

       68
        
       

     

       69
       +
       You can now start a lightweight NixOS VM like so:

     

       0
        
       
     

       70
        
       

     

       71
        
       ```bash

     

       72
       +
       nix run --impure .#vm

     

       0
        
       
     

       73
        
       

     

       74
       +
       # type `poweroff` at the shell to exit the VM

     

       75
        
       ```

     

       76
        
       

     

       77
        
       This starts a knot on port 6000, a spindle on port 6555

+22 -27

flake.nix

···

       175
        
               program = ''${tailwind-watcher}/bin/run'';

     

       176
        
             };

     

       177
        
             vm = let

     

       178
       -
               system =

     

       179
        
                 if pkgs.stdenv.hostPlatform.isAarch64

     

       180
       -
                 then "aarch64"

     

       181
       -
                 else "x86_64";

     

       182
       -
       

     

       183
       -
               nixos-shell = pkgs.nixos-shell.overrideAttrs (old: {

     

       184
       -
                 patches =

     

       185
       -
                   (old.patches or [])

     

       186
       -
                   ++ [

     

       187
       -
                     # https://github.com/Mic92/nixos-shell/pull/94

     

       188
       -
                     (pkgs.fetchpatch {

     

       189
       -
                       name = "fix-foreign-vm.patch";

     

       190
       -
                       url = "https://github.com/Mic92/nixos-shell/commit/113e4cc55ae236b5b0b1fbd8b321e9b67c77580e.patch";

     

       191
       -
                       hash = "sha256-eauetBK0wXAOcd9PYbExokNCiwz2QyFnZ4FnwGi9VCo=";

     

       192
       -
                     })

     

       193
       -
                   ];

     

       194
       -
               });

     

       195
        
             in {

     

       196
        
               type = "app";

     

       197
       -
               program = toString (pkgs.writeShellScript "vm" ''

     

       198
       -
                 ${nixos-shell}/bin/nixos-shell --flake .#vm-${system} --guest-system ${system}-linux

     

       199
       -
               '');

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       200
        
             };

     

       201
        
             gomod2nix = {

     

       202
        
               type = "app";

     
···

       257
        
             imports = [./nix/modules/spindle.nix];

     

       258
        
       

     

       259
        
             services.tangled-spindle.package = lib.mkDefault self.packages.${pkgs.system}.spindle;

     

       260
       -
           };

     

       261
       -
           nixosConfigurations.vm-x86_64 = import ./nix/vm.nix {

     

       262
       -
             inherit self nixpkgs;

     

       263
       -
             system = "x86_64-linux";

     

       264
       -
           };

     

       265
       -
           nixosConfigurations.vm-aarch64 = import ./nix/vm.nix {

     

       266
       -
             inherit self nixpkgs;

     

       267
       -
             system = "aarch64-linux";

     

       268
        
           };

     

       269
        
         };

     

       270
        
       }

···

       175
        
               program = ''${tailwind-watcher}/bin/run'';

     

       176
        
             };

     

       177
        
             vm = let

     

       178
       +
               guestSystem =

     

       179
        
                 if pkgs.stdenv.hostPlatform.isAarch64

     

       180
       +
                 then "aarch64-linux"

     

       181
       +
                 else "x86_64-linux";

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       182
        
             in {

     

       183
        
               type = "app";

     

       184
       +
               program =

     

       185
       +
                 (pkgs.writeShellApplication {

     

       186
       +
                   name = "launch-vm";

     

       187
       +
                   text = ''

     

       188
       +
                     rootDir=$(jj --ignore-working-copy root || git rev-parse --show-toplevel) || (echo "error: can't find repo root?"; exit 1)

     

       189
       +
                     cd "$rootDir"

     

       190
       +
       

     

       191
       +
                     mkdir -p nix/vm-data/{knot,repos,spindle,spindle-logs}

     

       192
       +
       

     

       193
       +
                     export TANGLED_VM_DATA_DIR="$rootDir/nix/vm-data"

     

       194
       +
                     exec ${pkgs.lib.getExe

     

