sercanto/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

tasks.py: remove format_disks, nixos_install, setup_secret

Browse source
This commit is contained in:
zowoq 2023-02-07 11:14:56 +10:00
parent 0d290748d3
commit 4673b5c485
1 changed files with 1 additions and 103 deletions

104
tasks.py
View file

@ -5,7 +5,7 @@ import os
import subprocess import subprocess
import sys import sys
from pathlib import Path from pathlib import Path
from typing import Any, List from typing import List
from deploykit import DeployGroup, DeployHost from deploykit import DeployGroup, DeployHost
from invoke import task from invoke import task
@ -38,66 +38,6 @@ def deploy_nixos(hosts: List[DeployHost]) -> None:
g.run_function(deploy) g.run_function(deploy)
def sfdisk_json(host: DeployHost, dev: str) -> List[Any]:
out = host.run(f"sfdisk --json {dev}", stdout=subprocess.PIPE)
data = json.loads(out.stdout)
return data["partitiontable"]["partitions"]
def _format_disks(host: DeployHost, devices: List[str]) -> None:
assert (
len(devices) == 1 or len(devices) == 2
), "we only support single devices or mirror raids at the moment"
# format disk with as follow:
# - partition 1 will be the boot partition, needed for legacy (BIOS) boot
# - partition 2 is for boot partition
# - partition 3 takes up the rest of the space and is for the system
for device in devices:
host.run(
f"sgdisk -Z -n 1:2048:4095 -n 2:4096:+2G -N 3 -t 1:ef02 -t 2:8304 -t 3:8304 {device}"
)
# create mdadm raid for /boot with ext4
if len(devices) == 2:
boot_parts = []
root_parts = []
for dev in devices:
# use partuuids as they are more stable than device names
partitions = sfdisk_json(host, dev)
boot_parts.append(partitions[1]["node"])
root_parts.append(f"/dev/disk/by-partuuid/{partitions[2]['uuid'].lower()}")
host.run(
f"mdadm --create --verbose /dev/md127 --raid-devices=2 --level=1 {' '.join(boot_parts)}"
)
host.run(
f"zpool create zroot -O acltype=posixacl -O xattr=sa -O compression=lz4 mirror {' '.join(root_parts)}"
)
boot = "/dev/md127"
else:
partitions = sfdisk_json(host, devices[0])
boot = partitions[1]["node"]
uuid = partitions[2]["uuid"].lower()
root_part = f"/dev/disk/by-partuuid/{uuid}"
host.run(
f"zpool create zroot -O acltype=posixacl -O xattr=sa -O compression=lz4 -O atime=off {root_part}"
)
host.run("partprobe")
host.run(f"mkfs.ext4 -F {boot}")
# setup zfs dataset
host.run("zfs create -o mountpoint=none zroot/root")
host.run("zfs create -o mountpoint=legacy zroot/root/nixos")
host.run("zfs create -o mountpoint=legacy zroot/root/home")
## and finally mount
host.run("mount -t zfs zroot/root/nixos /mnt")
host.run("mkdir /mnt/home /mnt/boot")
host.run("mount -t zfs zroot/root/home /mnt/home")
host.run("mount -t ext4 /dev/md127 /mnt/boot")
@task @task
def update_hound_repos(c): def update_hound_repos(c):
""" """
@ -218,48 +158,6 @@ git commit --amend -m "${commit}" -m "Terraform updates:" -m "${diff}"
) )
@task
def format_disks(c, hosts="", disks=""):
"""
Format disks with zfs, i.e.: inv format-disks --hosts build02 --disks /dev/nvme0n1,/dev/nvme1n1
"""
for h in get_hosts(hosts):
_format_disks(h, disks.split(","))
@task
def setup_secret(c, hosts=""):
"""
Setup SSH key and print age key for sops-nix
"""
for h in get_hosts(hosts):
h.run(
"install -m600 -D /etc/ssh/ssh_host_rsa_key /mnt/etc/ssh/ssh_host_rsa_key"
)
h.run(
"install -m600 -D /etc/ssh/ssh_host_ed25519_key /mnt/etc/ssh/ssh_host_ed25519_key"
)
print(h.host)
h.run(
"nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'"
)
@task
def nixos_install(c, hosts=""):
"""
Run NixOS install
"""
for h in get_hosts(hosts):
h.run(
"nix-shell -p git --run 'git clone https://github.com/nix-community/infra && cd infra && nix-shell'"
)
hostname = h.host.replace(".nix-community.org", "")
h.run(
f"cd /root/infra && nixos-install --system $(nix-build -A {hostname}-system)"
)
def get_hosts(hosts: str) -> List[DeployHost]: def get_hosts(hosts: str) -> List[DeployHost]:
if hosts == "": if hosts == "":
return [ return [