Merge pull request #119856 from ilian/oci-image

#! /usr/bin/env bash

set -euo pipefail

export NIX_PATH=nixpkgs=$(dirname $(readlink -f $0))/../../../..

export NIXOS_CONFIG=$(dirname $(readlink -f $0))/../../../modules/virtualisation/oci-image.nix

if (( $# < 1 )); then

    (

    echo "Usage: create-image.sh <architecture>"

    echo

    echo "Where <architecture> is one of:"

    echo "  x86_64-linux"

    echo "  aarch64-linux"

    ) >&2

fi

system="$1"; shift

nix-build '<nixpkgs/nixos>' \

    -A config.system.build.OCIImage \

    --argstr system "$system" \

    --option system-features kvm \

    -o oci-image

#! /usr/bin/env bash

set -euo pipefail

script_dir="$(dirname $(readlink -f $0))"

nixpkgs_root="$script_dir/../../../.."

export NIX_PATH="nixpkgs=$nixpkgs_root"

cat - <<EOF

This script will locally build a NixOS image and upload it as a Custom Image

using oci-cli. Make sure that an API key for the tenancy administrator has been

added to '~/.oci'.

For more info about configuring oci-cli, please visit

https://docs.cloud.oracle.com/iaas/Content/API/Concepts/apisigningkey.htm#Required_Keys_and_OCIDs

EOF

qcow="oci-image/nixos.qcow2"

if [ ! -f "$qcow" ]; then

    echo "OCI image $qcow does not exist"

    echo "Building image with create-image.sh for 'x86_64-linux'"

    "$script_dir/create-image.sh" x86_64-linux

    [ -f "$qcow" ] || { echo "Build failed: image not present after build"; exit 1; }

else

    echo "Using prebuilt image $qcow"

fi

cli="$(

  nix-build '<nixpkgs>' \

    --no-out-link \

    -A oci-cli

)"

PATH="$cli/bin:$PATH"

bucket="_TEMP_NIXOS_IMAGES_$RANDOM"

echo "Creating a temporary bucket"

root_ocid="$(

  oci iam compartment list \

  --all \

  --compartment-id-in-subtree true \

  --access-level ACCESSIBLE \

  --include-root \

  --raw-output \

  --query "data[?contains(\"id\",'tenancy')].id | [0]"

)"

bucket_ocid=$(

  oci os bucket create \

    -c "$root_ocid" \

    --name "$bucket" \

    --raw-output \

    --query "data.id"

)

# Clean up bucket on script termination

trap 'echo Removing temporary bucket; oci os bucket delete --force --name "$bucket"' INT TERM EXIT

echo "Uploading image to temporary bucket"

oci os object put -bn "$bucket" --file "$qcow"

echo "Importing image as a Custom Image"

bucket_ns="$(oci os ns get --query "data" --raw-output)"

image_id="$(

  oci compute image import from-object \

    -c "$root_ocid" \

    --namespace "$bucket_ns" \

    --bucket-name "$bucket" \

    --name nixos.qcow2 \

    --operating-system NixOS \

    --source-image-type QCOW2 \

    --launch-mode PARAVIRTUALIZED \

    --display-name NixOS \

    --raw-output \

    --query "data.id"

)"

cat - <<EOF

Image created! Please mark all available shapes as compatible with this image by

visiting the following link and by selecting the 'Edit Details' button on:

https://cloud.oracle.com/compute/images/$image_id

EOF

# Workaround until https://github.com/oracle/oci-cli/issues/399 is addressed

echo "Sleeping for 15 minutes before cleaning up files in the temporary bucket"

sleep $((15 * 60))

echo "Deleting image from bucket"

par_id="$(

  oci os preauth-request list \

    --bucket-name "$bucket" \

    --raw-output \

    --query "data[0].id"

)"

if [[ -n $par_id ]]; then

  oci os preauth-request delete \

    --bucket-name "$bucket" \

    --par-id "$par_id"

fi

oci os object delete -bn "$bucket" --object-name nixos.qcow2 --force

  ./virtualisation/nixos-containers.nix

  ./virtualisation/oci-containers.nix

  ./virtualisation/openstack-options.nix

  ./virtualisation/oci-options.nix

  ./virtualisation/openvswitch.nix

  ./virtualisation/parallels-guest.nix

  ./virtualisation/podman/default.nix

{ config, lib, pkgs, ... }:

let

  cfg = config.oci;

in

{

  imports = [ ../profiles/qemu-guest.nix ];

  # Taken from /proc/cmdline of Ubuntu 20.04.2 LTS on OCI

  boot.kernelParams = [

    "nvme.shutdown_timeout=10"

    "nvme_core.shutdown_timeout=10"

    "libiscsi.debug_libiscsi_eh=1"

    "crash_kexec_post_notifiers"

    # VNC console

    "console=tty1"

    # x86_64-linux

    "console=ttyS0"

    # aarch64-linux

    "console=ttyAMA0,115200"

  ];

  boot.growPartition = true;

  fileSystems."/" = {

    device = "/dev/disk/by-label/nixos";

    fsType = "ext4";

    autoResize = true;

  };

  fileSystems."/boot" = lib.mkIf cfg.efi {

    device = "/dev/disk/by-label/ESP";

    fsType = "vfat";

  };

  boot.loader.efi.canTouchEfiVariables = false;

  boot.loader.grub = {

    device = if cfg.efi then "nodev" else "/dev/sda";

    splashImage = null;

    extraConfig = ''

      serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1

      terminal_input --append serial

      terminal_output --append serial

    '';

    efiInstallAsRemovable = cfg.efi;

    efiSupport = cfg.efi;

  };

  # https://docs.oracle.com/en-us/iaas/Content/Compute/Tasks/configuringntpservice.htm#Configuring_the_Oracle_Cloud_Infrastructure_NTP_Service_for_an_Instance

  networking.timeServers = [ "169.254.169.254" ];

  services.openssh.enable = true;

  # Otherwise the instance may not have a working network-online.target,

  # making the fetch-ssh-keys.service fail

  networking.useNetworkd = true;

}

{ modulesPath, ... }:

{

  # To build the configuration or use nix-env, you need to run

  # either nixos-rebuild --upgrade or nix-channel --update

  # to fetch the nixos channel.

  # This configures everything but bootstrap services,

  # which only need to be run once and have already finished

  # if you are able to see this comment.

  imports = [ "${modulesPath}/virtualisation/oci-common.nix" ];

}