fix tmpos on wsl, fix public webdav, add better tarball builder for wsl

2023-10-14 13:51:03 +01:00 · 2023-10-14 13:51:03 +01:00 · 13afaf15a4
parent cc38aac91f
commit 13afaf15a4
6 changed files with 66 additions and 2 deletions
--- a/hosts/hetzner-arm/containers/storage/default.nix
+++ b/hosts/hetzner-arm/containers/storage/default.nix
@ -69,6 +69,7 @@ in {
      "/Main/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_main}";
      "/Media/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_media}";
      "/MusicRO/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_music_ro}";
+      "/Public/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_public}";
      "/Uploads/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_uploads}";
    };
    extraConfig = ''
--- a/hosts/hetzner-arm/containers/storage/secrets.nix
+++ b/hosts/hetzner-arm/containers/storage/secrets.nix
@ -36,6 +36,7 @@
      "api-keys/data/storage/webdav/Main"
      "api-keys/data/storage/webdav/Media"
      "api-keys/data/storage/webdav/Public"
+      "api-keys/data/storage/webdav/Uploads"

      "private-public-keys/data/rclone/Chaos-Media-Crypt"
    ];
--- a/hosts/nixos.nix
+++ b/hosts/nixos.nix
@ -38,6 +38,7 @@
    tree.modules.nixos.rcloneSync
    tree.modules.nixos.secrets
    tree.modules.nixos.postgreSQLRemoteBackup
+    tree.modules.nixos.wslBuildTarballExt
  ];

  nixosUnstableSystem = nixpkgs-unstable.lib.nixosSystem;
--- a/modules/nixos/wslBuildTarballExt.nix
+++ b/modules/nixos/wslBuildTarballExt.nix
@ -0,0 +1,52 @@
+{ config, pkgs, lib, ... }: let
+  inherit (lib.modules) mkIf;
+  cfg = config.wsl;
+in
+{
+  config = mkIf cfg.enable {
+    system.build.tarballBuilderExt = pkgs.writeShellApplication {
+      name = "nixos-wsl-tarball-builder-ext";
+
+      runtimeInputs = with pkgs; [
+        coreutils
+        gnutar
+        zstd
+        nixos-install-tools
+        config.nix.package
+      ];
+
+      text = ''
+        if ! [ $EUID -eq 0 ]; then
+          echo "This script must be run as root!"
+          exit 1
+        fi
+
+        out=''${1:-nixos-wsl.tar.zst}
+
+        root=$(mktemp -p "''${TMPDIR:-/tmp}" -d nixos-wsl-tarball.XXXXXXXXXX)
+        # FIXME: fails in CI for some reason, but we don't really care because it's CI
+        trap 'rm -rf "$root" || true' INT TERM EXIT
+
+        chmod o+rx "$root"
+
+        echo "[NixOS-WSL] Installing..."
+        nixos-install \
+          --root "$root" \
+          --no-root-passwd \
+          --system ${config.system.build.toplevel} \
+          --substituters ""
+
+        echo "[NixOS-WSL] Compressing..."
+        tar -C "$root" \
+          -cz \
+          --sort=name \
+          --mtime='@1' \
+          --owner=0 \
+          --group=0 \
+          --numeric-owner \
+          . \
+          > "$out"
+      '';
+    };
+  };
+}
--- a/outputs.nix
+++ b/outputs.nix
@ -9,6 +9,10 @@
 in
  {
    nixosConfigurations = hosts.nixosConfigurations;
+
+    extras = {
+      wsl-tarball-builder = hosts.nixosConfigurations.wsl.config.system.build.tarballBuilderExt;
+    };
  }
  // (inputs.flake-utils.lib.eachDefaultSystem (
    system: let
--- a/profiles/base/boot.nix
+++ b/profiles/base/boot.nix
@ -1 +1,6 @@
-{...}: {boot.tmp.useTmpfs = true;}
+{config, ...}: {
+  boot.tmp.useTmpfs =
+    if config ? "wsl" && config.wsl.enable
+    then false
+    else true;
+}