From fa49c13513ae5ab66157c634de244fdcf0a6cc1d Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Tue, 29 Nov 2022 13:01:46 +0100 Subject: Works better and better, write some examples --- nix2/driver.go | 39 +++++++++++++++++++++++++++++++++++---- nix2/nix.go | 14 ++++++-------- 2 files changed, 41 insertions(+), 12 deletions(-) (limited to 'nix2') diff --git a/nix2/driver.go b/nix2/driver.go index 833e515..610baab 100644 --- a/nix2/driver.go +++ b/nix2/driver.go @@ -68,6 +68,10 @@ var ( hclspec.NewAttr("default_ipc_mode", "string", false), hclspec.NewLiteral(`"private"`), ), + "default_nixpkgs": hclspec.NewDefault( + hclspec.NewAttr("default_nixpkgs", "string", false), + hclspec.NewLiteral(`"github:nixos/nixpkgs/nixos-22.05"`), + ), "allow_caps": hclspec.NewDefault( hclspec.NewAttr("allow_caps", "list(string)", false), hclspec.NewLiteral(capabilities.HCLSpecLiteral), @@ -89,6 +93,7 @@ var ( "ipc_mode": hclspec.NewAttr("ipc_mode", "string", false), "cap_add": hclspec.NewAttr("cap_add", "list(string)", false), "cap_drop": hclspec.NewAttr("cap_drop", "list(string)", false), + "nixpkgs": hclspec.NewAttr("nixpkgs", "string", false), "packages": hclspec.NewAttr("packages", "list(string)", false), }) @@ -153,6 +158,9 @@ type Config struct { // exec-based task drivers. DefaultModeIPC string `codec:"default_ipc_mode"` + // Nixpkgs flake to use + DefaultNixpkgs string `codec:"default_nixpkgs"` + // AllowCaps configures which Linux Capabilities are enabled for tasks // running on this node. AllowCaps []string `codec:"allow_caps"` @@ -204,6 +212,9 @@ type TaskConfig struct { // Must be "private" or "host" if set. ModeIPC string `codec:"ipc_mode"` + // Nixpkgs flake to use + Nixpkgs string `codec:"nixpkgs"` + // CapAdd is a set of linux capabilities to enable. CapAdd []string `codec:"cap_add"` @@ -488,7 +499,19 @@ func (d *Driver) StartTask(cfg *drivers.TaskConfig) (*drivers.TaskHandle, *drive user := cfg.User if user == "" { - user = "0" + user = "nobody" + } + + // Determine the nixpkgs version to use. + nixpkgs := driverConfig.Nixpkgs + if nixpkgs == "" { + nixpkgs = d.config.DefaultNixpkgs + } + // Use that repo for all packages not specified from a flake already. + for i := range driverConfig.Packages { + if !strings.Contains(driverConfig.Packages[i], "#") { + driverConfig.Packages[i] = nixpkgs + "#" + driverConfig.Packages[i] + } } // Prepare NixOS packages and setup a bunch of read-only mounts @@ -498,19 +521,27 @@ func (d *Driver) StartTask(cfg *drivers.TaskConfig) (*drivers.TaskHandle, *drive AllocID: cfg.AllocID, TaskName: cfg.Name, Timestamp: time.Now(), - Message: "Building Nix packages and preparing NixOS state", + Message: fmt.Sprintf( + "Building Nix packages and preparing NixOS state (using nixpkgs from flake: %s)", + nixpkgs, + ), Annotations: map[string]string{ "packages": strings.Join(driverConfig.Packages, " "), }, }) taskDirs := cfg.TaskDir() - systemMounts, err := prepareNixPackages(taskDirs.Dir, driverConfig.Packages) + systemMounts, err := prepareNixPackages(taskDirs.Dir, driverConfig.Packages, nixpkgs) if err != nil { return nil, nil, err } // Some files are necessary and should be taken from outside if not present already - for _, f := range []string{ "/etc/resolv.conf", "/etc/passwd", "/etc/nsswitch.conf" } { + etcpaths := []string{ + "/etc/nsswitch.conf", // Necessary for most things + "/etc/passwd", // Necessary for username/UID lookup + "/etc/resolv.conf", // Necessary for DNS resolution + } + for _, f := range etcpaths { if _, ok := systemMounts[f]; !ok { systemMounts[f] = f } diff --git a/nix2/nix.go b/nix2/nix.go index 7a86934..5b94065 100644 --- a/nix2/nix.go +++ b/nix2/nix.go @@ -2,11 +2,11 @@ package nix2 import ( "bytes" - "path/filepath" "encoding/json" "fmt" "os" "os/exec" + "path/filepath" "github.com/hashicorp/nomad/helper/pluginutils/hclutils" ) @@ -15,13 +15,13 @@ const ( closureNix = ` { path }: let - nixpkgs = builtins.getFlake "github:nixos/nixpkgs/nixos-22.05"; + nixpkgs = builtins.getFlake "%s"; inherit (nixpkgs.legacyPackages.x86_64-linux) buildPackages; in buildPackages.closureInfo { rootPaths = builtins.storePath path; } ` ) -func prepareNixPackages(taskDir string, packages []string) (hclutils.MapStrStr, error) { +func prepareNixPackages(taskDir string, packages []string, nixpkgs string) (hclutils.MapStrStr, error) { mounts := make(hclutils.MapStrStr) profileLink := filepath.Join(taskDir, "current-profile") @@ -31,7 +31,7 @@ func prepareNixPackages(taskDir string, packages []string) (hclutils.MapStrStr, } closureLink := filepath.Join(taskDir, "current-closure") - closure, err := nixBuildClosure(profileLink, closureLink) + closure, err := nixBuildClosure(profileLink, closureLink, nixpkgs) if err != nil { return nil, fmt.Errorf("Build of the flakes failed: %v", err) } @@ -59,8 +59,6 @@ func prepareNixPackages(taskDir string, packages []string) (hclutils.MapStrStr, } } - mounts[filepath.Join(closure, "registration")] = "/registration" - requisites, err := nixRequisites(closure) if err != nil { return nil, fmt.Errorf("Couldn't determine flake requisites: %v", err) @@ -98,14 +96,14 @@ func nixBuildProfile(flakes []string, link string) (string, error) { } } -func nixBuildClosure(profile string, link string) (string, error) { +func nixBuildClosure(profile string, link string, nixpkgs string) (string, error) { cmd := exec.Command( "nix", "--extra-experimental-features", "nix-command", "--extra-experimental-features", "flakes", "build", "--out-link", link, - "--expr", closureNix, + "--expr", fmt.Sprintf(closureNix, nixpkgs), "--impure", "--no-write-lock-file", "--argstr", "path", profile) -- cgit v1.2.3