       195
       +
                       (import ./nix/vm.nix {

     

       196
       +
                         inherit nixpkgs self;

     

       197
       +
                         system = guestSystem;

     

       198
       +
                         hostSystem = system;

     

       199
       +
                       }).config.system.build.vm}

     

       200
       +
                   '';

     

       201
       +
                 })

     

       202
       +
                 + /bin/launch-vm;

     

       203
        
             };

     

       204
        
             gomod2nix = {

     

       205
        
               type = "app";

     
···

       260
        
             imports = [./nix/modules/spindle.nix];

     

       261
        
       

     

       262
        
             services.tangled-spindle.package = lib.mkDefault self.packages.${pkgs.system}.spindle;

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       263
        
           };

     

       264
        
         };

     

       265
        
       }

+54 -16

nix/vm.nix

···

       1
        
       {

     

       2
        
         nixpkgs,

     

       3
        
         system,

     

       0
        
       
     

       4
        
         self,

     

       5
        
       }: let

     

       6
        
         envVar = name: let

     
···

       16
        
             self.nixosModules.knot

     

       17
        
             self.nixosModules.spindle

     

       18
        
             ({

     

       0
        
       
     

       19
        
               config,

     

       20
        
               pkgs,

     

       21
        
               ...

     

       22
        
             }: {

     

       23
       -
               nixos-shell = {

     

       24
       -
                 inheritPath = false;

     

       25
       -
                 mounts = {

     

       26
       -
                   mountHome = false;

     

       27
       -
                   mountNixProfile = false;

     

       28
       -
                 };

     

       29
       -
               };

     

       30
       -
               virtualisation = {

     

       31
        
                 memorySize = 2048;

     

       32
        
                 diskSize = 10 * 1024;

     

       33
        
                 cores = 2;

     
···

       51
        
                     guest.port = 6555;

     

       52
        
                   }

     

       53
        
                 ];

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       54
        
               };

     

       0
        
       
     

       0
        
       
     

       55
        
               services.getty.autologinUser = "root";

     

       56
        
               environment.systemPackages = with pkgs; [curl vim git sqlite litecli];

     

       57
       -
               systemd.tmpfiles.rules = let

     

       58
       -
                 u = config.services.tangled-knot.gitUser;

     

       59
       -
                 g = config.services.tangled-knot.gitUser;

     

       60
       -
               in [

     

       61
       -
                 "d /var/lib/knot 0770 ${u} ${g} - -" # Create the directory first

     

       62
       -
                 "f+ /var/lib/knot/secret 0660 ${u} ${g} - KNOT_SERVER_SECRET=${envVar "TANGLED_VM_KNOT_SECRET"}"

     

       63
       -
               ];

     

       64
        
               services.tangled-knot = {

     

       65
        
                 enable = true;

     

       66
        
                 motd = "Welcome to the development knot!\n";

     

       67
        
                 server = {

     

       68
       -
                   secretFile = "/var/lib/knot/secret";

     

       69
        
                   hostname = "localhost:6000";

     

       70
        
                   listenAddr = "0.0.0.0:6000";

     

       71
        
                 };

     
···

       81
        
                     provider = "sqlite";

     

       82
        
                   };

     

       83
        
                 };

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       84
        
               };

     

       85
        
             })

     

       86
        
           ];

···

       1
        
       {

     

       2
        
         nixpkgs,

     

       3
        
         system,

     

       4
       +
         hostSystem,

     

       5
        
         self,

     

       6
        
       }: let

     

       7
        
         envVar = name: let

     
···

       17
        
             self.nixosModules.knot

     

       18
        
             self.nixosModules.spindle

     

       19
        
             ({

     

       20
       +
               lib,

     

       21
        
               config,

     

       22
        
               pkgs,

     

       23
        
               ...

     

       24
        
             }: {

     

       25
       +
               virtualisation.vmVariant.virtualisation = {

     

       26
       +
                 host.pkgs = import nixpkgs {system = hostSystem;};

     

       27
       +
       

     

       28
       +
                 graphics = false;

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       29
        
                 memorySize = 2048;

     

       30
        
                 diskSize = 10 * 1024;

     

       31
        
                 cores = 2;

     
···

       49
        
                     guest.port = 6555;

     

       50
        
                   }

     

       51
        
                 ];

     

       52
       +
                 sharedDirectories = {

     

       53
       +
                   # We can't use the 9p mounts directly for most of these

     

       54
       +
                   # as SQLite is incompatible with them. So instead we

     

       55
       +
                   # mount the shared directories to a different location

     

       56
       +
                   # and copy the contents around on service start/stop.

     

       57
       +
                   knotData = {

     

       58
       +
                     source = "$TANGLED_VM_DATA_DIR/knot";

     

       59
       +
                     target = "/mnt/knot-data";

     

       60
       +
                   };

     

       61
       +
                   spindleData = {

     

       62
       +
                     source = "$TANGLED_VM_DATA_DIR/spindle";

     

       63
       +
                     target = "/mnt/spindle-data";

     

       64
       +
                   };

     

       65
       +
                   spindleLogs = {

     

       66
       +
                     source = "$TANGLED_VM_DATA_DIR/spindle-logs";

     

       67
       +
                     target = "/var/log/spindle";

     

       68
       +
                   };

     

       69
       +
                 };

     

       70
        
               };

     

       71
       +
               # This is fine because any and all ports that are forwarded to host are explicitly marked above, we don't need a separate guest firewall

     

       72
       +
               networking.firewall.enable = false;

     

       73
        
               services.getty.autologinUser = "root";

     

       74
        
               environment.systemPackages = with pkgs; [curl vim git sqlite litecli];

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       75
        
               services.tangled-knot = {

     

       76
        
                 enable = true;

     

       77
        
                 motd = "Welcome to the development knot!\n";

     

       78
        
                 server = {

     

       79
       +
                   secretFile = builtins.toFile "knot-secret" ("KNOT_SERVER_SECRET=" + (envVar "TANGLED_VM_KNOT_SECRET"));

     

       80
        
                   hostname = "localhost:6000";

     

       81
        
                   listenAddr = "0.0.0.0:6000";

     

       82
        
                 };

     
···

       92
        
                     provider = "sqlite";

     

       93
        
                   };

     

       94
        
                 };

     

       95
       +
               };

     

       96
       +
               users = {

     

       97
       +
                 # So we don't have to deal with permission clashing between

     

       98
       +
                 # blank disk VMs and existing state

     

       99
       +
                 users.${config.services.tangled-knot.gitUser}.uid = 666;

     

       100
       +
                 groups.${config.services.tangled-knot.gitUser}.gid = 666;

     

       101
       +
       

     

       102
       +
                 # TODO: separate spindle user

     

       103
       +
               };

     

       104
       +
               systemd.services = let

     

       105
       +
                 mkDataSyncScripts = source: target: {

     

       106
       +
                   enableStrictShellChecks = true;

     

       107
       +
       

     

       108
       +
                   preStart = lib.mkBefore ''

     

       109
       +
                     mkdir -p ${target}

     

       110
       +
                     ${lib.getExe pkgs.rsync} -a ${source}/ ${target}

     

       111
       +
                   '';

     

       112
       +
       

     

       113
       +
                   postStop = lib.mkAfter ''

     

       114
       +
                     ${lib.getExe pkgs.rsync} -a ${target}/ ${source}

     

       115
       +
                   '';

     

       116
       +
       

     

       117
       +
                   serviceConfig.PermissionsStartOnly = true;

     

       118
       +
                 };

     

       119
       +
               in {

     

       120
       +
                 knot = mkDataSyncScripts "/mnt/knot-data" config.services.tangled-knot.stateDir;

     

       121
       +
                 spindle = mkDataSyncScripts "/mnt/spindle-data" (builtins.dirOf config.services.tangled-spindle.server.dbPath);

     

       122
        
               };

     

       123
        
             })

     

       124
        
           ];